System Administration Commands smmultiuser(1M)
NAME
smmultiuser - manage bulk operations on user accounts
SYNOPSIS
/usr/sadm/bin/smmultiuser subcommand [ auth_args] --
[subcommand_args]
DESCRIPTION
The smmultiuser command allows bulk operations on user
entries in the local /etc filesystem or an NIS name service, using either an input file or piped input. Note: Both inputfiles and piped input contain a cleartext (non-encrypted)
password for each new user entry. subcommandssmmultiuser subcommands are:
add Adds multiple user entries to the appropriate files. To add an entry, the administrator musthave the solaris.admin.usermgr.write authoriza-
tion. delete Deletes one or more user entries from the appropriate files. To delete an entry, the administrator must have the solaris.admin.usermgr.write authorization. modify Modifies existing user entries in the user account database. To modify an entry, the administratormust have the solaris.admin.usermgr.write authori-
zation. Here is the list of what can be modified using the modify subcommand: 1. UserName (only under certain conditions; see Note 2 in NOTES). 2. Password (only under certain conditions;see Note 3 in NOTES). To modify a pass-
word, the administrator must have the solaris.admin.usermgr.pswd authorization. 3. Description. 4. Primary Group ID. 5. Shell type. 6. FullName.SunOS 5.11 Last change: 11 Dec 2009 1
System Administration Commands smmultiuser(1M)
OPTIONSThe smmultiuser authentication arguments, auth_args, are
derived from the smc(1M) arg set and are the same regardlessof which subcommand you use. The smmultiuser command
requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first Solaris Management Console connection might time out, so you might need to retry the command.The subcommand-specific options, subcommand_args, must come
after the auth_args and must be separated from them by the
-- option.
auth_args
The valid auth_args are -D, -H, -l, -p, -r, --trust, and -u;
they are all optional. If no auth_args are specified, cer-
tain defaults will be assumed and the user may be promptedfor additional information, such as a password for authenti-
cation purposes. These letter options can also be specified by their equivalent option words preceded by a double dash.For example, you can use either -D or --domain.
-D | --domain 13;domain
Specifies the default domain that you want to manage.The syntax of domain is type:/host_name/domain_name,
where type is nis, dns, ldap, or file; host_name is the
name of the machine that serves the domain; anddomain_name is the name of the domain you want to
manage.If you do not specify this option, the Solaris Manage-
ment Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain ona tool-by-tool basis; this option specifies the domain
for all other tools.-H | --hostname 13;host_name:port
Specifies the host_name and port to which you want to
connect. If you do not specify a port, the system con-
nects to the default port, 898. If you do not specifyhost_name:port, the Solaris Management Console connects
to the local host on port 898. You may still have to choose a toolbox to load into the console. To overridethis behavior, use the smc(1M) -B option, or set your
console preferences to load a "home toolbox" by default.SunOS 5.11 Last change: 11 Dec 2009 2
System Administration Commands smmultiuser(1M)
-l | --rolepassword 13;role_password
Specifies the password for the role_name. If you specify
a role_name but do not specify a role_password, the sys-
tem prompts you to supply a role_password. Passwords
specified on the command line can be seen by any user on the system, hence this option is considered insecure.-p | --password 13;password
Specifies the password for the user_name. If you do not
specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.-r | --rolename 13;role_name
Specifies a role name for authentication. If you do not specify this option, no role is assumed.--trust
Trusts all downloaded code implicitly. Use this optionwhen running the terminal console non-interactively and
you cannot let the console wait for user input.If using piped input into any of the smmultiuser subcom-
mands, it will now be necessary to use the --trust
option with the -L logfile option. See EXAMPLES.
-u | --username 13;user_name
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.--
This option is required and must always follow the preceding options. If you do not enter the precedingoptions, you must still enter the -- option.
subcommand_args
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.SunOS 5.11 Last change: 11 Dec 2009 3
System Administration Commands smmultiuser(1M)
o For subcommand add:-h (Optional) Displays the command's
usage statement.-i input_file Specifies the input file contain-
ing the user account information. After the command is executed, the input file is removed. The input file must follow the /etc/passwd file format. If you do not specifythe -i input_file option, you must
include a piped_input operand
immediately before the command.See EXAMPLES.
-L logfile (Optional) Specifies the full
pathname to the text file that stores the command's success/failure data. Note: Thistext file is an ASCII-formatted
log file; it is different from and unrelated to the output of the normal logging mechanism that also occurs within the Log Viewer tool.The -L logfile option is used to
dump additional logging informa-
tion to a text file. o For subcommand delete:-h (Optional) Displays the command's
usage statement.-i input_file Specifies the input file contain-
ing the user account information. After the command is executed, the input file is removed. The input file must follow the /etc/passwd file format. If you do not specifythe -i input_file option, you must
include a piped_input operand
immediately before the command.See EXAMPLES.
SunOS 5.11 Last change: 11 Dec 2009 4
System Administration Commands smmultiuser(1M)
-L logfile (Optional) Specifies the full
pathname to the text file that stores the command's success/failure data. o For subcommand modify:-h (Optional) Displays the command's
usage statement.-i input_file Specifies the input file contain-
ing the user account information. After the command is executed, the input file is removed. The input file must follow the /etc/passwd file format. If you do not specifythe -i input_file option, you must
include a piped_input operand
immediately before the command.See EXAMPLES. Note: When modifying
passwords, use the piped input,since it is more secure than keep-
ing passwords in a file. See Note 1 in NOTES.-L logfile (Optional) Specifies the full
pathname to the text file that stores the command's success/failure data. OPERANDS The following operands are supported:piped_input You must include piped_input if you do not
specify an input_file. Include the piped
input immediately before the command. The piped input must follow the /etc/passwd fileformat. See EXAMPLES. Note: Use the --trust
option when using piped input with the -L
logfile option to avoid the user prompt from the Security Alert Manager, which normally asks the user whether the log file should becreated. Without the --trust option, the
piped input is improperly taken as the answer to the prompt before the user can answer "Y"SunOS 5.11 Last change: 11 Dec 2009 5
System Administration Commands smmultiuser(1M)
or "N", and the logging operation will prob-
ably fail.EXAMPLES
Example 1 Creating multiple user accounts The following reads in user account data from the /tmp/foo file and creates new user accounts on the local file system. The input file is formatted in the /etc/passwd format../smmultiuser add -H myhost -p mypasswd -u root -- -i /tmp/foo
Example 2 Deleting multiple user accounts The following reads in user account data from the /tmp/foo file and deletes the named user accounts from the local file system:./smmultiuser delete -H myhost -p mypasswd -u root -- -i /tmp/foo
Example 3 Creating a log file with piped inputThe following example shows the use of the smc(1M) --trust
option that is required when creating a log file. It is applicable to the delete and modify subcommands also.cat /tmp/users.txt | smmultiuser add --trust -- -L /tmp/mylog.txt
ENVIRONMENT VARIABLESSee environ(5) for a description of the JAVA_HOME environ-
ment variable, which affects the execution of the smprofile command. If this environment variable is not specified, the /usr/java location is used. See smc(1M). EXIT STATUS The following exit values are returned: 0 Successful completion.SunOS 5.11 Last change: 11 Dec 2009 6
System Administration Commands smmultiuser(1M)
1 Invalid command syntax. A usage message displays. 2 An error occurred while executing the command. An error message displays. FILES The following files are used by the smprofile command: /etc/passwd Contains the file format to use for theinput_file and piped_input. See passwd(4).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWmga ||_____________________________|_____________________________|
SEE ALSO
smc(1M), passwd(4), attributes(5), environ(5) NOTES 1. The file format used by both the add and modify subcommands is the /etc/passwd format. But there is an allowance for a mutated version of this file format that contains an extra field at the end of each line to be used for the Full Name. If the extra field is appended to the end of each line, it will be used for the Full Name value, but if it isomitted, it will be assumed that no FullName modif-
ication is being done. The extra field is separated with a colon (:), just like all the other fields. Example of regulation /etc/passwd entry: rick2:x:101:10:description1:/home/rick2:/bin/sh Example of /etc/passwd variant entry:rick2:x:101:10:description1:/home/rick2:/bin/sh:Ricks_fullname
SunOS 5.11 Last change: 11 Dec 2009 7
System Administration Commands smmultiuser(1M)
2. The modifies are all done based on lookups of the user name in the user tables. If a user name can not be found in this lookup, a secondary check will be made to see if the uid and FullName can be found in the user tables. If they are both found, assume that a user rename has occurred. If neither can be found, assume that the user account does not exist and cannot be modified. 3. If no password is supplied, assume that there is no change to the password information. If a passwordis being changed, it should be supplied in clear-
text as piped input, although this is not required. The password can be supplied in the input file also. Once read in, the password will be changed accordingly.SunOS 5.11 Last change: 11 Dec 2009 8