Managing Users and Groups with admintool

Managing Users and Groups with admintool

So far, we have only examined user and group administration by using command-line tools, such as useradd and groupadd. Fortunately, Solaris also provides an easy to use administrative interface for adding users and groups to the system called admintool. The admintool interface is shown in Figure 6-2. The interface shown is for user management, displaying the username, UID, and user comment. In addition to managing users and groups, admintool is also useful for managing hosts, printers, serial ports, and software. Each management option has its own interface, which is accessible from the Browse menu. When an interface is selected, such as the printers interface, administrators may then add, modify, or delete the entries that exist in the current database (in this case, administrators may add, delete, or modify the entries for printers).

Click To expand Figure 6-2: The Solaris admintool

Let’s examine how to modify existing user information using the admintool, as shown in Figure 6-3. First, select the user whose data you wish to modify (for example, the adm user, one of the preconfigured system accounts that is created during Solaris installation). Next, select the Modify option from the admintool Edit menu. The user entry modification window is shown in Figure 6-3 for the adm user. Here, it is possible to modify the following options:

  • The username

  • The primary group

  • All secondary groups

  • The user comment

  • The login shell, which is selected from a drop-down menu containing all valid shells defined in the shells database (/etc/shells)

  • The minimum and maximum days required before a password change

  • The maximum number of inactive days for an account

  • An expiry date for the user’s account

  • The number of days warning to give a user before their password must be changed

  • The path to the user’s home directory

    Click To expand
    Figure 6-3: Modifying user details with admintool

Of course, all of this information can be set on the command line by using the passwd command. However, the admintool interface is easier to use, and provides some additional functionality. For example, it is impossible to enter an invalid expiration date, because the day, month, and year are selected from drop-down boxes. In addition, if there are any problems encountered during modification, no changes will be recorded.

Adding a user to the system involves entering data into the same interface used for modifying user details, as shown in Figure 6-4. The UID is sequentially generated, as is a default primary group, user shell, password option (not set until first login), and the option to create a new directory for the user as their home directory. Again, admintool has advanced error-checking facilities that make it difficult to damage or overwrite system files with invalid data.

Click To expand
Figure 6-4: Adding user details with admintool

Admintool can also be used as a group administration tool. Groups may be created, and users added to specific groups or removed from groups. In addition, groups may also be deleted using admintool. The group administration interface is shown in Figure 6-5. Here, five groups are shown: the adm group (GID 4) has three members: root, adm, and daemon. To add a user to the group, simply select the adm group and click the Add entry in the Edit menu. A comma-delimited list of users in the group would then be displayed. The bin user could be added to the adm group by inserting a comma after the last entry and adding the name “bin” to the list.

Click To expand
Figure 6-5: Adding group details with admintool

Part I: Solaris 9 Operating Environment, Exam I