smgroup(1M) System Administration Commands smgroup(1M)NAMEsmgroup - manage group entries
SYNOPSIS
/usr/sadm/bin/smgroup subcommand [ auth_args] -− [subcommand_args]
DESCRIPTION
The smgroup command manages one or more group definitions in the group
database for the appropriate files in the local /etc files name service
or a NIS or NIS+ name service.
The following smgroup subcommands are supported
add Adds a new group entry. To add an entry, the adminis‐
trator must have the solaris.admin.usermgr.write autho‐
rization.
delete Deletes a group entry. You can delete only one entry at
a time. To delete an entry, the administrator must have
the solaris.admin.usermgr.write authorization. Note:
You cannot delete the system groups with IDs less than
100, or the groups 60001, 60002, or 65534.
list Lists one or more group entries in the form of a three-
column list, containing the group name, group ID, and
group members, separated by colons (:). To list
entries, the administrator must have the
solaris.admin.usermgr.read authorization.
modify Modifies a group entry. To modify an entry, the admin‐
istrator must have the solaris.admin.usermgr.write
authorization.
OPTIONS
The smgroup authentication arguments, auth_args, are derived from the
smc(1M) arg set and are the same regardless of which subcommand you
use. The smgroup command requires the Solaris Management Console to be
initialized for the command to succeed (see smc(1M)). After rebooting
the Solaris Management Console server, the first Solaris Management
Console connection might time out, so you might need to retry the com‐
mand.
The subcommand-specific options, subcommand_args, must come after the
auth_args and must be separated from them by the -− option.
auth_args
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all
optional. If no auth_args are specified, certain defaults will be
assumed and the user may be prompted for additional information, such
as a password for authentication purposes. These letter options can
also be specified by their equivalent option words preceded by a double
dash. For example, you can use either -D or -−domain.
The following auth_args are supported:
-D | -−domain domain
Specifies the default domain that you want to manage. The syntax of
domain is type:/host_name/domain_name, where type is nis, nisplus,
dns, ldap or file; host_name is the name of the machine that serves
the domain; and domain_name is the name of the domain you want to
manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the Solaris Management Console
assumes the file default domain on whatever server you choose to
manage, meaning that changes are local to the server. Toolboxes can
change the domain on a tool-by-tool basis; this option specifies
the domain for all other tools.
-H | -−hostname host_name:port
Specifies the host_name and port to which you want to connect. If
you do not specify a port, the system connects to the default port,
898. If you do not specify host_name:port, the Solaris Management
Console connects to the local host on port 898. You may still have
to choose a toolbox to load into the console. To override this
behavior, use the smc(1M)-B option, or set your console prefer‐
ences to load a "home toolbox" by default.
-l | -−rolepassword role_password
Specifies the password for the role_name. If you specify a
role_name but do not specify a role_password, the system prompts
you to supply a role_password. Passwords specified on the command
line can be seen by any user on the system, hence this option is
considered insecure.
-p | -−password password
Specifies the password for the user_name. If you do not specify a
password, the system prompts you for one. Passwords specified on
the command line can be seen by any user on the system, hence this
option is considered insecure.
-r | -−rolename role_name
Specifies a role name for authentication. If you do not specify
this option, no role is assumed.
-u | -−username user_name
Specifies the user name for authentication. If you do not specify
this option, the user identity running the console process is
assumed.
-−
This option is required and must always follow the preceding
options. If you do not enter the preceding options, you must still
enter the -− option.
subcommand_args
Descriptions and other argument options that contain white spaces must
be enclosed in double quotes.
The add subcommand supports the following subcommand_args:
-g gid
(Optional) Specifies the group ID for the new group. The group ID
must be a non-negative decimal integer with a maximum value of 2MB
(2,147,483,647). Group IDs 0-99 are reserved for the system and
should be used with care. If you do not specify a gid, the system
automatically assigns the next available gid. To maximize interop‐
erability and compatibility, administrators are recommended to
assign groups using the range of GIDs below 60000 where possible.
-h
(Optional) Displays the command's usage statement.
-m group_member1 -m group_member2 . . .
(Optional) Specifies the new members to add to the group.
-n group_name
Specifies the name of the new group. The group name must be unique
within a domain, contain 2-32 alphanumeric characters, begin with a
letter, and contain at least one lowercase letter.
The delete subcommand supports the following subcommand_args:
-h
(Optional) Displays the command's usage statement.
-n group_name
Specifies the name of the group you want to delete.
The list subcommand supports the following subcommand_args
-h
(Optional) Displays the command's usage statement.
-n group_name
(Optional) Specifies the name of the group you want to list. If you
do not specify a group name, all groups are listed.
The modify subcommand supports the following subcommand_args
-h
(Optional) Displays the command's usage statement.
-m group_member1 -m group_member2 . . .
(Optional) Specifies the new members to add to the group. Note that
group_member overwrites the existing member list in the group file.
-n group_name
Specifies the name of the group you want to modify.
-N new_group
(Optional) Specifies the new group name. The group name must be
unique within a domain, contain 2-32 alphanumeric characters, begin
with a letter, and contain at least one lowercase letter.
EXAMPLES
Example 1: Creating a Test Group
The following creates the test_group group entry with a group ID of 123
and adds test_member1 and test_member2 to the group:
./smgroup add -H myhost -p mypasswd -u root -- -n test_group \
-m test_member1 -m test_member2 -g 123
Example 2: Deleting a Group
The following deletes test_group:
./smgroup delete -H myhost -p mypasswd -u root -- -n test_group
Example 3: Displaying All Groups
The following displays all groups in a three-column list showing the
group name, group ID, and group members:
./smgroup list -H myhost -p mypasswd -u root --
Example 4: Displaying a Group
The following displays the group_1 data in a three-column list showing
the group name, group ID, and group members:
./smgroup list -H myhost -p mypasswd -u root -- -n group_1
Example 5: Renaming a Group
The following renames a group from finance to accounting:
./smgroup modify -H myhost -p mypasswd -u root -- \
-n finance -N accounting
ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environment variable,
which affects the execution of the smgroup command. If this environ‐
ment variable is not specified, the /usr/java location is used. See
smc(1M).
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 Invalid command syntax. A usage message displays.
2 An error occurred while executing the command. An error mes‐
sage displays.
FILES
The following files are used by the smgroup command:
/etc/group Group file. See group(4).
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWmga │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOsmc(1M), group(4), attributes(5), environ(5)SunOS 5.10 2 Jan 2002 smgroup(1M)
