Account Attributes

The name of the user.

This is an Account ID which must not be changed.

The Numeric ID for the user.

An existing group integer ID or character-string name. Without the -D option it defines the new user primary group membership and defaults to the default group. You can reset this default value by invoking useradd -D -g group. GIDs 0-99 are reserved for allocation by the Solaris Operating System.

Secondary groups of the user. The list of groups assigned to the user.

Contains the list of roles for each user.

The home directory of the user.

The default shell of the user.

Any text string. It is generally a short description of the login and is currently used as the field for the user's full name. This information is stored in the user's /etc/passwd entry.

One or more comma separated authorizations defined in auth_attr(4). Only a user or role who has grant rights to the authorization can assign it to an account.

The name of the project with which the added user is associated. See the projname field as defined in project(4).

Specify the expiration date for a login. After this date, no user will be able to access this login. The expire option argument is a date entered using one of the date formats included in the template file /etc/datemsk. See getdate(3C).

If the date format that you choose includes spaces, it must be quoted. For example, you can enter 10/6/90 or October 6, 1990. A null value (" ") defeats the status of the expired date. This option is useful for creating temporary logins.

The maximum number of days allowed between uses of a login ID before that ID is declared invalid. Normal values are positive integers. A value of 0 defeats the status.

Specifies whether an account is locked after the count of failed logins for a user equals or exceeds the allowed number of retries as defined by RETRIES in /etc/default/login. Possible values are yes or no. The default is no. Account locking is applicable only to local accounts and accounts in the LDAP name service repository if configured with an enableShadowUpdate of true as specified in ldapclient(1M).

The maximum set of privileges a user or any process started by the user, whether through su(1M) or any other means, can obtain. The system administrator must take ensure that when deleting the privileges from the limit set. Deleting any basic privilege has the ability of crippling all applications; deleting any other privilege can cause many or all applications requiring privileges to malfunction.

The default set of privileges assigned to a user's inheritable set upon login.

Contains an ordered, comma-separated list of profile names selected from prof_attr(4). Profiles are enforced by the profile shells, pfcsh, pfksh, and pfsh. See pfsh(1). A default profile is assigned in /etc/security/policy.conf (see policy.conf(4)). If no profiles are assigned, the profile shells do not allow the user to execute any commands.

Indicates if the user account is locked. Possible values include:

• true: The user account is locked. The values "yes", "true", and "always" are equivalent. The user is denied access to the system.

• false: The user account is not locked. The values "no", "false", and "never" are equivalent. The user is allowed access to the system. Default value.

The minimum number of days required between password changes for user.

The maximum number of days the password is valid for user. MAXWEEKS is found in /etc/default/passwd and is set to NULL.

The number of days relative to max before the password expires and the name are warned.

The date the password was last changed for the name. All password aging dates are determined using Greenwich Mean Time (Universal Time) and therefore can differ by as much as a day in other time zones.

The last login time of the user on the Solaris computer.

Specifies per-user Audit pre selection flags as colon-separated always-audit-flags and never-audit-flags. For example, audit_flags=always-audit-flags:never-audit-flags.