Accounts & identity
Each user has a numeric UID, primary group, home directory and login shell. This identity controls file and process ownership.
Solaris · User Management
Solaris · Lesson 4
User Management
Create and manage users in Solaris securely. Password policies and profiles. Understanding RBAC and role based access. Real world administration scenarios.
Goal of this lesson
User management is one of the most common tasks for any Solaris administrator. In this lesson you will learn how to create, inspect, lock and remove user accounts in a safe and repeatable way.
We will focus on normal local users. Network or directory-backed users (LDAP, Active Directory, etc.) are built on top of the same concepts you learn here.
Core user-management concepts
/etc/passwd and /etc/shadow
passwd holds public account data; shadow stores encrypted passwords and password policy. Only root can read shadow.
Groups & roles
Groups collect users to share access, and Solaris RBAC roles allow finer-grained delegation without full root access.
Step-by-step user-management commands
Below are the exact commands you should try in your lab VM. Each block shows a small, focused sequence so you can practice and repeat it easily.
1. Check who you are logged in as
Before doing any administration work, confirm which account you are using.
terminal — bash
solaris-lab[root@solaris ~]# whoami
root
[root@solaris ~]# id
uid=0(root) gid=0(root) groups=0(root)
2. View user entries in /etc/passwd
The /etc/passwd file holds basic account information that is readable by all users.
terminal — bash
solaris-lab[root@solaris ~]# tail -5 /etc/passwd
daemon:x:1:1:daemon:/usr/sbin:/usr/bin/false
bin:x:2:2:bin:/usr/bin:/usr/bin/false
adm:x:3:4:adm:/var/adm:/usr/bin/false
oracle:x:1001:10:Oracle User:/export/home/oracle:/usr/bin/bash
devuser:x:1100:10:Development User:/export/home/devuser:/usr/bin/bash
3. Create a new user
Create a normal user with a home directory and default shell. In Solaris, useradd is the standard tool.
terminal — bash
solaris-lab[root@solaris ~]# useradd -m -d /export/home/appuser appuser
[root@solaris ~]# passwd appuser
New Password: ********
Re-enter new Password: ********
passwd (appuser):
passwd successfully changed for appuser
4. Create a new user with custom UID, GID & shell
Create a normal user with a home directory and default shell. In Solaris, useradd is the standard tool.
terminal — bash
solaris-lab[root@solaris ~]# useradd -u 1101 -g 10 -m -d /export/home/appuser -s /usr/bin/bash appuser
[root@solaris ~]# passwd appuser
New Password: ********
Re-enter new Password: ********
passwd (appuser):
passwd successfully changed for appuser
5. Verify the new account
Use id, getent and ls to check that the user and home directory were created correctly.
terminal — bash
solaris-lab[root@solaris ~]# id appuser
uid=1101(appuser) gid=10(staff) groups=10(staff)
[root@solaris ~]# getent passwd appuser
appuser:x:1101:10:appuser:/export/home/appuser:/usr/bin/bash
[root@solaris ~]# ls -ld /export/home/appuser
drwxr-xr-x 5 appuser staff 5 Jan 11 10:15 /export/home/appuser
6. Switch to the new user
Use su - to test that you can log in as the new account and that the environment looks correct.
terminal — bash
solaris-lab[root@solaris ~]# su - appuser
Oracle Corporation SunOS 5.11 Solaris 11.4
[appuser@solaris ~]$ pwd
/export/home/appuser
[appuser@solaris ~]$ echo "User management lab is ready"
User management lab is ready
7. Lock or remove a user
Solaris supports locking accounts and deleting them while optionally preserving the home directory.
terminal — bash
solaris-lab[root@solaris ~]# passwd -l appuser
passwd (appuser):
Account appuser has been locked.
[root@solaris ~]# userdel -r olduser
#
# -r removes the home directory and mail spool for olduser
Good practices when managing users
Safety & auditability
- Avoid logging in directly as root whenever possible – use su or roles.
- Always verify the UID, group and home directory before giving access to others.
- Document which users you created and why, especially on shared servers.
Lifecycle management
- Lock accounts temporarily instead of deleting if you are not sure.
- When de-provisioning, archive important data from the user’s home directory before removal.
- Regularly review local accounts and disable unused ones.
Practice task – build your own small user set
- Create two new users:
devuserandopsuser. - Assign them to appropriate groups and create home directories in
/export/home. - Log in as both users using
su -and confirm that file ownership works as expected. - Finally, lock one account and remove the other to see the full lifecycle.
In the next lesson, we will extend this with group-management so that you can manage access for teams instead of individual users.