|
|
Account templates are files that contain a list of account attributes (such as group membership or privileges) for use with the account command line utilities. Templates make it easier to specify attributes that would otherwise require a long command line.
Here is an example template, template1, that specifies several attributes, including group membership, kernel privileges, login restrictions, password restrictions, and authorizations:
{ groups { gedemondan czillian dillian type41 oolakash } } { kernelAuths { chown execsuid su } } { maxLoginAttempts 8 } { passwdExpirationTime 60 } { passwdLifetime 120 } { passwdRunGenerator 1 } { subsystemAuths { printerstat printqueue queryspace } }Templates can be used to create new accounts, modify existing accounts, or change the system defaults.
Here is an example that creates a new account for user
mavrac that uses template1:
useradd -X template1 mavrac
The new account will use all the default account values except for those listed in the template file. To modify an existing account for the same user, you would simply substitute usermod for useradd.
You can also modify account defaults using a template file.
Assuming you wanted to replace the current
system defaults with the values in template1,
you would use this command:
usermod -D -X template1
You can use the userls command to list account attributes
that you can in turn use to create a template. For example, this
command directs the attributes for user mavrac into a
file:
userls -l mavrac -A > template1
You must edit the output from userls because it contains all attributes, including status information that cannot be changed (such as last login time), but you can us it as a basis for a template file.
See also: