| Previous | Table of Contents | Next |
Before you can use Admintool to edit the local /etc/passwd file, you must be a member of the sysadmin group (GID 14).
If you have the appropriate permissions, you can use Admintool to make changes to the /etc/passwd file on a local system.
You need the following information for each user you plan to add:
A UID is always associated with each user name and is used by systems to identify the owners of files and directories and to identify the user at login. If you create user accounts for a single individual on more than one system, always use the same user name and UID. In that way, the user can easily move and copy files between systems without ownership problems.
A UID must be a whole number less than or equal to 2147483647. The maximum UID was increased from 60000 to 2147483647 starting with the Solaris 2.5.1 release.
UIDs are required for both regular user accounts and special system accounts. Table 7-3 lists the UIDs that are reserved for user accounts and system accounts.
| UIDs | Login Accounts | Description |
|---|---|---|
| 0 | root | Root account |
| 1 | daemon | Daemon account |
| 2 | bin | Pseudo--user bin account |
| 3-99 | sys, uucp logins, who, tty, and ttytype | System accounts |
| 100-60000 | Regular users | General-purpose accounts |
| 60001 | nobody | Unauthenticated users |
| 60002 | noaccess | Compatibility with previous Solaris 2.x and SVR4 releases |
| 60003-2147483647 | Regular users | General-purpose accounts |
CAUTION! Be careful when using UIDs in the 60000 to 2147483647 range. These numbers do not have full functionality and are incompatible with many Solaris features. See Table 7-4 for more information.
Even though UIDs 0 through 99 are reserved for use by system accounts, you can add a user with one of these UIDs. You should not, however, use these UIDs for regular user accounts. Use the numbers 0 through 99 to assign system accounts, uucp logins, and pseudo-user logins.
Previous Solaris 2.x releases used 32-bit data types to contain UIDs and GIDs. UIDs and GIDs were constrained to a maximum useful value of 60000. The limit on UID and GID values has been raised to the maximum value of a signed integer, or 2147483647 with the Solaris 2.5.1 release. Table 7-4 lists the interoperability issues with Solaris 2.x products and commands.
| Category | Product/Command | Issues/Cautions |
|---|---|---|
| NFS Interoperability | SunOS 4.x NFS software | SunOS 4.x NFS server and client code truncates large UIDs and GIDs to 16 bits. This truncation can create security problems if SunOS 4.x systems are used in an environment where large UIDs and GIDs are being used. SunOS 4.x systems require a patch. |
| Name Service Interoperability | NIS name service File-based name service | Users with UIDs above 60000 can log in and use the su command on systems running earlier versions of the Solaris 2.x operating environment, however, their UIDs and GIDs are set to 60001 (nobody). |
| NIS+ name service | Users with UIDs above 60000 are denied access on systems running older Solaris 2.x versions and the NIS+ name service. | |
| Printed UIDs/GIDs | OpenWindows File Manager | Large UIDs and GIDs are not displayed correctly if the OpenWindows File Manager is used with the extended file listing display option. |
Table 7-5 summarizes the limitations of using large UIDs and GIDs.
| UID/GID Number | Limitation |
|---|---|
| 60003 or greater | Users logging in to systems running previous Solaris releases and the NIS or files name service are assigned a UID and GID of nobody. |
| 65536 or greater | SunOS 4.x systems running the NFS version 2 software truncate UIDs in this category to 16 bits, creating possible security problems. |
| Using the cpio command with the default archive format to copy files displays an error message for each file and the UID and GID are set to nobody in the archive. | |
| SPARC systems: SunOS 4.x-compatible applications display EOVERFLOW messages from some system calls and the UID and GID are set to nobody. | |
| x86 systems: SVR3-compatible applications on an x86 system is likely to display EOVERFLOW messages from system calls. | |
| x86 systems: If users create a file or directory on a mounted System V file system, the System V file system returns an EOVERFLOW error. | |
| 100000 or greater | The ps -l command displays a maximum five-digit UID so the printed column is not aligned when it includes a UID or GID greater than 99999. |
| 2622144 or greater | Using the cpio command with -H odc format or the pax -x cpio command to copy files returns an error message for each file and the UIDs and GIDs are set to nobody in the archive. |
| 10000000 or greater | Using the ar command sets UIDs and GIDs to nobody in the archive. |
| 2097152 or greater | UIDs and GIDs are set to nobody when using the tar command, the cpio -H ustar command, or the pax -x tar command. |
| Previous | Table of Contents | Next |