System Administration Guide
Chapter 1, Administering user accounts

Using account templates

Using account templates

Account templates are files that contain a list of account attributes (such as group membership or privileges) for use with the account command line utilities. Templates make it easier to specify attributes that would otherwise require a long command line.


NOTE: Templates do not work with the Account Manager. They are are designed for use with command line utilities only.

Here is an example template, template1, that specifies several attributes, including group membership, kernel privileges, login restrictions, password restrictions, and authorizations:

   { groups { gedemondan czillian dillian type41 oolakash } }
   { kernelAuths { chown execsuid su } }
   { maxLoginAttempts 8 }
   { passwdExpirationTime 60 }
   { passwdLifetime 120 }
   { passwdRunGenerator 1 }
   { subsystemAuths { printerstat printqueue queryspace } }
Templates can be used to create new accounts, modify existing accounts, or change the system defaults.

Here is an example that creates a new account for user mavrac that uses template1:

useradd -X template1 mavrac

The new account will use all the default account values except for those listed in the template file. To modify an existing account for the same user, you would simply substitute usermod for useradd.

You can also modify account defaults using a template file. Assuming you wanted to replace the current system defaults with the values in template1, you would use this command:

usermod -D -X template1

You can use the userls command to list account attributes that you can in turn use to create a template. For example, this command directs the attributes for user mavrac into a file:

userls -l mavrac -A > template1

You must edit the output from userls because it contains all attributes, including status information that cannot be changed (such as last login time), but you can us it as a basis for a template file.

See also: