user.roles File

Purpose

Contains the list of roles for each user.

Description

The /etc/security/user.roles file contains the list of roles for each user. This is an ASCII file that contains a stanza for system users. Each stanza is identified by a user name followed by a : (colon) and contains attributes in the form Attribute=Value. Each attribute pair ends with a newline character as does each stanza.

This file supports a default stanza. If an attribute is not defined, either the default stanza or the default value for the attribute is used.

A stanza contains the following attribute:

For a typical stanza, see the "Examples" section.

Typically, the /etc/security/user.roles stanza contains an entry for every user and a list of data associated with that user. The roles database does not require an entry per user. The size of each entry is one line.

The user.roles file is kept separately from the /etc/security/user file for performance reasons. Several commands scan this database, so system performance increases with smaller files to scan (especially on systems with large numbers of users).

Changing the user.roles File

You should access this file through the commands and subroutines defined for this purpose. You can use the following commands to change the user.roles file:

• chuser
• lsuser
• mkuser

The mkuser command creates an entry in the /etc/security/user.roles file for each new user when the roles attribute is used. To change the attribute values, use the chuser command with the roles attribute. To display the attributes and their values, use the lsuser command with the roles attribute.

To write programs that affect attributes in the /etc/security/user.roles file, use the subroutines listed in Related Information.

Security

Access Control: This file grants read and write access to the root user, and read access to members of the security group.

Examples

A typical stanza looks like the following example for the username role:

username:
        roles = role1,role2

Files