NAME
pts_createuser - Creates a user or machine entry in the Protection
Database
SYNOPSIS
pts createuser -name <user name>+ [-id <user id>+]
[-cell <cell name>] [-noauth] [-localauth] [-force]
[-help]
pts createu -na <user name>+ [-i <user id>+]
[-c <cell name>] [-no] [-l] [-f] [-h]
pts cu -na <user name>+ [-i <user id>+]
[-c <cell name>] [-no] [-l] [-f] [-h]
DESCRIPTION
The pts createuser command creates an entry in the Protection Database
for each user or machine specified by the -name argument. A user entry
name becomes the user’s AFS username (the one to provide when
authenticating with the AFS Authentication Server). A machine entry’s
name is the machine’s IP address or a wildcard notation that represents
a range of consecutive IP addresses (a group of machines on the same
network). It is not possible to authenticate as a machine, but a group
to which a machine entry belongs can appear on a directory’s access
control list (ACL), thereby granting the indicated permissions to any
user logged on to the machine.
AFS user IDs (AFS UIDs) are positive integers and by default the
Protection Server assigns an AFS UID that is one greater than the
current value of the "max user id" counter in the Protection Database,
incrementing the counter by one for each user. To assign a specific AFS
UID, use the -id argument. If any of the specified AFS UIDs is greater
than the current value of the "max user id" counter, the counter is
reset to that value. It is acceptable to specify an AFS UID smaller
than the current value of the counter, but the creation operation fails
if an existing user or machine entry already has it. To display or set
the value of the "max user id" counter, use the pts listmax or pts
setmax command, respectively.
The issuer of the pts createuser command is recorded as the entry’s
creator and the group system:administrators as its owner.
CAUTIONS
The Protection Server reserves AFS UID 0 (zero) and returns an error if
the -id argument has that value.
OPTIONS
-name <user name>+
Specifies either a username for a user entry, or an IP address
(complete or wildcarded) for a machine entry:
· A username can include up to 63 numbers and lowercase letters,
but it is best to make it shorter than eight characters,
because many application programs cannot handle longer names.
Also, it is best not to include shell metacharacters or other
punctuation marks. In particular, the colon (":") and at-sign
("@") characters are not acceptable. The period is generally
used only in special administrative names, to separate the
username and an instance, as in the example "pat.admin".
· A machine identifier is its IP address in dotted decimal
notation (for example, 192.12.108.240), or a wildcard notation
that represents a set of IP addresses (a group of machines on
the same network). The following are acceptable wildcard
formats. The letters "W", "X", "Y" and "Z" each represent an
actual number from the range 1 through 255.
· W.X.Y.Z represents a single machine, for example
192.12.108.240.
· W.X.Y.0 matches all machines whose IP addresses start with
the first three numbers. For example, 192.12.108.0 matches
both 192.12.108.119 and 192.12.108.120, but does not match
192.12.105.144.
· W.X.0.0 matches all machines whose IP addresses start with
the first two numbers. For example, the address 192.12.0.0
matches both 192.12.106.23 and 192.12.108.120, but does not
match 192.5.30.95.
· W.0.0.0 matches all machines whose IP addresses start with
the first number in the specified address. For example, the
address 192.0.0.0 matches both 192.5.30.95 and
192.12.108.120, but does not match 138.255.63.52.
Do not define a machine entry with the name 0.0.0.0 to match
every machine. The system:anyuser group is equivalent.
-id <user id>+
Specifies an AFS UID for each user or machine entry, rather than
allowing the Protection Server to assign it. Provide a positive
integer.
If this argument is used and the -name argument names multiple new
entries, it is best to provide an equivalent number of AFS UIDs.
The first UID is assigned to the first entry, the second to the
second entry, and so on. If there are fewer UIDs than entries, the
Protection Server assigns UIDs to the unmatched entries based on
the "max user id" counter. If there are more UIDs than entries, the
excess UIDs are ignored. If any of the UIDs is greater than the
current value of the "max user id" counter, the counter is reset to
that value.
-cell <cell name>
Names the cell in which to run the command. For more details, see
pts(1).
-noauth
Assigns the unprivileged identity anonymous to the issuer. For more
details, see pts(1).
-localauth
Constructs a server ticket using a key from the local
/etc/openafs/server/KeyFile file. Do not combine this flag with the
-cell or -noauth options. For more details, see pts(1).
-force
Enables the command to continue executing as far as possible when
errors or other problems occur, rather than halting execution at
the first error.
-help
Prints the online help for this command. All other valid options
are ignored.
OUTPUT
The command generates the following string to confirm creation of each
user:
User <name> has id <id>
EXAMPLES
The following example creates a Protection Database entry for the user
"johnson".
% pts createuser -name johnson
The following example creates three wildcarded machine entries in the
ABC Corporation cell. The three entries encompass all of the machines
on the company’s networks without including machines on other networks:
% pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0
PRIVILEGE REQUIRED
The issuer must belong to the system:administrators group.
SEE ALSO
pts(1), pts_listmax(1), pts_setmax(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.