jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-22 00:41:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0d00d2f08d
openafs/doc/html/AdminReference/auarf055.htm

760 lines
37 KiB
HTML
Raw Normal View History

initial-html-documentation-20010606 pull in all documentation from IBM
2001-06-06 20:09:07 +01:00
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved -->
<BODY bgcolor="ffffff">
<!-- End Header Records ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf054.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf056.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<P>
<H2><A NAME="HDRUSSFILE" HREF="auarf002.htm#ToC_53">uss Template File</A></H2>
<P><STRONG>Purpose</STRONG>
<A NAME="IDX4110"></A>
<A NAME="IDX4111"></A>
<A NAME="IDX4112"></A>
<P>Provides instructions for the <B>uss add</B> command
<P><STRONG>Description</STRONG>
<P>The <B>uss</B> template file defines the components of an AFS user
account that the <B>uss add</B> command (or <B>add</B> instruction in
a <B>uss</B> bulk input file) creates. Use the <B>-template</B>
argument to the <B>uss add</B> or <B>uss bulk</B> command to identify
the template file.
<P><B>Summary of Template File Instructions</B>
<P>The template file can include the following instructions, each on its own
line. A more detailed description of each instruction's syntax
follows this list.
<DL>
<P><DT><B>A
</B><DD>Imposes restrictions on user passwords and authentication attempts
<P><DT><B>D
</B><DD>Creates a directory
<P><DT><B>E
</B><DD>Creates a single-line file
<P><DT><B>F
</B><DD>Creates a file by copying a prototype
<P><DT><B>G
</B><DD>Defines a directory that is one of a set of parent directories into which
the <B>uss</B> command interpreter evenly distributes newly created home
directories
<P><DT><B>L
</B><DD>Creates a hard link
<P><DT><B>S
</B><DD>Creates a symbolic link
<P><DT><B>V
</B><DD>Creates a volume, mounts it in the file space and sets the ACL on the
mount point
<P><DT><B>X
</B><DD>Executes a command
</DL>
<P>If the template file is empty (zero-length), the <B>uss add</B> command
or <B>add</B> instruction in a bulk input file only creates an entry in
the Protection and Authentication Databases, naming them according to the name
specified with the <B>uss add</B> command's <B>-user</B>
argument, or in the bulk input file <B>add</B> instruction's
<VAR>username</VAR> field.
<P><B>The A Instruction for Setting the Default Treatment of Volumes</B>
<A NAME="IDX4113"></A>
<A NAME="IDX4114"></A>
<A NAME="IDX4115"></A>
<A NAME="IDX4116"></A>
<A NAME="IDX4117"></A>
<A NAME="IDX4118"></A>
<A NAME="IDX4119"></A>
<P>The <B>A</B> instruction in a <B>uss</B> template file enhances
cell security by imposing the following restrictions on users' password
choice and authentication attempts. For further information on these
limits, see the <I>IBM AFS Administration Guide</I> and the <B>kas
setfields</B> reference page.
<UL>
<P><LI>Limiting the user's password lifetime. When the lifetime
expires, the user can no longer authenticate using that password, and must
change it.
<P><LI>Prohibiting the reuse of the user's 20 most recently used
passwords.
<P><LI>Limiting the number of consecutive times that a user can provide an
incorrect password during authentication, and for how long the Authentication
Server refuses further authentication attempts after the limit is exceeded
(referred to as an <I>account lockout</I>). For regular user
accounts in most cells, the recommended limit is nine and lockout time is 25
minutes.
</UL>
<P>The instruction has the following syntax:
<PRE> <B>A</B> <VAR>username</VAR> <VAR>password_lifetime</VAR> <VAR>password_reuse</VAR> <VAR>failures</VAR> <VAR>locktime</VAR>
</PRE>
<P>where
<DL>
<P><DT><B>A
</B><DD>Indicates a security-enhancing instruction. It must be a capital
letter.
<P><DT><B><VAR>username</VAR>
</B><DD>Names the Authentication Database entry on which to impose security
restrictions. Specify the value <B>$USER</B> to read in the
username from the <B>uss add</B> command's <B>-user</B> argument,
or from the <VAR>username</VAR> field of an <B>add</B> instruction in a bulk
input file.
<P><DT><B><VAR>password_lifetime</VAR>
</B><DD>Sets the number of days after the user's password is changed that it
remains valid. When the password becomes invalid (expires), the user is
unable to authenticate, but has 30 more days in which to issue the
<B>kpasswd</B> command to change the password (after that, only an
administrator can change it).
<P>Specify an integer from the range <B>1</B> through <B>254</B> to
specify the number of days until expiration, the value <B>0</B> to
indicate that the password never expires, or the value <B>$PWEXPIRES</B>
to read in the number of days from the <B>uss add</B> or <B>uss
bulk</B> command's <B>-pwexpires</B> argument. If the
<B>A</B> instruction does not appear in the template file, the default is
for the user's password never to expire.
<P><DT><B><VAR>password_reuse</VAR>
</B><DD>Determines whether or not the user can change his or her password (using
the <B>kpasswd</B> or <B>kas setpassword</B> command) to one that is
similar to any of the last twenty passwords. The acceptable values are
<B>reuse</B> to allow reuse and <B>noreuse</B> to prohibit it.
If the <B>A</B> instruction does not appear in the template file, the
default is to allow password reuse.
<P><DT><B><VAR>failures</VAR>
</B><DD>Sets the number of consecutive times the user can provide an incorrect
password during authentication (using the <B>klog</B> command or a login
utility that grants AFS tokens). When the user exceeds the limit, the
Authentication Server rejects further authentication attempts for the amount
of time specified in the <VAR>locktime</VAR> field.
<P>Specify an integer from the range <B>1</B> through <B>254</B> to
specify the number of failures permitted, or the value <B>0</B> to
indicate that there is no limit to the number of unsuccessful attempts.
If the <B>A</B> instruction does not appear in the template file, the
default is to allow an unlimited number of failures.
<P><DT><B><VAR>locktime</VAR>
</B><DD>Specifies how long the Authentication Server refuses authentication
attempts from a user who has exceeded the failure limit set in the
<VAR>failures</VAR> field.
<P>Specify a number of hours and minutes (<VAR>hh:mm</VAR>) or minutes
only (<VAR>mm</VAR>), from the range <B>01</B> (one minute) through
<B>36:00</B> (36 hours). The Authentication Server
automatically reduces any larger value to <B>36:00</B> and also
rounds up any non-zero value to the next higher multiple of 8.5
minutes. A value of <B>0</B> (zero) sets an infinite lockout
time; an administrator must always issue the <B>kas unlock</B>
command to unlock the account.
</DL>
<P><B>The D Instruction for Creating a Directory</B>
<A NAME="IDX4120"></A>
<A NAME="IDX4121"></A>
<A NAME="IDX4122"></A>
<A NAME="IDX4123"></A>
<A NAME="IDX4124"></A>
<A NAME="IDX4125"></A>
<A NAME="IDX4126"></A>
<A NAME="IDX4127"></A>
<A NAME="IDX4128"></A>
<A NAME="IDX4129"></A>
<A NAME="IDX4130"></A>
<P>The <B>D</B> instruction in a <B>uss</B> template file creates a
directory. Its intended use is to create a subdirectory in the user
home directory created by the <B>V</B> instruction in the template
file.
<P>Any number of <B>D</B> instructions can appear in the template
file. If any variables in the instruction take their values from the
<B>V</B> instruction (notably, the $MTPT variable), the instruction must
follow the <B>V</B> instruction in the file.
<P>Although it is possible to use the <B>D</B> instruction to create a
directory on the local disk of the machine where the <B>uss</B> command is
issued, it is not recommended. The preferred method for automated
creation of directories on a local disk is the <B>package</B>
program. Two complications arise if the <VAR>pathname</VAR> field refers
to a local disk directory:
<UL>
<P><LI>The <B>uss</B> command prints a warning message because it cannot
associate an access control list (ACL) with a local disk directory. It
creates the directory nonetheless, and some syntactically correct value must
appear in the instruction's <VAR>ACL</VAR> field.
<P><LI>To designate any user other than the issuer as the new directory's
owner, the issuer must log onto the machine as the local superuser
<B>root</B>. For local disk directories, only the local superuser
<B>root</B> is allowed to issue the UNIX <B>chown</B> command that the
<B>uss</B> command interpreter invokes to change the owner from the
default value (the directory's creator, which in this case is the issuer
of the <B>uss</B> command). The issuer must then also use the
<B>-admin</B> argument to the <B>uss add</B> or <B>uss bulk</B>
command to authenticate as a privileged AFS administrator, which is required
for creating the Authentication Database and Protection Database entries that
the <B>uss</B> command interpreter always creates for a new
account.
</UL>
<P>The instruction has the following syntax:
<PRE> <B>D</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
</PRE>
<P>where
<DL>
<P><DT><B>D
</B><DD>Indicates a directory creation instruction. It must be a capital
letter.
<P><DT><B><VAR>pathname</VAR>
</B><DD>Specifies the directory's full pathname. It can include
variables.
<P>Specify the read/write path to the directory, to avoid the failure that
results from attempting to create a new directory in a read-only
volume. By convention, the read/write path is indicated by placing a
period before the cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
reference page for the <B>fs mkmount</B> command.
<P><DT><B><VAR>mode_bits</VAR>
</B><DD>Sets the directory's UNIX mode bits. Acceptable values are the
standard three- or four-digit numbers corresponding to combinations of
permissions. Examples: <B>755</B> corresponds to
<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>. The
first (owner) <B>x</B> bit must be turned on to enable access to a
directory.
<P><DT><B><VAR>owner</VAR>
</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
the directory's owner in the output from the UNIX <B>ls -ld</B>
command. If the directory resides in AFS, place the $UID variable in
this field. If the directory resides on the local disk, this field must
be the username or UID of the <B>uss</B> command's issuer, unless the
issuer is logged in as the local superuser <B>root</B>.
<P><DT><B><VAR>ACL</VAR>
</B><DD>Sets the ACL on the new directory. It must appear even if the new
directory resides on the local disk rather than in AFS, but is ignored in that
case. Provide one or more paired values, each pair consisting of an AFS
username or group name and the desired permissions, in that order.
Separate the two parts of the pair, and each pair, with a space. The
<B>fs setacl</B> reference page describes the available
permissions.
<P>For an AFS directory, grant all permissions to the directory's owner
at least. Usually that is the new user, in which case the appropriate
value is <B>$USER all</B>.
<P>It is not possible to grant any permissions to the issuer of the
<B>uss</B> command. As the last step in account creation, the
<B>uss</B> command interpreter automatically deletes that person from any
ACLs set during the creation process.
</DL>
<P><B>The E Instruction for Creating a Single-line File</B>
<A NAME="IDX4131"></A>
<A NAME="IDX4132"></A>
<A NAME="IDX4133"></A>
<A NAME="IDX4134"></A>
<A NAME="IDX4135"></A>
<A NAME="IDX4136"></A>
<P>The <B>E</B> instruction in a <B>uss</B> template file creates a
file by echoing a specified character string into it. Its intended use
is to create files in the user home directory created by the <B>V</B>
instruction in the template file, or in a subdirectory created by a
<B>D</B> instruction.
<P>Any number of <B>E</B> instructions can appear in the template
file. If the file resides in a directory created by a <B>D</B>
instruction, the <B>E</B> instruction must follow the <B>D</B>
instruction in the file.
<P>The <B>E</B> and <B>F</B> instructions have complementary
advantages. The character string echoed into the file by an
<B>E</B> instruction can be customized for each user, because it can
include the standard variables for which the <B>uss</B> command
interpreter substitutes the values specified by arguments to the <B>uss
add</B> command or fields in a bulk input file <B>add</B>
instruction. In contrast, a file created using the <B>F</B>
instruction cannot include variables and so has the same content for all
users. However, a file created by an <B>E</B> instruction can be a
single line only, because no carriage returns (newline characters) are allowed
in the character string.
<P>Although it is possible to use the <B>E</B> instruction to create a
file on the local disk of the machine where the <B>uss</B> command is
issued, it is not recommended. The preferred method for automated
creation of files on a local disk is the <B>package</B> program.
The main complication is that designating any user other than the issuer as
the new file's owner requires logging onto the machine as the local
superuser <B>root</B>. For local disk files, only the local
superuser <B>root</B> is allowed to issue the UNIX <B>chown</B>
command that the <B>uss</B> command interpreter invokes to change the
owner from the default value (the file's creator, which in this case is
the issuer of the <B>uss</B> command). The issuer must then also
use the <B>-admin</B> argument to the <B>uss add</B> or <B>uss
bulk</B> command to authenticate as a privileged AFS administrator, which is
required for creating the Authentication Database and Protection Database
entries that the <B>uss</B> command interpreter always creates for a new
account.
<P>The instruction has the following syntax:
<PRE> <B>E</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> "<VAR>contents</VAR>"
</PRE>
<P>where
<DL>
<P><DT><B>E
</B><DD>Indicates a file creation instruction. It must be a capital
letter.
<P><DT><B><VAR>pathname</VAR>
</B><DD>Specifies the file's full pathname. It can include
variables.
<P>Specify the read/write path to the file, to avoid the failure that results
from attempting to create a new file in a read-only volume. By
convention, the read/write path is indicated by placing a period before the
cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
reference page for the <B>fs mkmount</B> command.
<P><DT><B><VAR>mode_bits</VAR>
</B><DD>Sets the file's UNIX mode bits. Acceptable values are the
standard three- or four-digit numbers corresponding to combinations of
permissions. Examples: <B>755</B> corresponds to
<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
<P><DT><B><VAR>owner</VAR>
</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
the file's owner in the output from the UNIX <B>ls -l</B>
command. If the file resides in AFS, place the $UID variable in this
field. If the file resides on the local disk, specify the username or
UID of the <B>uss</B> command's issuer; otherwise, the account
creation operation halts immediately.
<P><DT><B><VAR>contents</VAR>
</B><DD>Specifies the one-line character string to write into the new file.
Surround it with double quotes if it contains one or more spaces. It
cannot contain the newline character, but can contain any of the standard
variables, which the command interpreter resolves as it creates the
file.
</DL>
<P><A NAME="SPTWQ6"></A><B>The F Instruction for Creating a File
from a Prototype</B>
<A NAME="IDX4137"></A>
<A NAME="IDX4138"></A>
<A NAME="IDX4139"></A>
<A NAME="IDX4140"></A>
<A NAME="IDX4141"></A>
<A NAME="IDX4142"></A>
<P>The <B>F</B> instruction in a <B>uss</B> template file creates a
file by copying the contents of an existing file (the <I>prototype</I>)
into it. Its intended use is to create files in the user home directory
created by the <B>V</B> instruction in the template file, or in a
subdirectory created by a <B>D</B> instruction.
<P>Any number of <B>F</B> instructions can appear in the template
file. If the file resides in a directory created by a <B>D</B>
instruction, the <B>F</B> instruction must follow the <B>D</B>
instruction in the file.
<P>The <B>E</B> and <B>F</B> instructions have complementary
advantages. A file created using the <B>F</B> instruction has the
same content for all users, whereas a file created by an <B>E</B>
instruction can be customized for each user if it includes variables.
However, a file created by an <B>E</B> instruction can be a single line
only, whereas the prototype file copied by an <B>F</B> instruction can be
any length.
<P>Although it is possible to use the <B>F</B> instruction to create a
file on the local disk of the machine where the <B>uss</B> command is
issued, it is not recommended. The preferred method for automated
creation of files on a local disk is the <B>package</B> program.
The main complication is that designating any user other than the issuer as
the new file's owner requires logging onto the machine as the local
superuser <B>root</B>. For local disk files, only the local
superuser <B>root</B> is allowed to issue the UNIX <B>chown</B>
command that the <B>uss</B> command interpreter invokes to change the
owner from the default value (the file's creator, which in this case is
the issuer of the <B>uss</B> command). The issuer must then also
use the <B>-admin</B> argument to the <B>uss add</B> or <B>uss
bulk</B> command to authenticate as a privileged AFS administrator, which is
required for creating the Authentication Database and Protection Database
entries that the <B>uss</B> command interpreter always creates for a new
account.
<P>The instruction has the following syntax:
<PRE> <B>F</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>prototype_file</VAR>
</PRE>
<P>where
<DL>
<P><DT><B>F
</B><DD>Indicates a file creation instruction. It must be a capital
letter.
<P><DT><B><VAR>pathname</VAR>
</B><DD>Specifies the full pathname of the file to create, including the
filename. It can include variables.
<P>Specify the read/write path to the file, to avoid the failure that results
from attempting to create a new file in a read-only volume. By
convention, the read/write path is indicated by placing a period before the
cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
reference page for the <B>fs mkmount</B> command.
<P><DT><B><VAR>mode_bits</VAR>
</B><DD>Sets the file's UNIX mode bits. Acceptable values are the
standard three- or four-digit numbers corresponding to combinations of
permissions. Examples: <B>755</B> corresponds to
<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
<P><DT><B><VAR>owner</VAR>
</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
the file's owner in the output from the UNIX <B>ls -l</B>
command. If the file resides in AFS, place the $UID variable in this
field. If the file resides on the local disk, specify the username or
UID of the <B>uss</B> command's issuer; otherwise, the account
creation operation halts immediately.
<P><DT><B><VAR>prototype_file</VAR>
</B><DD>Names the AFS or local disk directory that houses the prototype file to
copy. The prototype file's name must match the final element in
the <VAR>pathname</VAR> field.
</DL>
<P><A NAME="SPTWQ7"></A><B>The G Instruction for Facilitating Even
Distribution of Home Directories</B>
<A NAME="IDX4143"></A>
<A NAME="IDX4144"></A>
<A NAME="IDX4145"></A>
<A NAME="IDX4146"></A>
<A NAME="IDX4147"></A>
<A NAME="IDX4148"></A>
<P>The <B>G</B> instruction in a <B>uss</B> template file creates a
directory as one of the set of directories from which the <B>uss</B>
command interpreter selects when choosing a new user home directory's
parent directory. More specifically, when the $AUTO variable appears in
the <VAR>mount_point</VAR> field of a <B>V</B> instruction, the command
interpreter substitutes for it the directory defined by a <B>G</B>
instruction that currently has the fewest entries.
<P>The instruction's intended use is to distribute user accounts evenly
among several directories, rather than using directories that reflect
divisions such as departmental affiliation. Distributing home
directories in this fashion is useful mainly in very large cells where storing
all user home directories under a single parent directory potentially slows
directory lookup, or where a workplace-based division results in unevenly
sized directories such that some users consistently experience slower
directory lookup than others. See the chapter on <B>uss</B> in the
<I>IBM AFS Administration Guide</I> for more information.
<P>Any number of <B>G</B> instructions can appear in the template
file. If the <B>V</B> instruction includes the $AUTO variable, it
must appear after all of the <B>G</B> instructions in the file.
<P>The instruction has the following syntax:
<PRE> <B>G</B> <VAR>directory</VAR>
</PRE>
<P>where
<DL>
<P><DT><B>G
</B><DD>Indicates an instruction that creates a directory to be considered as a
value for the $AUTO variable. It must be a capital letter.
<P><DT><B><VAR>directory</VAR>
</B><DD>Specifies the directory's name as either a complete pathname or only
the directory name. The choice determines the appropriate format for
the <VAR>mount_point</VAR> field of a <B>V</B> instruction, as discussed in
the following example.
<P>Specify the read/write path to the directory, to avoid the failure that
results from attempting to create a new mount point in a read-only volume when
the $AUTO variable is used in a <B>V</B> instruction's
<VAR>mount_point</VAR> field. By convention, the read/write path is
indicated by placing a period before the cell name at the pathname's
second level (for example, <B>/afs/.abc.com</B>). For
further discussion of the concept of read/write and read-only paths through
the filespace, see the reference page for the <B>fs mkmount</B>
command.
</DL>
<P><B>The L and S Instructions for Creating a Link</B>
<A NAME="IDX4149"></A>
<A NAME="IDX4150"></A>
<A NAME="IDX4151"></A>
<A NAME="IDX4152"></A>
<A NAME="IDX4153"></A>
<A NAME="IDX4154"></A>
<A NAME="IDX4155"></A>
<A NAME="IDX4156"></A>
<A NAME="IDX4157"></A>
<A NAME="IDX4158"></A>
<A NAME="IDX4159"></A>
<A NAME="IDX4160"></A>
<A NAME="IDX4161"></A>
<P>The <B>L</B> instruction in a <B>uss</B> template file creates a
hard link between two files, as achieved by the standard UNIX <B>ln</B>
command. The <B>S</B> instruction creates a symbolic link between
two files, as achieved by the standard UNIX <B>ln -s</B> command. A
full explanation of links is beyond the scope of this document, but the basic
effect is to create a second name for an existing file, enabling access via
either name. Creating a link does not create a second copy of the
file.
<P>AFS allows hard links only if the linked files reside in the same
directory, because it becomes difficult to determine which access control list
(ACL) applies to the file if the two copies reside in directories with
different ACLs. AFS allows symbolic links between two files that reside
in different directories, or even different volumes. The File Server
uses the ACL associated with the actual file rather than the link.
<P>Any number of <B>L</B> and <B>S</B> instructions can appear in the
template file. If the existing file or link is to reside in a directory
created by a <B>D</B> instruction, or if the existing file was created by
an <B>E</B> or <B>F</B> instruction, the <B>L</B> or <B>S</B>
instruction must follow the <B>D</B>, <B>E</B>, or <B>F</B>
instruction.
<P>The instructions share the following syntax:
<PRE> <B>L</B> <VAR>existing_file</VAR> <VAR>link</VAR>
<B>S</B> <VAR>existing_file</VAR> <VAR>link</VAR>
</PRE>
<P>where
<DL>
<P><DT><B>L
</B><DD>Indicates a hard link creation instruction. It must be a capital
letter.
<P><DT><B>S
</B><DD>Indicates a symbolic link creation instruction. It must be a
capital letter.
<P><DT><B><VAR>existing_file</VAR>
</B><DD>Specifies the complete pathname of the existing file.
<P><DT><B><VAR>link</VAR>
</B><DD>Specifies the complete pathname of the second name for the file.
<P>Specify the read/write path to the link, to avoid the failure that results
from attempting to create a new link in a read-only volume. By
convention, the read/write path is indicated by placing a period before the
cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
reference page for the <B>fs mkmount</B> command.
</DL>
<P><A NAME="SPTWQ8"></A><B>The V Instruction for Creating and
Mounting a Volume</B>
<A NAME="IDX4162"></A>
<A NAME="IDX4163"></A>
<A NAME="IDX4164"></A>
<A NAME="IDX4165"></A>
<A NAME="IDX4166"></A>
<A NAME="IDX4167"></A>
<A NAME="IDX4168"></A>
<A NAME="IDX4169"></A>
<A NAME="IDX4170"></A>
<A NAME="IDX4171"></A>
<A NAME="IDX4172"></A>
<A NAME="IDX4173"></A>
<A NAME="IDX4174"></A>
<A NAME="IDX4175"></A>
<A NAME="IDX4176"></A>
<A NAME="IDX4177"></A>
<A NAME="IDX4178"></A>
<A NAME="IDX4179"></A>
<A NAME="IDX4180"></A>
<P>The <B>V</B> instruction in a <B>uss</B> template file creates a
volume on a specified file server machine and partition and creates an entry
for it in the Volume Location Database (VLDB). It mounts the volume at
a location in the AFS file space that becomes the user's home directory,
then designates the directory's owner and sets its access control list
(ACL).
<P>Only one <B>V</B> instruction can appear in the template file, and one
must appear if the template file contains any instructions at all (is not
empty). All other instructions are optional, except that the template
must include <B>G</B> instructions if the $AUTO variable appears in
it. (The <B>V</B> instruction is not necessarily the first line in
the template. If the template includes the $AUTO variable, then the
<B>G</B> instructions which provide values for the variable must precede
it in the file.)
<P>The instruction has the following syntax:
<PRE> <B>V</B> <VAR>volume_name</VAR> <VAR>server</VAR> <VAR>partition</VAR> <VAR>quota</VAR> <VAR>mount_point</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
</PRE>
<P>where
<DL>
<P><DT><B>V
</B><DD>Indicates a volume creation instruction. It must be a capital
letter.
<P><DT><B><VAR>volume_name</VAR>
</B><DD>Specifies the volume's name. To follow the convention for AFS
user volume names, specify the value <B>user.$USER</B>.
Provide a value for the $USER variable via the <B>uss add</B>
command's <B>-user</B> argument or the <VAR>username</VAR> field in the
bulk input file <B>add</B> instruction.
<P><DT><B><VAR>server</VAR>
</B><DD>Names the file server machine on which to create the new user's
volume. It is best to provide the fully-qualified hostname (for
example, <B>fs1.abc.com</B>), but an abbreviated form is
acceptable provided that the cell's naming service is available to
resolve it at the time the volume is created. To read in the value from
the <B>uss add</B> command's <B>-server</B> argument, specify the
value <B>$SERVER</B>.
<P><DT><B><VAR>partition</VAR>
</B><DD>Specifies the partition on which to create the user's volume; it
must be on the file server machine named in the <VAR>server</VAR> field.
Identify the partition by its complete name (for example, <B>/vicepa</B>)
or use or use one of the following abbreviations.
<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
<B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
</PRE>
<P>
<P>After <B>/vicepz</B> (for which the index is 25) comes
<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
<B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
</PRE>
<P>and so on through
<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
</PRE>
<P>To read in the value from the <B>uss add</B> command's
<B>-partition</B> argument, specify the value <B>$PART</B>.
<P><DT><B><VAR>quota</VAR>
</B><DD>Sets the maximum number of kilobyte blocks the volume can occupy on the
file server machine's disk. Specify an integer constant if all
volumes have the same quota (<B>1024</B> equals a megabyte), or use one of
the number variables ($1 through $9) to assign different values to different
volumes.
<P><DT><B><VAR>mount_point</VAR>
</B><DD>Creates a mount point for the volume, which serves as the volume's
root directory. Include the $USER variable as part of the pathname to
follow the convention that user home directory names include the
username.
<P>Specify the read/write path to the mount point, to avoid the failure that
results from attempting to create a new mount point in a read-only
volume. By convention, the read/write path is indicated by placing a
period before the cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). If the $AUTO variable appears
in this field, the directories named by each <B>G</B> instruction possibly
already indicate the read/write path. For further discussion of the
concept of read/write and read-only paths through the filespace, see the
reference page for the <B>fs mkmount</B> command..
<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If used, the $MTPT variable in this field takes its value from the <B>uss
add</B> command's <B>-mount</B> argument or from the
<VAR>mount_point</VAR> field of an <B>add</B> instruction in the bulk input
file. However, subsequent uses of the $MTPT variable (usually in
following <B>D</B>, <B>E</B>, or <B>F</B> instructions) take as
their value the complete contents of this field.
</TD></TR></TABLE>
<P><DT><B><VAR>owner</VAR>
</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
the mount point's owner in the output from the UNIX <B>ls -ld</B>
command. To follow the convention for home directory ownership, place
the value <B>$UID</B> in this field.
<P><DT><B><VAR>ACL</VAR>
</B><DD>Sets the ACL on the new directory. Provide one or more paired
values, each pair consisting of an AFS username or group name and the desired
permissions, in that order. Separate the two parts of the pair, and
each pair, with a space. The <B>fs setacl</B> reference page
describes the available permissions.
<P>Grant all permissions to the new user at least. The appropriate
value is <B>$USER all</B>.
<P>AFS automatically grants the <B>system:administrators</B> group
all permissions as well. It is not possible to grant any permissions to
the issuer of the <B>uss</B> command. As the last step in account
creation, the <B>uss</B> command interpreter automatically deletes that
user from any ACLs set during the creation process.
</DL>
<P><A NAME="SPTWQ9"></A><B>The X Instruction for Running a
Command</B>
<A NAME="IDX4181"></A>
<A NAME="IDX4182"></A>
<A NAME="IDX4183"></A>
<P>The <B>X</B> instruction in a <B>uss</B> template file runs the
indicated command, which can be a standard UNIX or AFS command. It can
include any variables from the template file, which the <B>uss</B> command
interpreter resolves before passing the command on to the appropriate other
command interpreter. It must be a single line only, however (cannot
contain carriage returns or newline characters).
<P>Any number of <B>X</B> instructions can appear in the template
file. If an instruction manipulates an element created by another
instruction, it must follow that instruction in the file.
<P>The instruction has the following syntax:
<PRE> <B>X "</B><VAR>command</VAR><B>"</B>
</PRE>
<P>where
<DL>
<P><DT><B>X
</B><DD>Indicates a command execution instruction. It must be a capital
letter.
<P><DT><B><VAR>command</VAR>
</B><DD>Specifies the command to run. Surround it with double quotes as
shown if it contains one or more spaces. It can contain any variables
from the template file, but not newline characters.
</DL>
<P><STRONG>Examples</STRONG>
<P>The following example <B>A</B> instruction sets a password lifetime of
254 days, prohibits password reuse, limits the number of consecutive failed
authentication attempts to nine and sets the corresponding locktime to
25:30 minutes (which is a multiple of 8.5 minutes). The
username is read in from the <B>-user</B> argument to the <B>uss
add</B> command or from the <I>username</I> field in each <B>add</B>
instruction in a bulk input file.
<PRE> A $USER 254 noreuse 9 25:30
</PRE>
<P>The following example <B>D</B> instruction creates a directory called
<I>public</I> in a new user's home directory, designates the user as
the directory's owner, and grants him or her all ACL permissions.
<PRE> D $MTPT/public 0755 $UID $USER all
</PRE>
<P>The following example <B>E</B> instruction creates a file in the
current working directory called
<VAR>username</VAR>.<B>etcp</B>. The contents are an entry
suitable for incorporating into the cell's global
<B>/etc/password</B> file.
<PRE> E $USER.etcp 0644 root "$USER:X:$UID:10:$NAME:$MTPT:/bin/csh"
</PRE>
<P>The following example <B>F</B> instruction, appropriate for the ABC
Corporation cell, copies a prototype <B>.login</B> file into the
user's home directory.
<PRE> F $MTPT/.login 0644 $UID /afs/abc.com/common/uss/skel/.login
</PRE>
<P>In the following example, the State University cell's administrators
have decided to distribute user home directories evenly into three
directories. They define three <B>G</B> instructions:
<PRE> G usr1
G usr2
G usr3
</PRE>
<P>and then put the following value in the <I>mount_point</I> field of the
<B>V</B> instruction:
<PRE> /afs/stateu.edu/$AUTO/$USER
</PRE>
<P>Alternatively, if they include the entire directory pathname in the
<B>G</B> instruction:
<PRE> G /afs/stateu.edu/usr1
G /afs/stateu.edu/usr2
G /afs/stateu.edu/usr3
</PRE>
<P>then the <I>mount_point</I> field of the <B>V</B> instruction
specifies only the following:
<PRE> $AUTO/$USER
</PRE>
<P>The following example <B>L</B> instruction creates a hard link between
the files <B>mail</B> and <B>mbox</B> in the user's home
directory.
<PRE> L $MTPT/mbox $MTPT/mail
</PRE>
<P>The following example <B>S</B> instruction, appropriate for the ABC
Corporation cell, links the file <B>Mail/outgoing</B> in the user's
home directory to the file
<B>/afs/abc.com/common/mail/outgoing</B>.
<PRE> S /afs/abc.com/common/mail/outgoing $MTPT/Mail/outgoing
</PRE>
<P>The following example <B>V</B> instruction creates a volume called
<B>user.</B><VAR>username</VAR> on the <B>/vicepa</B> partition
of the specified file server machine, assigning it a quota of 3000 kilobyte
blocks. The mount point is under <B>/afs/abc.com/usr</B> and
matches the username (the value of the $USER variable). The user owns
the home directory and has all access rights to it. The instruction
appears on two lines only for legibility; it must appear on a single line
in the template file.
<PRE> V user.$USER $SERVER.abc.com /vicepa 3000 \
/afs/abc.com/usr/$USER $UID $USER all
</PRE>
<P>The following example <B>X</B> instruction mounts the backup version of
the user's volume at the <B>OldFiles</B> subdirectory.
<PRE> X "fs mkm /afs/abc.com/usr/$USER/OldFiles user.$USER.backup"
</PRE>
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
<P><A HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf054.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf056.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<!-- Begin Footer Records ========================================== -->
<P><HR><B>
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
</B>
<!-- End Footer Records ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>
Reference in New Issue Copy Permalink