Administration Reference

pts createuser

Purpose

Creates a user or machine entry in the Protection Database

Synopsis

pts createuser -name <user name>+  [-id <user id>+]  [-cell <cell name>]  
               [-noauth]  [-force]  [-help]
   
pts createu -na <user name>+  [-i <user id>+]  [-c <cell name>]  
            [-no] [-f]  [-h]
   
pts cu -na <user name>+  [-i <user id>+]  [-c <cell name>]  [-no] [-f]  [-h]

Description

The pts createuser command creates an entry in the Protection Database for each user or machine specified by the -name argument. A user entry name becomes the user's AFS username (the one to provide when authenticating with the AFS Authentication Server). A machine entry's name is the machine's IP address or a wildcard notation that represents a range of consecutive IP addresses (a group of machines on the same network). It is not possible to authenticate as a machine, but a group to which a machine entry belongs can appear on a directory's access control list (ACL), thereby granting the indicated permissions to any user logged on to the machine.

AFS user IDs (AFS UIDs) are positive integers and by default the Protection Server assigns an AFS UID that is one greater than the current value of the max user id counter in the Protection Database, incrementing the counter by one for each user. To assign a specific AFS UID, use the -id argument. If any of the specified AFS UIDs is greater than the current value of the max user id counter, the counter is reset to that value. It is acceptable to specify an AFS UID smaller than the current value of the counter, but the creation operation fails if an existing user or machine entry already has it. To display or set the value of the max user id counter, use the pts listmax or pts setmax command, respectively.

The issuer of the pts createuser command is recorded as the entry's creator and the group system:administrators as its owner.

Cautions

The Protection Server reserves AFS UID 0 (zero) and returns an error if the -id argument has that value.

Options

-name

Specifies either a username for a user entry, or an IP address (complete or wildcarded) for a machine entry:

• A username can include up to 63 numbers and lowercase letters, but it is best to make it shorter than eight characters, because many application programs cannot handle longer names. Also, it is best not to include shell metacharacters or other punctuation marks. In particular, the colon (:) and at-sign (@) characters are not acceptable. The period is generally used only in special administrative names, to separate the username and an instance, as in the example pat.admin.

• A machine identifier is its IP address in dotted decimal notation (for example, 192.12.108.240), or a wildcard notation that represents a set of IP addresses (a group of machines on the same network). The following are acceptable wildcard formats. The letters W, X, Y and Z each represent an actual number from the range 1 through 255.

  • W.X.Y.Z represents a single machine, for example 192.12.108.240.

  • W.X.Y.0 matches all machines whose IP addresses start with the first three numbers. For example, 192.12.108.0 matches both 192.12.108.119 and 192.12.108.120, but does not match 192.12.105.144.

  • W.X.0.0 matches all machines whose IP addresses start with the first two numbers. For example, the address 192.12.0.0 matches both 192.12.106.23 and 192.12.108.120, but does not match 192.5.30.95.

  • W.0.0.0 matches all machines whose IP addresses start with the first number in the specified address. For example, the address 192.0.0.0 matches both 192.5.30.95 and 192.12.108.120, but does not match 138.255.63.52.

  Do not define a machine entry with the name 0.0.0.0 to match every machine. The system:anyuser group is equivalent.

-id

Specifies an AFS UID for each user or machine entry, rather than allowing the Protection Server to assign it. Provide a positive integer.

If this argument is used and the -name argument names multiple new entries, it is best to provide an equivalent number of AFS UIDs. The first UID is assigned to the first entry, the second to the second entry, and so on. If there are fewer UIDs than entries, the Protection Server assigns UIDs to the unmatched entries based on the max user id counter. If there are more UIDs than entries, the excess UIDs are ignored. If any of the UIDs is greater than the current value of the max user id counter, the counter is reset to that value.

-cell

Names the cell in which to run the command. For more details, see the introductory pts reference page.

-noauth

Assigns the unprivileged identity anonymous to the issuer. For more details, see the introductory pts reference page.

-force

Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.

-help

Prints the online help for this command. All other valid options are ignored.

Output

The command generates the following string to confirm creation of each user:

   User name has id id
   

Examples

The following example creates a Protection Database entry for the user johnson.

   % pts createuser -name johnson
   

The following example creates three wildcarded machine entries in the ABC Corporation cell. The three entries encompass all of the machines on the company's networks without including machines on other networks:

   % pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0
   

Privilege Required

The issuer must belong to the system:administrators group.

Related Information

pts

pts listmax

pts setmax