Administration Reference

uss Template File

Purpose

Provides instructions for the uss add command

Description

The uss template file defines the components of an AFS user account that the uss add command (or add instruction in a uss bulk input file) creates. Use the -template argument to the uss add or uss bulk command to identify the template file.

Summary of Template File Instructions

The template file can include the following instructions, each on its own line. A more detailed description of each instruction's syntax follows this list.

A

Imposes restrictions on user passwords and authentication attempts

D

Creates a directory

E

Creates a single-line file

F

Creates a file by copying a prototype

G

Defines a directory that is one of a set of parent directories into which the uss command interpreter evenly distributes newly created home directories

L

Creates a hard link

S

Creates a symbolic link

V

Creates a volume, mounts it in the file space and sets the ACL on the mount point

X

Executes a command

If the template file is empty (zero-length), the uss add command or add instruction in a bulk input file only creates an entry in the Protection and Authentication Databases, naming them according to the name specified with the uss add command's -user argument, or in the bulk input file add instruction's username field.

The A Instruction for Setting the Default Treatment of Volumes

The A instruction in a uss template file enhances cell security by imposing the following restrictions on users' password choice and authentication attempts. For further information on these limits, see the IBM AFS Administration Guide and the kas setfields reference page.

• Limiting the user's password lifetime. When the lifetime expires, the user can no longer authenticate using that password, and must change it.

• Prohibiting the reuse of the user's 20 most recently used passwords.

• Limiting the number of consecutive times that a user can provide an incorrect password during authentication, and for how long the Authentication Server refuses further authentication attempts after the limit is exceeded (referred to as an account lockout). For regular user accounts in most cells, the recommended limit is nine and lockout time is 25 minutes.

The instruction has the following syntax:

   A  username  password_lifetime  password_reuse  failures  locktime
   

where

A

Indicates a security-enhancing instruction. It must be a capital letter.

username

Names the Authentication Database entry on which to impose security restrictions. Specify the value $USER to read in the username from the uss add command's -user argument, or from the username field of an add instruction in a bulk input file.

password_lifetime

Sets the number of days after the user's password is changed that it remains valid. When the password becomes invalid (expires), the user is unable to authenticate, but has 30 more days in which to issue the kpasswd command to change the password (after that, only an administrator can change it).

Specify an integer from the range 1 through 254 to specify the number of days until expiration, the value 0 to indicate that the password never expires, or the value $PWEXPIRES to read in the number of days from the uss add or uss bulk command's -pwexpires argument. If the A instruction does not appear in the template file, the default is for the user's password never to expire.

password_reuse

Determines whether or not the user can change his or her password (using the kpasswd or kas setpassword command) to one that is similar to any of the last twenty passwords. The acceptable values are reuse to allow reuse and noreuse to prohibit it. If the A instruction does not appear in the template file, the default is to allow password reuse.

failures

Sets the number of consecutive times the user can provide an incorrect password during authentication (using the klog command or a login utility that grants AFS tokens). When the user exceeds the limit, the Authentication Server rejects further authentication attempts for the amount of time specified in the locktime field.

Specify an integer from the range 1 through 254 to specify the number of failures permitted, or the value 0 to indicate that there is no limit to the number of unsuccessful attempts. If the A instruction does not appear in the template file, the default is to allow an unlimited number of failures.

locktime

Specifies how long the Authentication Server refuses authentication attempts from a user who has exceeded the failure limit set in the failures field.

Specify a number of hours and minutes (hh:mm) or minutes only (mm), from the range 01 (one minute) through 36:00 (36 hours). The Authentication Server automatically reduces any larger value to 36:00 and also rounds up any non-zero value to the next higher multiple of 8.5 minutes. A value of 0 (zero) sets an infinite lockout time; an administrator must always issue the kas unlock command to unlock the account.

The D Instruction for Creating a Directory

The D instruction in a uss template file creates a directory. Its intended use is to create a subdirectory in the user home directory created by the V instruction in the template file.

Any number of D instructions can appear in the template file. If any variables in the instruction take their values from the V instruction (notably, the $MTPT variable), the instruction must follow the V instruction in the file.

Although it is possible to use the D instruction to create a directory on the local disk of the machine where the uss command is issued, it is not recommended. The preferred method for automated creation of directories on a local disk is the package program. Two complications arise if the pathname field refers to a local disk directory:

• The uss command prints a warning message because it cannot associate an access control list (ACL) with a local disk directory. It creates the directory nonetheless, and some syntactically correct value must appear in the instruction's ACL field.

• To designate any user other than the issuer as the new directory's owner, the issuer must log onto the machine as the local superuser root. For local disk directories, only the local superuser root is allowed to issue the UNIX chown command that the uss command interpreter invokes to change the owner from the default value (the directory's creator, which in this case is the issuer of the uss command). The issuer must then also use the -admin argument to the uss add or uss bulk command to authenticate as a privileged AFS administrator, which is required for creating the Authentication Database and Protection Database entries that the uss command interpreter always creates for a new account.

The instruction has the following syntax:

   D  pathname  mode_bits  owner  ACL
   

where

D

Indicates a directory creation instruction. It must be a capital letter.

pathname

Specifies the directory's full pathname. It can include variables.

Specify the read/write path to the directory, to avoid the failure that results from attempting to create a new directory in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the reference page for the fs mkmount command.

mode_bits

Sets the directory's UNIX mode bits. Acceptable values are the standard three- or four-digit numbers corresponding to combinations of permissions. Examples: 755 corresponds to rwxr-xr-x, and 644 to rw-r--r--. The first (owner) x bit must be turned on to enable access to a directory.

owner

Specifies the username or UNIX user ID (UID) of the user to be designated the directory's owner in the output from the UNIX ls -ld command. If the directory resides in AFS, place the $UID variable in this field. If the directory resides on the local disk, this field must be the username or UID of the uss command's issuer, unless the issuer is logged in as the local superuser root.

ACL

Sets the ACL on the new directory. It must appear even if the new directory resides on the local disk rather than in AFS, but is ignored in that case. Provide one or more paired values, each pair consisting of an AFS username or group name and the desired permissions, in that order. Separate the two parts of the pair, and each pair, with a space. The fs setacl reference page describes the available permissions.

For an AFS directory, grant all permissions to the directory's owner at least. Usually that is the new user, in which case the appropriate value is $USER all.

It is not possible to grant any permissions to the issuer of the uss command. As the last step in account creation, the uss command interpreter automatically deletes that person from any ACLs set during the creation process.

The E Instruction for Creating a Single-line File

The E instruction in a uss template file creates a file by echoing a specified character string into it. Its intended use is to create files in the user home directory created by the V instruction in the template file, or in a subdirectory created by a D instruction.

Any number of E instructions can appear in the template file. If the file resides in a directory created by a D instruction, the E instruction must follow the D instruction in the file.

The E and F instructions have complementary advantages. The character string echoed into the file by an E instruction can be customized for each user, because it can include the standard variables for which the uss command interpreter substitutes the values specified by arguments to the uss add command or fields in a bulk input file add instruction. In contrast, a file created using the F instruction cannot include variables and so has the same content for all users. However, a file created by an E instruction can be a single line only, because no carriage returns (newline characters) are allowed in the character string.

Although it is possible to use the E instruction to create a file on the local disk of the machine where the uss command is issued, it is not recommended. The preferred method for automated creation of files on a local disk is the package program. The main complication is that designating any user other than the issuer as the new file's owner requires logging onto the machine as the local superuser root. For local disk files, only the local superuser root is allowed to issue the UNIX chown command that the uss command interpreter invokes to change the owner from the default value (the file's creator, which in this case is the issuer of the uss command). The issuer must then also use the -admin argument to the uss add or uss bulk command to authenticate as a privileged AFS administrator, which is required for creating the Authentication Database and Protection Database entries that the uss command interpreter always creates for a new account.

The instruction has the following syntax:

   E  pathname  mode_bits  owner  "contents"
   

where

E

Indicates a file creation instruction. It must be a capital letter.

pathname

Specifies the file's full pathname. It can include variables.

Specify the read/write path to the file, to avoid the failure that results from attempting to create a new file in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the reference page for the fs mkmount command.

mode_bits

Sets the file's UNIX mode bits. Acceptable values are the standard three- or four-digit numbers corresponding to combinations of permissions. Examples: 755 corresponds to rwxr-xr-x, and 644 to rw-r--r--.

owner

Specifies the username or UNIX user ID (UID) of the user to be designated the file's owner in the output from the UNIX ls -l command. If the file resides in AFS, place the $UID variable in this field. If the file resides on the local disk, specify the username or UID of the uss command's issuer; otherwise, the account creation operation halts immediately.

contents

Specifies the one-line character string to write into the new file. Surround it with double quotes if it contains one or more spaces. It cannot contain the newline character, but can contain any of the standard variables, which the command interpreter resolves as it creates the file.

The F Instruction for Creating a File from a Prototype

The F instruction in a uss template file creates a file by copying the contents of an existing file (the prototype) into it. Its intended use is to create files in the user home directory created by the V instruction in the template file, or in a subdirectory created by a D instruction.

Any number of F instructions can appear in the template file. If the file resides in a directory created by a D instruction, the F instruction must follow the D instruction in the file.

The E and F instructions have complementary advantages. A file created using the F instruction has the same content for all users, whereas a file created by an E instruction can be customized for each user if it includes variables. However, a file created by an E instruction can be a single line only, whereas the prototype file copied by an F instruction can be any length.

Although it is possible to use the F instruction to create a file on the local disk of the machine where the uss command is issued, it is not recommended. The preferred method for automated creation of files on a local disk is the package program. The main complication is that designating any user other than the issuer as the new file's owner requires logging onto the machine as the local superuser root. For local disk files, only the local superuser root is allowed to issue the UNIX chown command that the uss command interpreter invokes to change the owner from the default value (the file's creator, which in this case is the issuer of the uss command). The issuer must then also use the -admin argument to the uss add or uss bulk command to authenticate as a privileged AFS administrator, which is required for creating the Authentication Database and Protection Database entries that the uss command interpreter always creates for a new account.

The instruction has the following syntax:

   F  pathname  mode_bits  owner  prototype_file
   

where

F

Indicates a file creation instruction. It must be a capital letter.

pathname

Specifies the full pathname of the file to create, including the filename. It can include variables.

Specify the read/write path to the file, to avoid the failure that results from attempting to create a new file in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the reference page for the fs mkmount command.

mode_bits

Sets the file's UNIX mode bits. Acceptable values are the standard three- or four-digit numbers corresponding to combinations of permissions. Examples: 755 corresponds to rwxr-xr-x, and 644 to rw-r--r--.

owner

Specifies the username or UNIX user ID (UID) of the user to be designated the file's owner in the output from the UNIX ls -l command. If the file resides in AFS, place the $UID variable in this field. If the file resides on the local disk, specify the username or UID of the uss command's issuer; otherwise, the account creation operation halts immediately.

prototype_file

Names the AFS or local disk directory that houses the prototype file to copy. The prototype file's name must match the final element in the pathname field.

The G Instruction for Facilitating Even Distribution of Home Directories

The G instruction in a uss template file creates a directory as one of the set of directories from which the uss command interpreter selects when choosing a new user home directory's parent directory. More specifically, when the $AUTO variable appears in the mount_point field of a V instruction, the command interpreter substitutes for it the directory defined by a G instruction that currently has the fewest entries.

The instruction's intended use is to distribute user accounts evenly among several directories, rather than using directories that reflect divisions such as departmental affiliation. Distributing home directories in this fashion is useful mainly in very large cells where storing all user home directories under a single parent directory potentially slows directory lookup, or where a workplace-based division results in unevenly sized directories such that some users consistently experience slower directory lookup than others. See the chapter on uss in the IBM AFS Administration Guide for more information.

Any number of G instructions can appear in the template file. If the V instruction includes the $AUTO variable, it must appear after all of the G instructions in the file.

The instruction has the following syntax:

   G  directory
   

where

G

Indicates an instruction that creates a directory to be considered as a value for the $AUTO variable. It must be a capital letter.

directory

Specifies the directory's name as either a complete pathname or only the directory name. The choice determines the appropriate format for the mount_point field of a V instruction, as discussed in the following example.

Specify the read/write path to the directory, to avoid the failure that results from attempting to create a new mount point in a read-only volume when the $AUTO variable is used in a V instruction's mount_point field. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the reference page for the fs mkmount command.

The L and S Instructions for Creating a Link

The L instruction in a uss template file creates a hard link between two files, as achieved by the standard UNIX ln command. The S instruction creates a symbolic link between two files, as achieved by the standard UNIX ln -s command. A full explanation of links is beyond the scope of this document, but the basic effect is to create a second name for an existing file, enabling access via either name. Creating a link does not create a second copy of the file.

AFS allows hard links only if the linked files reside in the same directory, because it becomes difficult to determine which access control list (ACL) applies to the file if the two copies reside in directories with different ACLs. AFS allows symbolic links between two files that reside in different directories, or even different volumes. The File Server uses the ACL associated with the actual file rather than the link.

Any number of L and S instructions can appear in the template file. If the existing file or link is to reside in a directory created by a D instruction, or if the existing file was created by an E or F instruction, the L or S instruction must follow the D, E, or F instruction.

The instructions share the following syntax:

   L  existing_file  link
   S  existing_file  link
   

where

L

Indicates a hard link creation instruction. It must be a capital letter.

S

Indicates a symbolic link creation instruction. It must be a capital letter.

existing_file

Specifies the complete pathname of the existing file.

link

Specifies the complete pathname of the second name for the file.

Specify the read/write path to the link, to avoid the failure that results from attempting to create a new link in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the reference page for the fs mkmount command.

The V Instruction for Creating and Mounting a Volume

The V instruction in a uss template file creates a volume on a specified file server machine and partition and creates an entry for it in the Volume Location Database (VLDB). It mounts the volume at a location in the AFS file space that becomes the user's home directory, then designates the directory's owner and sets its access control list (ACL).

Only one V instruction can appear in the template file, and one must appear if the template file contains any instructions at all (is not empty). All other instructions are optional, except that the template must include G instructions if the $AUTO variable appears in it. (The V instruction is not necessarily the first line in the template. If the template includes the $AUTO variable, then the G instructions which provide values for the variable must precede it in the file.)

The instruction has the following syntax:

   V  volume_name  server  partition  quota  mount_point owner  ACL
   

where

V

Indicates a volume creation instruction. It must be a capital letter.

volume_name

Specifies the volume's name. To follow the convention for AFS user volume names, specify the value user.$USER. Provide a value for the $USER variable via the uss add command's -user argument or the username field in the bulk input file add instruction.

server

Names the file server machine on which to create the new user's volume. It is best to provide the fully-qualified hostname (for example, fs1.abc.com), but an abbreviated form is acceptable provided that the cell's naming service is available to resolve it at the time the volume is created. To read in the value from the uss add command's -server argument, specify the value $SERVER.

partition

Specifies the partition on which to create the user's volume; it must be on the file server machine named in the server field. Identify the partition by its complete name (for example, /vicepa) or use or use one of the following abbreviations.

   /vicepa     =     vicepa      =      a      =      0
   /vicepb     =     vicepb      =      b      =      1
   

After /vicepz (for which the index is 25) comes

   /vicepaa    =     vicepaa     =      aa     =      26
   /vicepab    =     vicepab     =      ab     =      27
   

and so on through

   /vicepiv    =     vicepiv     =      iv     =      255
    

To read in the value from the uss add command's -partition argument, specify the value $PART.

quota

Sets the maximum number of kilobyte blocks the volume can occupy on the file server machine's disk. Specify an integer constant if all volumes have the same quota (1024 equals a megabyte), or use one of the number variables ($1 through $9) to assign different values to different volumes.

mount_point

Creates a mount point for the volume, which serves as the volume's root directory. Include the $USER variable as part of the pathname to follow the convention that user home directory names include the username.

Specify the read/write path to the mount point, to avoid the failure that results from attempting to create a new mount point in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, /afs/.abc.com). If the $AUTO variable appears in this field, the directories named by each G instruction possibly already indicate the read/write path. For further discussion of the concept of read/write and read-only paths through the filespace, see the reference page for the fs mkmount command..

Note:

If used, the $MTPT variable in this field takes its value from the uss add command's -mount argument or from the mount_point field of an add instruction in the bulk input file. However, subsequent uses of the $MTPT variable (usually in following D, E, or F instructions) take as their value the complete contents of this field.

owner

Specifies the username or UNIX user ID (UID) of the user to be designated the mount point's owner in the output from the UNIX ls -ld command. To follow the convention for home directory ownership, place the value $UID in this field.

ACL

Sets the ACL on the new directory. Provide one or more paired values, each pair consisting of an AFS username or group name and the desired permissions, in that order. Separate the two parts of the pair, and each pair, with a space. The fs setacl reference page describes the available permissions.

Grant all permissions to the new user at least. The appropriate value is $USER all.

AFS automatically grants the system:administrators group all permissions as well. It is not possible to grant any permissions to the issuer of the uss command. As the last step in account creation, the uss command interpreter automatically deletes that user from any ACLs set during the creation process.

The X Instruction for Running a Command

The X instruction in a uss template file runs the indicated command, which can be a standard UNIX or AFS command. It can include any variables from the template file, which the uss command interpreter resolves before passing the command on to the appropriate other command interpreter. It must be a single line only, however (cannot contain carriage returns or newline characters).

Any number of X instructions can appear in the template file. If an instruction manipulates an element created by another instruction, it must follow that instruction in the file.

The instruction has the following syntax:

   X "command"
   

where

X

Indicates a command execution instruction. It must be a capital letter.

command

Specifies the command to run. Surround it with double quotes as shown if it contains one or more spaces. It can contain any variables from the template file, but not newline characters.

Examples

The following example A instruction sets a password lifetime of 254 days, prohibits password reuse, limits the number of consecutive failed authentication attempts to nine and sets the corresponding locktime to 25:30 minutes (which is a multiple of 8.5 minutes). The username is read in from the -user argument to the uss add command or from the username field in each add instruction in a bulk input file.

   A $USER 254 noreuse 9 25:30
   

The following example D instruction creates a directory called public in a new user's home directory, designates the user as the directory's owner, and grants him or her all ACL permissions.

   D $MTPT/public 0755 $UID $USER all 
   

The following example E instruction creates a file in the current working directory called username.etcp. The contents are an entry suitable for incorporating into the cell's global /etc/password file.

   E  $USER.etcp  0644 root "$USER:X:$UID:10:$NAME:$MTPT:/bin/csh"
   

The following example F instruction, appropriate for the ABC Corporation cell, copies a prototype .login file into the user's home directory.

   F $MTPT/.login 0644 $UID /afs/abc.com/common/uss/skel/.login 
   

In the following example, the State University cell's administrators have decided to distribute user home directories evenly into three directories. They define three G instructions:

   G usr1
   G usr2
   G usr3
   

and then put the following value in the mount_point field of the V instruction:

   /afs/stateu.edu/$AUTO/$USER
   

Alternatively, if they include the entire directory pathname in the G instruction:

   G /afs/stateu.edu/usr1
   G /afs/stateu.edu/usr2
   G /afs/stateu.edu/usr3
   

then the mount_point field of the V instruction specifies only the following:

   $AUTO/$USER
   

The following example L instruction creates a hard link between the files mail and mbox in the user's home directory.

   L $MTPT/mbox $MTPT/mail
   

The following example S instruction, appropriate for the ABC Corporation cell, links the file Mail/outgoing in the user's home directory to the file /afs/abc.com/common/mail/outgoing.

   S /afs/abc.com/common/mail/outgoing $MTPT/Mail/outgoing
   

The following example V instruction creates a volume called user.username on the /vicepa partition of the specified file server machine, assigning it a quota of 3000 kilobyte blocks. The mount point is under /afs/abc.com/usr and matches the username (the value of the $USER variable). The user owns the home directory and has all access rights to it. The instruction appears on two lines only for legibility; it must appear on a single line in the template file.

   V user.$USER $SERVER.abc.com /vicepa 3000   \
           /afs/abc.com/usr/$USER $UID $USER all 
   

The following example X instruction mounts the backup version of the user's volume at the OldFiles subdirectory.

   X "fs mkm /afs/abc.com/usr/$USER/OldFiles   user.$USER.backup"
   

Related Information

uss Bulk Input File

fs mkmount

uss add

uss bulk