added button GIF's to the HTML docs

[openafs.git] / doc / html / AdminReference / auarf243.htm

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records  ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID      -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30                -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved    --> 
<BODY bgcolor="ffffff"> 
<!-- End Header Records  ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf242.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf244.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<P>
<H2><A NAME="HDRUSS_ADD" HREF="auarf002.htm#ToC_257">uss add</A></H2>
<A NAME="IDX5517"></A>
<A NAME="IDX5518"></A>
<A NAME="IDX5519"></A>
<A NAME="IDX5520"></A>
<A NAME="IDX5521"></A>
<A NAME="IDX5522"></A>
<A NAME="IDX5523"></A>
<A NAME="IDX5524"></A>
<A NAME="IDX5525"></A>
<A NAME="IDX5526"></A>
<A NAME="IDX5527"></A>
<A NAME="IDX5528"></A>
<A NAME="IDX5529"></A>
<A NAME="IDX5530"></A>
<A NAME="IDX5531"></A>
<A NAME="IDX5532"></A>
<A NAME="IDX5533"></A>
<A NAME="IDX5534"></A>
<A NAME="IDX5535"></A>
<P><STRONG>Purpose</STRONG>
<P>Creates a user account
<P><STRONG>Synopsis</STRONG>
<PRE><B>uss add -user</B> &lt;<VAR>login&nbsp;name</VAR>>  [<B>-realname</B> &lt;<VAR>full&nbsp;name&nbsp;in&nbsp;quotes</VAR>>]
        [<B>-pass</B> &lt;<VAR>initial&nbsp;password</VAR>>]  
        [<B>-pwexpires</B> &lt;<VAR>password&nbsp;expires&nbsp;in&nbsp;[0..254]&nbsp;days&nbsp;(0&nbsp;=>&nbsp;never)</VAR>>]
        [<B>-server</B> &lt;<VAR>FileServer&nbsp;for&nbsp;home&nbsp;volume</VAR>>] 
        [<B>-partition</B> &lt;<VAR>FileServer's&nbsp;disk&nbsp;partition&nbsp;for&nbsp;home&nbsp;volume</VAR>>] 
        [<B>-mount</B> &lt;<VAR>home&nbsp;directory&nbsp;mount&nbsp;point</VAR>>]  
        [<B>-uid</B> &lt;<VAR>uid&nbsp;to&nbsp;assign&nbsp;the&nbsp;user</VAR>>]
        [<B>-template</B> &lt;<VAR>pathname&nbsp;of&nbsp;template&nbsp;file</VAR>>] 
        [<B>-verbose</B>]  [<B>-var</B> &lt;<VAR>auxiliary&nbsp;argument&nbsp;pairs&nbsp;(Num&nbsp;val)</VAR>><SUP>+</SUP>] 
        [<B>-cell</B> &lt;<VAR>cell&nbsp;name</VAR>>]  [<B>-admin</B> &lt;<VAR>administrator&nbsp;to&nbsp;authenticate</VAR>>]
        [<B>-dryrun</B>]  [<B>-skipauth</B>]  [<B>-overwrite</B>]  [<B>-help</B>]
   
<B>uss ad -us</B> &lt;<VAR>login&nbsp;name</VAR>>  [<B>-r</B> &lt;<VAR>full&nbsp;name&nbsp;in&nbsp;quotes</VAR>>]   
       [<B>-pas</B> &lt;<VAR>initial&nbsp;password</VAR>>] 
       [<B>-pw</B> &lt;<VAR>password&nbsp;expires&nbsp;in&nbsp;[0..254]&nbsp;days&nbsp;(0&nbsp;=>&nbsp;never)</VAR>>]  
       [<B>-se</B> &lt;<VAR>FileServer&nbsp;for&nbsp;home&nbsp;volume</VAR>>] 
       [<B>-par</B> &lt;<VAR>FileServer's&nbsp;disk&nbsp;partition&nbsp;for&nbsp;home&nbsp;volume</VAR>>] 
       [<B>-m</B> &lt;<VAR>home&nbsp;directory&nbsp;mount&nbsp;point</VAR>>]  [<B>-ui</B> &lt;<VAR>uid&nbsp;to&nbsp;assign&nbsp;the&nbsp;user</VAR>>]
       [<B>-t</B> &lt;<VAR>pathname&nbsp;of&nbsp;template&nbsp;file</VAR>>]  [<B>-ve</B>]  
       [<B>-va</B> &lt;<VAR>auxiliary&nbsp;argument&nbsp;pairs&nbsp;(Num&nbsp;val)</VAR>><SUP>+</SUP>]  [<B>-c</B> &lt;<VAR>cell&nbsp;name</VAR>>]
       [<B>-a</B> &lt;<VAR>administrator&nbsp;to&nbsp;authenticate</VAR>>]  [<B>-d</B>]  [<B>-sk</B>]  [<B>-o</B>]  [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>uss add</B> command creates entries in the Protection Database
and Authentication Database for the user name specified by the
<B>-user</B> argument. By default, the Protection Server
automatically allocates an AFS user ID (UID) for the new user; to specify
an alternate AFS UID, include the <B>-uid</B> argument. If a
password is provided with the <B>-pass</B> argument, it is stored as the
user's password in the Authentication Database after conversion into a
form suitable for use as an encryption key. Otherwise, the string
<B>changeme</B> is assigned as the user's initial password.
<P>The other results of the command depend on which instructions and which of
a defined set of variables appear in the template file specified with the
<B>-template</B> argument. Many of the command's arguments
supply a value for one of the defined variables, and failure to provide an
argument when the corresponding variable appears in the template file halts
the account creation process at the point where the command interpreter first
encounters the variable in the template file.
<P>To create multiple accounts with a single command, use the <B>uss
bulk</B> command. To delete accounts with a single command, use the
<B>uss delete</B> command.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-user
</B><DD>Names the user's Authentication Database and Protection Database
entries. It can include up to eight alphanumeric characters, but not
any of the following characters: <B>:</B> (colon),
<B>@</B> (at-sign), <B>.</B> (period), space, or
newline. Because it becomes the username (the name under which a user
logs in), it is best not to include shell metacharacters and to obey the
restrictions that many operating systems impose on usernames (usually, to
contain no more than eight lowercase letters).
<P>Corresponding variable in the template file: $USER.
<P><DT><B>-realname
</B><DD>Specifies the user's full name. If it contains spaces or
punctuation, surround it with double quotes. If not provided, it
defaults to the user name provided with the <B>-user</B> argument.
<P>Corresponding variable in the template file: $NAME. Many
operating systems include a field for the full name in a user's entry in
the local password file (<B>/etc/passwd</B> or equivalent), and this
variable can be used to pass a value to be used in that field.
<P><DT><B>-pass
</B><DD>Specifies the user's initial password. Although the AFS
commands that handle passwords accept strings of virtually unlimited length,
it is best to use a password of eight characters or less, which is the maximum
length that many applications and utilities accept. If not provided,
this argument defaults to the string <B>changeme</B>.
<P>Corresponding variable in the template file: none.
<P><DT><B>-pwexpires
</B><DD>Sets the number of days after a user's password is changed that it
remains valid. Provide an integer from the range <B>1</B> through
<B>254</B> to specify the number of days until expiration, or the value
<B>0</B> to indicate that the password never expires (the default).
<P>When the password becomes invalid (expires), the user is unable to
authenticate, but has 30 more days in which to issue the <B>kpasswd</B>
command to change the password (after that, only an administrator can change
it).
<P>Corresponding variable in the template file: $PWEXPIRES.
<P><DT><B>-server
</B><DD>Names the file server machine on which to create the new user's
volume. It is best to provide a fully qualified hostname (for example,
<B>fs1.abc.com</B>), but an abbreviated form is acceptable
provided that the cell's naming service is available to resolve it at the
time the volume is created.
<P>Corresponding variable in the template file: $SERVER.
<P><DT><B>-partition
</B><DD>Specifies the partition on which to create the user's volume; it
must be on the file server machine named by the <B>-server</B>
argument. Provide the complete partition name (for example
<B>/vicepa</B>) or one of the following abbreviated forms:
<PRE>   <B>/vicepa</B>     =     <B>vicepa</B>      =      <B>a</B>      =      <B>0</B>
   <B>/vicepb</B>     =     <B>vicepb</B>      =      <B>b</B>      =      <B>1</B>
   
</PRE>
<P>
<P>After <B>/vicepz</B> (for which the index is 25) comes 
<PRE>   <B>/vicepaa</B>    =     <B>vicepaa</B>     =      <B>aa</B>     =      <B>26</B>
   <B>/vicepab</B>    =     <B>vicepab</B>     =      <B>ab</B>     =      <B>27</B>
   
</PRE>
<P>and so on through 
<PRE>   <B>/vicepiv</B>    =     <B>vicepiv</B>     =      <B>iv</B>     =      <B>255</B>
    
</PRE>
<P>
<P>Corresponding variable in the template file: $PART.
<P><DT><B>-mount
</B><DD>Specifies the pathname for the user's home directory. Partial
pathnames are interpreted relative to the current working directory.
<P>Specify the read/write path to the directory, to avoid the failure that
results from attempting to create a new mount point in a read-only
volume. By convention, the read/write path is indicated by placing a
period before the cell name at the pathname's second level (for example,
<B>/afs/.abc.com</B>). For further discussion of the
concept of read/write and read-only paths through the filespace, see the
<B>fs mkmount</B> reference page. 
<P>Corresponding variable in template: $MTPT, but in the template
file's <B>V</B> instruction only. Occurrences of the $MTPT
variable in template instructions that follow the <B>V</B> instruction
take their value from the <B>V</B> instruction's
<B>mount_point</B> field. Thus the value of this command line
argument becomes the value for the $MTPT variable in instructions that follow
the <B>V</B> instruction only if the string $MTPT appears alone in the
<B>V</B> instruction's <B>mount_point</B> field.
<P><DT><B>-uid
</B><DD>Specifies a positive integer other than 0 (zero) to assign as the
user's AFS UID. If this argument is omitted, the Protection Server
assigns an AFS UID that is one greater than the current value of the
<TT>max</TT> <TT>user</TT> <TT>id</TT> counter (use the <B>pts
listmax</B> command to display the counter). If including this
argument, it is best first to use the <B>pts examine</B> command to verify
that no existing account already has the desired AFS UID; it one does,
the account creation process terminates with an error.
<P>Corresponding variable in the template file: $UID.
<P><DT><B>-template
</B><DD>Specifies the pathname of the template file. If this argument is
omitted, the command interpreter searches the following directories in the
indicated order for a file called <B>uss.template</B>: 
<OL TYPE=1>
<P><LI>The current working directory
<P><LI><B>/afs/</B><VAR>cellname</VAR><B>/common/uss</B>, where
<VAR>cellname</VAR> names the local cell
<P><LI><B>/etc</B>
</OL>
<P>
<P>If the issuer provides a filename other than <B>uss.template</B>
but without a pathname, the command interpreter searches for it in the
indicated directories. If the issuer provides a full or partial
pathname, the command interpreter consults the specified file only; it
interprets partial pathnames relative to the current working directory.
<P>
<P>If the specified template file is empty (zero-length), the command creates
Protection and Authentication Database entries only. 
<P>The <B>uss Template File</B> reference page details the file's
format.
<P><DT><B>-verbose
</B><DD>Produces on the standard output stream a detailed trace of the
command's execution. If this argument is omitted, only warnings
and error messages appear.
<P><DT><B>-var
</B><DD>Specifies values for each of the number variables $1 through $9 that can
appear in the template file. Use the number variables to assign values
to variables in the <B>uss</B> template file that are not part of the
standard set.
<P>Corresponding variables in the template file: $1 through $9.
<P>For each instance of this argument, provide two parts in the indicated
order, separated by a space: 
<UL>
<P><LI>The integer from the range <B>1</B> through <B>9</B> that matches
the variable in the template file. Do not precede it with a dollar
sign.
<P><LI>A string of alphanumeric characters to assign as the value of the
variable.
</UL>
<P>See the chapter on <B>uss</B> in the <I>IBM AFS Administration
Guide</I> for further explanation.
<P><DT><B>-cell
</B><DD>Specifies the cell in which to run the command. For more details,
see the introductory <B>uss</B> reference page.
<P><DT><B>-admin
</B><DD>Specifies the AFS user name under which to establish authenticated
connections to the AFS server processes that maintain the various components
of a user account. For more details, see the introductory
<B>uss</B> reference page.
<P><DT><B>-dryrun
</B><DD>Reports actions that the command interpreter needs to perform while
executing the command, without actually performing them. For more
details, see the introductory <B>uss</B> reference page.
<P><DT><B>-skipauth
</B><DD>Prevents authentication with the AFS Authentication Server, allowing a
site using Kerberos to substitute that form of authentication.
<P><DT><B>-overwrite
</B><DD>Overwrites any directories, files and links that exist in the file system
and for which there are definitions in <B>D</B>, <B>E</B>,
<B>F</B>, <B>L</B>, or <B>S</B> instructions in the template file
named by the <B>-template</B> argument. If this flag is omitted,
the command interpreter prompts once for confirmation that it is to overwrite
all such elements.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Examples</STRONG>
<P>The combination of the following example <B>uss add</B> command and
<B>V</B> instruction in a template file called <B>uss.tpl</B>
creates Protection and Authentication Database entries named <B>smith</B>,
and a volume called <TT>user.smith</TT> with a quota of 2500 kilobyte
blocks, mounted at the pathname
<B>/afs/abc.com/usr/smith</B>. The access control list (ACL)
on the mount point grants <B>smith</B> all rights.
<P>The issuer of the <B>uss add</B> command provides only the template
file's name, not its complete pathname, because it resides in the current
working directory. The command and <B>V</B> instruction appear here
on two lines only for legibility; there are no line breaks in the actual
instruction or command.
<PRE>   V user.$USER $SERVER.abc.com /vice$PART $1   \
       /afs/abc.com/usr/$USER $UID $USER all
   
   % <B>uss add  -user smith -realname "John Smith" -pass js_pswd -server fs2</B>   \
              <B>-partition b -template uss.tpl -var 1 2500</B>
   
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>The issuer (or the user named by the <B>-admin</B> argument) must
belong to the <B>system:administrators</B> group in the Protection
Database and must have the <TT>ADMIN</TT> flag turned on in his or her
Authentication Database entry.
<P>If the template contains a <B>V</B> instruction, the issuer must be
listed in the <B>/usr/afs/etc/UserList</B> file and must have at least
<B>a</B> (<B>administer</B>) and <B>i</B> (<B>insert</B>)
permissions on the ACL of the directory that houses the new mount
point. If the template file includes instructions for creating other
types of objects (directories, files or links), the issuer must have each
privilege necessary to create them.
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
<P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
<P><A HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf242.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf244.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<!-- Begin Footer Records  ========================================== -->
<P><HR><B> 
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A>  All Rights Reserved 
</B> 
<!-- End Footer Records  ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>