+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
-<HTML><HEAD>
-<TITLE>Administration Reference</TITLE>
-<!-- Begin Header Records ========================================== -->
-<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
-<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
-<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
-<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
-<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
-</HEAD><BODY>
-<!-- (C) IBM Corporation 2000. All Rights Reserved -->
-<BODY bgcolor="ffffff">
-<!-- End Header Records ============================================ -->
-<A NAME="Top_Of_Page"></A>
-<H1>Administration Reference</H1>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf242.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf244.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<P>
-<H2><A NAME="HDRUSS_ADD" HREF="auarf002.htm#ToC_257">uss add</A></H2>
-<A NAME="IDX5517"></A>
-<A NAME="IDX5518"></A>
-<A NAME="IDX5519"></A>
-<A NAME="IDX5520"></A>
-<A NAME="IDX5521"></A>
-<A NAME="IDX5522"></A>
-<A NAME="IDX5523"></A>
-<A NAME="IDX5524"></A>
-<A NAME="IDX5525"></A>
-<A NAME="IDX5526"></A>
-<A NAME="IDX5527"></A>
-<A NAME="IDX5528"></A>
-<A NAME="IDX5529"></A>
-<A NAME="IDX5530"></A>
-<A NAME="IDX5531"></A>
-<A NAME="IDX5532"></A>
-<A NAME="IDX5533"></A>
-<A NAME="IDX5534"></A>
-<A NAME="IDX5535"></A>
-<P><STRONG>Purpose</STRONG>
-<P>Creates a user account
-<P><STRONG>Synopsis</STRONG>
-<PRE><B>uss add -user</B> <<VAR>login name</VAR>> [<B>-realname</B> <<VAR>full name in quotes</VAR>>]
- [<B>-pass</B> <<VAR>initial password</VAR>>]
- [<B>-pwexpires</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>]
- [<B>-server</B> <<VAR>FileServer for home volume</VAR>>]
- [<B>-partition</B> <<VAR>FileServer's disk partition for home volume</VAR>>]
- [<B>-mount</B> <<VAR>home directory mount point</VAR>>]
- [<B>-uid</B> <<VAR>uid to assign the user</VAR>>]
- [<B>-template</B> <<VAR>pathname of template file</VAR>>]
- [<B>-verbose</B>] [<B>-var</B> <<VAR>auxiliary argument pairs (Num val)</VAR>><SUP>+</SUP>]
- [<B>-cell</B> <<VAR>cell name</VAR>>] [<B>-admin</B> <<VAR>administrator to authenticate</VAR>>]
- [<B>-dryrun</B>] [<B>-skipauth</B>] [<B>-overwrite</B>] [<B>-help</B>]
-
-<B>uss ad -us</B> <<VAR>login name</VAR>> [<B>-r</B> <<VAR>full name in quotes</VAR>>]
- [<B>-pas</B> <<VAR>initial password</VAR>>]
- [<B>-pw</B> <<VAR>password expires in [0..254] days (0 => never)</VAR>>]
- [<B>-se</B> <<VAR>FileServer for home volume</VAR>>]
- [<B>-par</B> <<VAR>FileServer's disk partition for home volume</VAR>>]
- [<B>-m</B> <<VAR>home directory mount point</VAR>>] [<B>-ui</B> <<VAR>uid to assign the user</VAR>>]
- [<B>-t</B> <<VAR>pathname of template file</VAR>>] [<B>-ve</B>]
- [<B>-va</B> <<VAR>auxiliary argument pairs (Num val)</VAR>><SUP>+</SUP>] [<B>-c</B> <<VAR>cell name</VAR>>]
- [<B>-a</B> <<VAR>administrator to authenticate</VAR>>] [<B>-d</B>] [<B>-sk</B>] [<B>-o</B>] [<B>-h</B>]
-</PRE>
-<P><STRONG>Description</STRONG>
-<P>The <B>uss add</B> command creates entries in the Protection Database
-and Authentication Database for the user name specified by the
-<B>-user</B> argument. By default, the Protection Server
-automatically allocates an AFS user ID (UID) for the new user; to specify
-an alternate AFS UID, include the <B>-uid</B> argument. If a
-password is provided with the <B>-pass</B> argument, it is stored as the
-user's password in the Authentication Database after conversion into a
-form suitable for use as an encryption key. Otherwise, the string
-<B>changeme</B> is assigned as the user's initial password.
-<P>The other results of the command depend on which instructions and which of
-a defined set of variables appear in the template file specified with the
-<B>-template</B> argument. Many of the command's arguments
-supply a value for one of the defined variables, and failure to provide an
-argument when the corresponding variable appears in the template file halts
-the account creation process at the point where the command interpreter first
-encounters the variable in the template file.
-<P>To create multiple accounts with a single command, use the <B>uss
-bulk</B> command. To delete accounts with a single command, use the
-<B>uss delete</B> command.
-<P><STRONG>Options</STRONG>
-<DL>
-<P><DT><B>-user
-</B><DD>Names the user's Authentication Database and Protection Database
-entries. It can include up to eight alphanumeric characters, but not
-any of the following characters: <B>:</B> (colon),
-<B>@</B> (at-sign), <B>.</B> (period), space, or
-newline. Because it becomes the username (the name under which a user
-logs in), it is best not to include shell metacharacters and to obey the
-restrictions that many operating systems impose on usernames (usually, to
-contain no more than eight lowercase letters).
-<P>Corresponding variable in the template file: $USER.
-<P><DT><B>-realname
-</B><DD>Specifies the user's full name. If it contains spaces or
-punctuation, surround it with double quotes. If not provided, it
-defaults to the user name provided with the <B>-user</B> argument.
-<P>Corresponding variable in the template file: $NAME. Many
-operating systems include a field for the full name in a user's entry in
-the local password file (<B>/etc/passwd</B> or equivalent), and this
-variable can be used to pass a value to be used in that field.
-<P><DT><B>-pass
-</B><DD>Specifies the user's initial password. Although the AFS
-commands that handle passwords accept strings of virtually unlimited length,
-it is best to use a password of eight characters or less, which is the maximum
-length that many applications and utilities accept. If not provided,
-this argument defaults to the string <B>changeme</B>.
-<P>Corresponding variable in the template file: none.
-<P><DT><B>-pwexpires
-</B><DD>Sets the number of days after a user's password is changed that it
-remains valid. Provide an integer from the range <B>1</B> through
-<B>254</B> to specify the number of days until expiration, or the value
-<B>0</B> to indicate that the password never expires (the default).
-<P>When the password becomes invalid (expires), the user is unable to
-authenticate, but has 30 more days in which to issue the <B>kpasswd</B>
-command to change the password (after that, only an administrator can change
-it).
-<P>Corresponding variable in the template file: $PWEXPIRES.
-<P><DT><B>-server
-</B><DD>Names the file server machine on which to create the new user's
-volume. It is best to provide a fully qualified hostname (for example,
-<B>fs1.abc.com</B>), but an abbreviated form is acceptable
-provided that the cell's naming service is available to resolve it at the
-time the volume is created.
-<P>Corresponding variable in the template file: $SERVER.
-<P><DT><B>-partition
-</B><DD>Specifies the partition on which to create the user's volume; it
-must be on the file server machine named by the <B>-server</B>
-argument. Provide the complete partition name (for example
-<B>/vicepa</B>) or one of the following abbreviated forms:
-<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
- <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
-
-</PRE>
-<P>
-<P>After <B>/vicepz</B> (for which the index is 25) comes
-<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
- <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
-
-</PRE>
-<P>and so on through
-<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
-
-</PRE>
-<P>
-<P>Corresponding variable in the template file: $PART.
-<P><DT><B>-mount
-</B><DD>Specifies the pathname for the user's home directory. Partial
-pathnames are interpreted relative to the current working directory.
-<P>Specify the read/write path to the directory, to avoid the failure that
-results from attempting to create a new mount point in a read-only
-volume. By convention, the read/write path is indicated by placing a
-period before the cell name at the pathname's second level (for example,
-<B>/afs/.abc.com</B>). For further discussion of the
-concept of read/write and read-only paths through the filespace, see the
-<B>fs mkmount</B> reference page.
-<P>Corresponding variable in template: $MTPT, but in the template
-file's <B>V</B> instruction only. Occurrences of the $MTPT
-variable in template instructions that follow the <B>V</B> instruction
-take their value from the <B>V</B> instruction's
-<B>mount_point</B> field. Thus the value of this command line
-argument becomes the value for the $MTPT variable in instructions that follow
-the <B>V</B> instruction only if the string $MTPT appears alone in the
-<B>V</B> instruction's <B>mount_point</B> field.
-<P><DT><B>-uid
-</B><DD>Specifies a positive integer other than 0 (zero) to assign as the
-user's AFS UID. If this argument is omitted, the Protection Server
-assigns an AFS UID that is one greater than the current value of the
-<TT>max</TT> <TT>user</TT> <TT>id</TT> counter (use the <B>pts
-listmax</B> command to display the counter). If including this
-argument, it is best first to use the <B>pts examine</B> command to verify
-that no existing account already has the desired AFS UID; it one does,
-the account creation process terminates with an error.
-<P>Corresponding variable in the template file: $UID.
-<P><DT><B>-template
-</B><DD>Specifies the pathname of the template file. If this argument is
-omitted, the command interpreter searches the following directories in the
-indicated order for a file called <B>uss.template</B>:
-<OL TYPE=1>
-<P><LI>The current working directory
-<P><LI><B>/afs/</B><VAR>cellname</VAR><B>/common/uss</B>, where
-<VAR>cellname</VAR> names the local cell
-<P><LI><B>/etc</B>
-</OL>
-<P>
-<P>If the issuer provides a filename other than <B>uss.template</B>
-but without a pathname, the command interpreter searches for it in the
-indicated directories. If the issuer provides a full or partial
-pathname, the command interpreter consults the specified file only; it
-interprets partial pathnames relative to the current working directory.
-<P>
-<P>If the specified template file is empty (zero-length), the command creates
-Protection and Authentication Database entries only.
-<P>The <B>uss Template File</B> reference page details the file's
-format.
-<P><DT><B>-verbose
-</B><DD>Produces on the standard output stream a detailed trace of the
-command's execution. If this argument is omitted, only warnings
-and error messages appear.
-<P><DT><B>-var
-</B><DD>Specifies values for each of the number variables $1 through $9 that can
-appear in the template file. Use the number variables to assign values
-to variables in the <B>uss</B> template file that are not part of the
-standard set.
-<P>Corresponding variables in the template file: $1 through $9.
-<P>For each instance of this argument, provide two parts in the indicated
-order, separated by a space:
-<UL>
-<P><LI>The integer from the range <B>1</B> through <B>9</B> that matches
-the variable in the template file. Do not precede it with a dollar
-sign.
-<P><LI>A string of alphanumeric characters to assign as the value of the
-variable.
-</UL>
-<P>See the chapter on <B>uss</B> in the <I>IBM AFS Administration
-Guide</I> for further explanation.
-<P><DT><B>-cell
-</B><DD>Specifies the cell in which to run the command. For more details,
-see the introductory <B>uss</B> reference page.
-<P><DT><B>-admin
-</B><DD>Specifies the AFS user name under which to establish authenticated
-connections to the AFS server processes that maintain the various components
-of a user account. For more details, see the introductory
-<B>uss</B> reference page.
-<P><DT><B>-dryrun
-</B><DD>Reports actions that the command interpreter needs to perform while
-executing the command, without actually performing them. For more
-details, see the introductory <B>uss</B> reference page.
-<P><DT><B>-skipauth
-</B><DD>Prevents authentication with the AFS Authentication Server, allowing a
-site using Kerberos to substitute that form of authentication.
-<P><DT><B>-overwrite
-</B><DD>Overwrites any directories, files and links that exist in the file system
-and for which there are definitions in <B>D</B>, <B>E</B>,
-<B>F</B>, <B>L</B>, or <B>S</B> instructions in the template file
-named by the <B>-template</B> argument. If this flag is omitted,
-the command interpreter prompts once for confirmation that it is to overwrite
-all such elements.
-<P><DT><B>-help
-</B><DD>Prints the online help for this command. All other valid options
-are ignored.
-</DL>
-<P><STRONG>Examples</STRONG>
-<P>The combination of the following example <B>uss add</B> command and
-<B>V</B> instruction in a template file called <B>uss.tpl</B>
-creates Protection and Authentication Database entries named <B>smith</B>,
-and a volume called <TT>user.smith</TT> with a quota of 2500 kilobyte
-blocks, mounted at the pathname
-<B>/afs/abc.com/usr/smith</B>. The access control list (ACL)
-on the mount point grants <B>smith</B> all rights.
-<P>The issuer of the <B>uss add</B> command provides only the template
-file's name, not its complete pathname, because it resides in the current
-working directory. The command and <B>V</B> instruction appear here
-on two lines only for legibility; there are no line breaks in the actual
-instruction or command.
-<PRE> V user.$USER $SERVER.abc.com /vice$PART $1 \
- /afs/abc.com/usr/$USER $UID $USER all
-
- % <B>uss add -user smith -realname "John Smith" -pass js_pswd -server fs2</B> \
- <B>-partition b -template uss.tpl -var 1 2500</B>
-
-</PRE>
-<P><STRONG>Privilege Required</STRONG>
-<P>The issuer (or the user named by the <B>-admin</B> argument) must
-belong to the <B>system:administrators</B> group in the Protection
-Database and must have the <TT>ADMIN</TT> flag turned on in his or her
-Authentication Database entry.
-<P>If the template contains a <B>V</B> instruction, the issuer must be
-listed in the <B>/usr/afs/etc/UserList</B> file and must have at least
-<B>a</B> (<B>administer</B>) and <B>i</B> (<B>insert</B>)
-permissions on the ACL of the directory that houses the new mount
-point. If the template file includes instructions for creating other
-types of objects (directories, files or links), the issuer must have each
-privilege necessary to create them.
-<P><STRONG>Related Information</STRONG>
-<P><A HREF="auarf035.htm#HDRUSERLIST">UserList</A>
-<P><A HREF="auarf055.htm#HDRUSSFILE">uss Template File</A>
-<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
-<P><A HREF="auarf242.htm#HDRUSS_INTRO">uss</A>
-<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
-<P><A HREF="auarf246.htm#HDRUSS_DELETE">uss delete</A>
-<P>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf242.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf244.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<!-- Begin Footer Records ========================================== -->
-<P><HR><B>
-<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
-</B>
-<!-- End Footer Records ============================================ -->
-<A NAME="Bot_Of_Page"></A>
-</BODY></HTML>
git://git.openafs.org / openafs.git / blobdiff