3 pts createuser - Creates a user or machine entry in the Protection Database
7 pts createuser B<-name> I<user name> [I<user name> ...]
8 [B<-id> I<user id> [I<user id> ...]] [B<-cell> I<cell name>]
9 [B<-noauth>] [B<-force>] [B<-help>]
11 pts createu B<-na> I<user name> [I<user name> ...]
12 [B<-i> I<user id> [I<user id> ...]] [B<-c> I<cell name>]
13 [B<-no>] [B<-f>] [B<-h>]
15 pts cu B<-na> I<user name> [I<user name> ...]
16 [B<-i> I<user id> [I<user id> ...]]
17 [B<-c> I<cell name>] [B<-no>] [B<-f>] [B<-h>]
21 The C<pts createuser> command creates an entry in the Protection Database
22 for each user or machine specified by the B<-name> argument. A user entry
23 name becomes the user's AFS username (the one to provide when
24 authenticating with the AFS Authentication Server). A machine entry's
25 name is the machine's IP address or a wildcard notation that
26 represents a range of consecutive IP addresses (a group of machines on
27 the same network). It is not possible to authenticate as a machine,
28 but a group to which a machine entry belongs can appear on a
29 directory's access control list (ACL), thereby granting the indicated
30 permissions to any user logged on to the machine.
31 AFS user IDs (AFS UIDs) are positive integers and by default the
32 Protection Server assigns an AFS UID that is one greater than the
33 current value of the max user id counter in the Protection Database,
34 incrementing the counter by one for each user. To assign a specific
35 AFS UID, use the B<-id> argument. If any of the specified AFS UIDs is
36 greater than the current value of the max user id counter, the counter
37 is reset to that value. It is acceptable to specify an AFS UID smaller
38 than the current value of the counter, but the creation operation
39 fails if an existing user or machine entry already has it. To display
40 or set the value of the max user id counter, use the pts listmax or
41 pts setmax command, respectively.
42 The issuer of the C<pts createuser> command is recorded as the entry's
43 creator and the group system:administrators as its owner.
49 =item B<-name> I<user name> [I<user name> ...]
51 Specifies either a username for a user entry, or an IP address
52 (complete or wildcarded) for a machine entry:
58 A username can include up to 63 numbers and lowercase
59 letters, but it is best to make it shorter than eight
60 characters, because many application programs cannot handle
61 longer names. Also, it is best not to include shell
62 metacharacters or other punctuation marks. In particular, the
63 colon (:) and at-sign (@) characters are not acceptable. The
64 period is generally used only in special administrative
65 names, to separate the username and an instance, as in the
70 A machine identifier is its IP address in dotted decimal
71 notation (for example, 192.12.108.240), or a wildcard
72 notation that represents a set of IP addresses (a group of
73 machines on the same network). The following are acceptable
74 wildcard formats. The letters W, X, Y and Z each represent an
75 actual number from the range 1 through 255.
81 W.X.Y.Z represents a single machine, for example
86 W.X.Y.0 matches all machines whose IP addresses start
87 with the first three numbers. For example, 192.12.108.0
88 matches both 192.12.108.119 and 192.12.108.120, but does
89 not match 192.12.105.144.
93 W.X.0.0 matches all machines whose IP addresses start
94 with the first two numbers. For example, the address
95 192.12.0.0 matches both 192.12.106.23 and
96 192.12.108.120, but does not match 192.5.30.95.
100 W.0.0.0 matches all machines whose IP addresses start
101 with the first number in the specified address. For
102 example, the address 192.0.0.0 matches both 192.5.30.95
103 and 192.12.108.120, but does not match 138.255.63.52.
107 Do not define a machine entry with the name 0.0.0.0 to match
108 every machine. The system:anyuser group is equivalent.
112 =item B<-id> I<user id> [I<user id> ...]
114 Specifies an AFS UID for each user or machine entry, rather
115 than allowing the Protection Server to assign it. Provide a
117 If this argument is used and the B<-name> argument names multiple
118 new entries, it is best to provide an equivalent number of AFS
119 UIDs. The first UID is assigned to the first entry, the second
120 to the second entry, and so on. If there are fewer UIDs than
121 entries, the Protection Server assigns UIDs to the unmatched
122 entries based on the max user id counter. If there are more
123 UIDs than entries, the excess UIDs are ignored. If any of the
124 UIDs is greater than the current value of the max user id
125 counter, the counter is reset to that value.
127 =item B<-cell> I<cell name>
129 Names the cell in which to run the command. For more details,
130 see the introductory L<pts(1)> reference page.
134 Assigns the unprivileged identity anonymous to the issuer. For
135 more details, see the introductory L<pts(1)> reference page.
139 Enables the command to continue executing as far as possible
140 when errors or other problems occur, rather than halting
141 execution at the first error.
145 Prints the online help for this command. All other valid
152 The command generates the following string to confirm creation of each
158 The following example creates a Protection Database entry for the user
161 pts createuser -name johnson
163 The following example creates three wildcarded machine entries in the
164 ABC Corporation cell. The three entries encompass all of the machines
165 on the company's networks without including machines on other
168 pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0
170 =head1 PRIVILEGE REQUIRED
172 The issuer must belong to the system:administrators group.
176 The Protection Server reserves AFS UID 0 (zero) and returns an error
177 if the B<-id> argument has that value.
181 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
183 Converted from html to pod by Alf Wachsmann <alfw@slac.stanford.edu>, 2003,
184 Stanford Linear Accelerator Center, a department of Stanford University.