+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 3//EN">
-<HTML><HEAD>
-<TITLE>Administration Reference</TITLE>
-<!-- Begin Header Records ========================================== -->
-<!-- /tmp/idwt3190/auarf000.scr converted by idb2h R4.2 (359) ID -->
-<!-- Workbench Version (AIX) on 5 Nov 1999 at 13:58:29 -->
-<META HTTP-EQUIV="updated" CONTENT="Fri, 05 Nov 1999 13:58:29">
-<META HTTP-EQUIV="review" CONTENT="Sun, 05 Nov 2000 13:58:29">
-<META HTTP-EQUIV="expires" CONTENT="Mon, 05 Nov 2001 13:58:29">
-</HEAD><BODY>
-<!-- (C) IBM Corporation 2000. All Rights Reserved -->
-<BODY bgcolor="ffffff">
-<!-- End Header Records ============================================ -->
-<A NAME="Top_Of_Page"></A>
-<H1>Administration Reference</H1>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf054.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf056.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<P>
-<H2><A NAME="HDRUSSFILE" HREF="auarf002.htm#ToC_53">uss Template File</A></H2>
-<P><STRONG>Purpose</STRONG>
-<A NAME="IDX4110"></A>
-<A NAME="IDX4111"></A>
-<A NAME="IDX4112"></A>
-<P>Provides instructions for the <B>uss add</B> command
-<P><STRONG>Description</STRONG>
-<P>The <B>uss</B> template file defines the components of an AFS user
-account that the <B>uss add</B> command (or <B>add</B> instruction in
-a <B>uss</B> bulk input file) creates. Use the <B>-template</B>
-argument to the <B>uss add</B> or <B>uss bulk</B> command to identify
-the template file.
-<P><B>Summary of Template File Instructions</B>
-<P>The template file can include the following instructions, each on its own
-line. A more detailed description of each instruction's syntax
-follows this list.
-<DL>
-<P><DT><B>A
-</B><DD>Imposes restrictions on user passwords and authentication attempts
-<P><DT><B>D
-</B><DD>Creates a directory
-<P><DT><B>E
-</B><DD>Creates a single-line file
-<P><DT><B>F
-</B><DD>Creates a file by copying a prototype
-<P><DT><B>G
-</B><DD>Defines a directory that is one of a set of parent directories into which
-the <B>uss</B> command interpreter evenly distributes newly created home
-directories
-<P><DT><B>L
-</B><DD>Creates a hard link
-<P><DT><B>S
-</B><DD>Creates a symbolic link
-<P><DT><B>V
-</B><DD>Creates a volume, mounts it in the file space and sets the ACL on the
-mount point
-<P><DT><B>X
-</B><DD>Executes a command
-</DL>
-<P>If the template file is empty (zero-length), the <B>uss add</B> command
-or <B>add</B> instruction in a bulk input file only creates an entry in
-the Protection and Authentication Databases, naming them according to the name
-specified with the <B>uss add</B> command's <B>-user</B>
-argument, or in the bulk input file <B>add</B> instruction's
-<VAR>username</VAR> field.
-<P><B>The A Instruction for Setting the Default Treatment of Volumes</B>
-<A NAME="IDX4113"></A>
-<A NAME="IDX4114"></A>
-<A NAME="IDX4115"></A>
-<A NAME="IDX4116"></A>
-<A NAME="IDX4117"></A>
-<A NAME="IDX4118"></A>
-<A NAME="IDX4119"></A>
-<P>The <B>A</B> instruction in a <B>uss</B> template file enhances
-cell security by imposing the following restrictions on users' password
-choice and authentication attempts. For further information on these
-limits, see the <I>AFS Administration Guide</I> and the <B>kas
-setfields</B> reference page.
-<UL>
-<P><LI>Limiting the user's password lifetime. When the lifetime
-expires, the user can no longer authenticate using that password, and must
-change it.
-<P><LI>Prohibiting the reuse of the user's 20 most recently used
-passwords.
-<P><LI>Limiting the number of consecutive times that a user can provide an
-incorrect password during authentication, and for how long the Authentication
-Server refuses further authentication attempts after the limit is exceeded
-(referred to as an <I>account lockout</I>). For regular user
-accounts in most cells, the recommended limit is nine and lockout time is 25
-minutes.
-</UL>
-<P>The instruction has the following syntax:
-<PRE> <B>A</B> <VAR>username</VAR> <VAR>password_lifetime</VAR> <VAR>password_reuse</VAR> <VAR>failures</VAR> <VAR>locktime</VAR>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>A
-</B><DD>Indicates a security-enhancing instruction. It must be a capital
-letter.
-<P><DT><B><VAR>username</VAR>
-</B><DD>Names the Authentication Database entry on which to impose security
-restrictions. Specify the value <B>$USER</B> to read in the
-username from the <B>uss add</B> command's <B>-user</B> argument,
-or from the <VAR>username</VAR> field of an <B>add</B> instruction in a bulk
-input file.
-<P><DT><B><VAR>password_lifetime</VAR>
-</B><DD>Sets the number of days after the user's password is changed that it
-remains valid. When the password becomes invalid (expires), the user is
-unable to authenticate, but has 30 more days in which to issue the
-<B>kpasswd</B> command to change the password (after that, only an
-administrator can change it).
-<P>Specify an integer from the range <B>1</B> through <B>254</B> to
-specify the number of days until expiration, the value <B>0</B> to
-indicate that the password never expires, or the value <B>$PWEXPIRES</B>
-to read in the number of days from the <B>uss add</B> or <B>uss
-bulk</B> command's <B>-pwexpires</B> argument. If the
-<B>A</B> instruction does not appear in the template file, the default is
-for the user's password never to expire.
-<P><DT><B><VAR>password_reuse</VAR>
-</B><DD>Determines whether or not the user can change his or her password (using
-the <B>kpasswd</B> or <B>kas setpassword</B> command) to one that is
-similar to any of the last twenty passwords. The acceptable values are
-<B>reuse</B> to allow reuse and <B>noreuse</B> to prohibit it.
-If the <B>A</B> instruction does not appear in the template file, the
-default is to allow password reuse.
-<P><DT><B><VAR>failures</VAR>
-</B><DD>Sets the number of consecutive times the user can provide an incorrect
-password during authentication (using the <B>klog</B> command or a login
-utility that grants AFS tokens). When the user exceeds the limit, the
-Authentication Server rejects further authentication attempts for the amount
-of time specified in the <VAR>locktime</VAR> field.
-<P>Specify an integer from the range <B>1</B> through <B>254</B> to
-specify the number of failures permitted, or the value <B>0</B> to
-indicate that there is no limit to the number of unsuccessful attempts.
-If the <B>A</B> instruction does not appear in the template file, the
-default is to allow an unlimited number of failures.
-<P><DT><B><VAR>locktime</VAR>
-</B><DD>Specifies how long the Authentication Server refuses authentication
-attempts from a user who has exceeded the failure limit set in the
-<VAR>failures</VAR> field.
-<P>Specify a number of hours and minutes (<VAR>hh:mm</VAR>) or minutes
-only (<VAR>mm</VAR>), from the range <B>01</B> (one minute) through
-<B>36:00</B> (36 hours). The Authentication Server
-automatically reduces any larger value to <B>36:00</B> and also
-rounds up any non-zero value to the next higher multiple of 8.5
-minutes. A value of <B>0</B> (zero) sets an infinite lockout
-time; an administrator must always issue the <B>kas unlock</B>
-command to unlock the account.
-</DL>
-<P><B>The D Instruction for Creating a Directory</B>
-<A NAME="IDX4120"></A>
-<A NAME="IDX4121"></A>
-<A NAME="IDX4122"></A>
-<A NAME="IDX4123"></A>
-<A NAME="IDX4124"></A>
-<A NAME="IDX4125"></A>
-<A NAME="IDX4126"></A>
-<A NAME="IDX4127"></A>
-<A NAME="IDX4128"></A>
-<A NAME="IDX4129"></A>
-<A NAME="IDX4130"></A>
-<P>The <B>D</B> instruction in a <B>uss</B> template file creates a
-directory. Its intended use is to create a subdirectory in the user
-home directory created by the <B>V</B> instruction in the template
-file.
-<P>Any number of <B>D</B> instructions can appear in the template
-file. If any variables in the instruction take their values from the
-<B>V</B> instruction (notably, the $MTPT variable), the instruction must
-follow the <B>V</B> instruction in the file.
-<P>Although it is possible to use the <B>D</B> instruction to create a
-directory on the local disk of the machine where the <B>uss</B> command is
-issued, it is not recommended. The preferred method for automated
-creation of directories on a local disk is the <B>package</B>
-program. Two complications arise if the <VAR>pathname</VAR> field refers
-to a local disk directory:
-<UL>
-<P><LI>The <B>uss</B> command prints a warning message because it cannot
-associate an access control list (ACL) with a local disk directory. It
-creates the directory nonetheless, and some syntactically correct value must
-appear in the instruction's <VAR>ACL</VAR> field.
-<P><LI>To designate any user other than the issuer as the new directory's
-owner, the issuer must log onto the machine as the local superuser
-<B>root</B>. For local disk directories, only the local superuser
-<B>root</B> is allowed to issue the UNIX <B>chown</B> command that the
-<B>uss</B> command interpreter invokes to change the owner from the
-default value (the directory's creator, which in this case is the issuer
-of the <B>uss</B> command). The issuer must then also use the
-<B>-admin</B> argument to the <B>uss add</B> or <B>uss bulk</B>
-command to authenticate as a privileged AFS administrator, which is required
-for creating the Authentication Database and Protection Database entries that
-the <B>uss</B> command interpreter always creates for a new
-account.
-</UL>
-<P>The instruction has the following syntax:
-<PRE> <B>D</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>D
-</B><DD>Indicates a directory creation instruction. It must be a capital
-letter.
-<P><DT><B><VAR>pathname</VAR>
-</B><DD>Specifies the directory's full pathname. It can include
-variables.
-<P>Specify the read/write path to the directory, to avoid the failure that
-results from attempting to create a new directory in a read-only
-volume. By convention, the read/write path is indicated by placing a
-period before the cell name at the pathname's second level (for example,
-<B>/afs/.abc.com</B>). For further discussion of the
-concept of read/write and read-only paths through the filespace, see the
-reference page for the <B>fs mkmount</B> command.
-<P><DT><B><VAR>mode_bits</VAR>
-</B><DD>Sets the directory's UNIX mode bits. Acceptable values are the
-standard three- or four-digit numbers corresponding to combinations of
-permissions. Examples: <B>755</B> corresponds to
-<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>. The
-first (owner) <B>x</B> bit must be turned on to enable access to a
-directory.
-<P><DT><B><VAR>owner</VAR>
-</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
-the directory's owner in the output from the UNIX <B>ls -ld</B>
-command. If the directory resides in AFS, place the $UID variable in
-this field. If the directory resides on the local disk, this field must
-be the username or UID of the <B>uss</B> command's issuer, unless the
-issuer is logged in as the local superuser <B>root</B>.
-<P><DT><B><VAR>ACL</VAR>
-</B><DD>Sets the ACL on the new directory. It must appear even if the new
-directory resides on the local disk rather than in AFS, but is ignored in that
-case. Provide one or more paired values, each pair consisting of an AFS
-username or group name and the desired permissions, in that order.
-Separate the two parts of the pair, and each pair, with a space. The
-<B>fs setacl</B> reference page describes the available
-permissions.
-<P>For an AFS directory, grant all permissions to the directory's owner
-at least. Usually that is the new user, in which case the appropriate
-value is <B>$USER all</B>.
-<P>It is not possible to grant any permissions to the issuer of the
-<B>uss</B> command. As the last step in account creation, the
-<B>uss</B> command interpreter automatically deletes that person from any
-ACLs set during the creation process.
-</DL>
-<P><B>The E Instruction for Creating a Single-line File</B>
-<A NAME="IDX4131"></A>
-<A NAME="IDX4132"></A>
-<A NAME="IDX4133"></A>
-<A NAME="IDX4134"></A>
-<A NAME="IDX4135"></A>
-<A NAME="IDX4136"></A>
-<P>The <B>E</B> instruction in a <B>uss</B> template file creates a
-file by echoing a specified character string into it. Its intended use
-is to create files in the user home directory created by the <B>V</B>
-instruction in the template file, or in a subdirectory created by a
-<B>D</B> instruction.
-<P>Any number of <B>E</B> instructions can appear in the template
-file. If the file resides in a directory created by a <B>D</B>
-instruction, the <B>E</B> instruction must follow the <B>D</B>
-instruction in the file.
-<P>The <B>E</B> and <B>F</B> instructions have complementary
-advantages. The character string echoed into the file by an
-<B>E</B> instruction can be customized for each user, because it can
-include the standard variables for which the <B>uss</B> command
-interpreter substitutes the values specified by arguments to the <B>uss
-add</B> command or fields in a bulk input file <B>add</B>
-instruction. In contrast, a file created using the <B>F</B>
-instruction cannot include variables and so has the same content for all
-users. However, a file created by an <B>E</B> instruction can be a
-single line only, because no carriage returns (newline characters) are allowed
-in the character string.
-<P>Although it is possible to use the <B>E</B> instruction to create a
-file on the local disk of the machine where the <B>uss</B> command is
-issued, it is not recommended. The preferred method for automated
-creation of files on a local disk is the <B>package</B> program.
-The main complication is that designating any user other than the issuer as
-the new file's owner requires logging onto the machine as the local
-superuser <B>root</B>. For local disk files, only the local
-superuser <B>root</B> is allowed to issue the UNIX <B>chown</B>
-command that the <B>uss</B> command interpreter invokes to change the
-owner from the default value (the file's creator, which in this case is
-the issuer of the <B>uss</B> command). The issuer must then also
-use the <B>-admin</B> argument to the <B>uss add</B> or <B>uss
-bulk</B> command to authenticate as a privileged AFS administrator, which is
-required for creating the Authentication Database and Protection Database
-entries that the <B>uss</B> command interpreter always creates for a new
-account.
-<P>The instruction has the following syntax:
-<PRE> <B>E</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> "<VAR>contents</VAR>"
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>E
-</B><DD>Indicates a file creation instruction. It must be a capital
-letter.
-<P><DT><B><VAR>pathname</VAR>
-</B><DD>Specifies the file's full pathname. It can include
-variables.
-<P>Specify the read/write path to the file, to avoid the failure that results
-from attempting to create a new file in a read-only volume. By
-convention, the read/write path is indicated by placing a period before the
-cell name at the pathname's second level (for example,
-<B>/afs/.abc.com</B>). For further discussion of the
-concept of read/write and read-only paths through the filespace, see the
-reference page for the <B>fs mkmount</B> command.
-<P><DT><B><VAR>mode_bits</VAR>
-</B><DD>Sets the file's UNIX mode bits. Acceptable values are the
-standard three- or four-digit numbers corresponding to combinations of
-permissions. Examples: <B>755</B> corresponds to
-<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
-<P><DT><B><VAR>owner</VAR>
-</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
-the file's owner in the output from the UNIX <B>ls -l</B>
-command. If the file resides in AFS, place the $UID variable in this
-field. If the file resides on the local disk, specify the username or
-UID of the <B>uss</B> command's issuer; otherwise, the account
-creation operation halts immediately.
-<P><DT><B><VAR>contents</VAR>
-</B><DD>Specifies the one-line character string to write into the new file.
-Surround it with double quotes if it contains one or more spaces. It
-cannot contain the newline character, but can contain any of the standard
-variables, which the command interpreter resolves as it creates the
-file.
-</DL>
-<P><A NAME="SPTWQ6"></A><B>The F Instruction for Creating a File
-from a Prototype</B>
-<A NAME="IDX4137"></A>
-<A NAME="IDX4138"></A>
-<A NAME="IDX4139"></A>
-<A NAME="IDX4140"></A>
-<A NAME="IDX4141"></A>
-<A NAME="IDX4142"></A>
-<P>The <B>F</B> instruction in a <B>uss</B> template file creates a
-file by copying the contents of an existing file (the <I>prototype</I>)
-into it. Its intended use is to create files in the user home directory
-created by the <B>V</B> instruction in the template file, or in a
-subdirectory created by a <B>D</B> instruction.
-<P>Any number of <B>F</B> instructions can appear in the template
-file. If the file resides in a directory created by a <B>D</B>
-instruction, the <B>F</B> instruction must follow the <B>D</B>
-instruction in the file.
-<P>The <B>E</B> and <B>F</B> instructions have complementary
-advantages. A file created using the <B>F</B> instruction has the
-same content for all users, whereas a file created by an <B>E</B>
-instruction can be customized for each user if it includes variables.
-However, a file created by an <B>E</B> instruction can be a single line
-only, whereas the prototype file copied by an <B>F</B> instruction can be
-any length.
-<P>Although it is possible to use the <B>F</B> instruction to create a
-file on the local disk of the machine where the <B>uss</B> command is
-issued, it is not recommended. The preferred method for automated
-creation of files on a local disk is the <B>package</B> program.
-The main complication is that designating any user other than the issuer as
-the new file's owner requires logging onto the machine as the local
-superuser <B>root</B>. For local disk files, only the local
-superuser <B>root</B> is allowed to issue the UNIX <B>chown</B>
-command that the <B>uss</B> command interpreter invokes to change the
-owner from the default value (the file's creator, which in this case is
-the issuer of the <B>uss</B> command). The issuer must then also
-use the <B>-admin</B> argument to the <B>uss add</B> or <B>uss
-bulk</B> command to authenticate as a privileged AFS administrator, which is
-required for creating the Authentication Database and Protection Database
-entries that the <B>uss</B> command interpreter always creates for a new
-account.
-<P>The instruction has the following syntax:
-<PRE> <B>F</B> <VAR>pathname</VAR> <VAR>mode_bits</VAR> <VAR>owner</VAR> <VAR>prototype_file</VAR>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>F
-</B><DD>Indicates a file creation instruction. It must be a capital
-letter.
-<P><DT><B><VAR>pathname</VAR>
-</B><DD>Specifies the full pathname of the file to create, including the
-filename. It can include variables.
-<P>Specify the read/write path to the file, to avoid the failure that results
-from attempting to create a new file in a read-only volume. By
-convention, the read/write path is indicated by placing a period before the
-cell name at the pathname's second level (for example,
-<B>/afs/.abc.com</B>). For further discussion of the
-concept of read/write and read-only paths through the filespace, see the
-reference page for the <B>fs mkmount</B> command.
-<P><DT><B><VAR>mode_bits</VAR>
-</B><DD>Sets the file's UNIX mode bits. Acceptable values are the
-standard three- or four-digit numbers corresponding to combinations of
-permissions. Examples: <B>755</B> corresponds to
-<B>rwxr-xr-x</B>, and <B>644</B> to <B>rw-r--r--</B>.
-<P><DT><B><VAR>owner</VAR>
-</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
-the file's owner in the output from the UNIX <B>ls -l</B>
-command. If the file resides in AFS, place the $UID variable in this
-field. If the file resides on the local disk, specify the username or
-UID of the <B>uss</B> command's issuer; otherwise, the account
-creation operation halts immediately.
-<P><DT><B><VAR>prototype_file</VAR>
-</B><DD>Names the AFS or local disk directory that houses the prototype file to
-copy. The prototype file's name must match the final element in
-the <VAR>pathname</VAR> field.
-</DL>
-<P><A NAME="SPTWQ7"></A><B>The G Instruction for Facilitating Even
-Distribution of Home Directories</B>
-<A NAME="IDX4143"></A>
-<A NAME="IDX4144"></A>
-<A NAME="IDX4145"></A>
-<A NAME="IDX4146"></A>
-<A NAME="IDX4147"></A>
-<A NAME="IDX4148"></A>
-<P>The <B>G</B> instruction in a <B>uss</B> template file creates a
-directory as one of the set of directories from which the <B>uss</B>
-command interpreter selects when choosing a new user home directory's
-parent directory. More specifically, when the $AUTO variable appears in
-the <VAR>mount_point</VAR> field of a <B>V</B> instruction, the command
-interpreter substitutes for it the directory defined by a <B>G</B>
-instruction that currently has the fewest entries.
-<P>The instruction's intended use is to distribute user accounts evenly
-among several directories, rather than using directories that reflect
-divisions such as departmental affiliation. Distributing home
-directories in this fashion is useful mainly in very large cells where storing
-all user home directories under a single parent directory potentially slows
-directory lookup, or where a workplace-based division results in unevenly
-sized directories such that some users consistently experience slower
-directory lookup than others. See the chapter on <B>uss</B> in the
-<I>AFS Administration Guide</I> for more information.
-<P>Any number of <B>G</B> instructions can appear in the template
-file. If the <B>V</B> instruction includes the $AUTO variable, it
-must appear after all of the <B>G</B> instructions in the file.
-<P>The instruction has the following syntax:
-<PRE> <B>G</B> <VAR>directory</VAR>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>G
-</B><DD>Indicates an instruction that creates a directory to be considered as a
-value for the $AUTO variable. It must be a capital letter.
-<P><DT><B><VAR>directory</VAR>
-</B><DD>Specifies the directory's name as either a complete pathname or only
-the directory name. The choice determines the appropriate format for
-the <VAR>mount_point</VAR> field of a <B>V</B> instruction, as discussed in
-the following example.
-<P>Specify the read/write path to the directory, to avoid the failure that
-results from attempting to create a new mount point in a read-only volume when
-the $AUTO variable is used in a <B>V</B> instruction's
-<VAR>mount_point</VAR> field. By convention, the read/write path is
-indicated by placing a period before the cell name at the pathname's
-second level (for example, <B>/afs/.abc.com</B>). For
-further discussion of the concept of read/write and read-only paths through
-the filespace, see the reference page for the <B>fs mkmount</B>
-command.
-</DL>
-<P><B>The L and S Instructions for Creating a Link</B>
-<A NAME="IDX4149"></A>
-<A NAME="IDX4150"></A>
-<A NAME="IDX4151"></A>
-<A NAME="IDX4152"></A>
-<A NAME="IDX4153"></A>
-<A NAME="IDX4154"></A>
-<A NAME="IDX4155"></A>
-<A NAME="IDX4156"></A>
-<A NAME="IDX4157"></A>
-<A NAME="IDX4158"></A>
-<A NAME="IDX4159"></A>
-<A NAME="IDX4160"></A>
-<A NAME="IDX4161"></A>
-<P>The <B>L</B> instruction in a <B>uss</B> template file creates a
-hard link between two files, as achieved by the standard UNIX <B>ln</B>
-command. The <B>S</B> instruction creates a symbolic link between
-two files, as achieved by the standard UNIX <B>ln -s</B> command. A
-full explanation of links is beyond the scope of this document, but the basic
-effect is to create a second name for an existing file, enabling access via
-either name. Creating a link does not create a second copy of the
-file.
-<P>AFS allows hard links only if the linked files reside in the same
-directory, because it becomes difficult to determine which access control list
-(ACL) applies to the file if the two copies reside in directories with
-different ACLs. AFS allows symbolic links between two files that reside
-in different directories, or even different volumes. The File Server
-uses the ACL associated with the actual file rather than the link.
-<P>Any number of <B>L</B> and <B>S</B> instructions can appear in the
-template file. If the existing file or link is to reside in a directory
-created by a <B>D</B> instruction, or if the existing file was created by
-an <B>E</B> or <B>F</B> instruction, the <B>L</B> or <B>S</B>
-instruction must follow the <B>D</B>, <B>E</B>, or <B>F</B>
-instruction.
-<P>The instructions share the following syntax:
-<PRE> <B>L</B> <VAR>existing_file</VAR> <VAR>link</VAR>
- <B>S</B> <VAR>existing_file</VAR> <VAR>link</VAR>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>L
-</B><DD>Indicates a hard link creation instruction. It must be a capital
-letter.
-<P><DT><B>S
-</B><DD>Indicates a symbolic link creation instruction. It must be a
-capital letter.
-<P><DT><B><VAR>existing_file</VAR>
-</B><DD>Specifies the complete pathname of the existing file.
-<P><DT><B><VAR>link</VAR>
-</B><DD>Specifies the complete pathname of the second name for the file.
-<P>Specify the read/write path to the link, to avoid the failure that results
-from attempting to create a new link in a read-only volume. By
-convention, the read/write path is indicated by placing a period before the
-cell name at the pathname's second level (for example,
-<B>/afs/.abc.com</B>). For further discussion of the
-concept of read/write and read-only paths through the filespace, see the
-reference page for the <B>fs mkmount</B> command.
-</DL>
-<P><A NAME="SPTWQ8"></A><B>The V Instruction for Creating and
-Mounting a Volume</B>
-<A NAME="IDX4162"></A>
-<A NAME="IDX4163"></A>
-<A NAME="IDX4164"></A>
-<A NAME="IDX4165"></A>
-<A NAME="IDX4166"></A>
-<A NAME="IDX4167"></A>
-<A NAME="IDX4168"></A>
-<A NAME="IDX4169"></A>
-<A NAME="IDX4170"></A>
-<A NAME="IDX4171"></A>
-<A NAME="IDX4172"></A>
-<A NAME="IDX4173"></A>
-<A NAME="IDX4174"></A>
-<A NAME="IDX4175"></A>
-<A NAME="IDX4176"></A>
-<A NAME="IDX4177"></A>
-<A NAME="IDX4178"></A>
-<A NAME="IDX4179"></A>
-<A NAME="IDX4180"></A>
-<P>The <B>V</B> instruction in a <B>uss</B> template file creates a
-volume on a specified file server machine and partition and creates an entry
-for it in the Volume Location Database (VLDB). It mounts the volume at
-a location in the AFS file space that becomes the user's home directory,
-then designates the directory's owner and sets its access control list
-(ACL).
-<P>Only one <B>V</B> instruction can appear in the template file, and one
-must appear if the template file contains any instructions at all (is not
-empty). All other instructions are optional, except that the template
-must include <B>G</B> instructions if the $AUTO variable appears in
-it. (The <B>V</B> instruction is not necessarily the first line in
-the template. If the template includes the $AUTO variable, then the
-<B>G</B> instructions which provide values for the variable must precede
-it in the file.)
-<P>The instruction has the following syntax:
-<PRE> <B>V</B> <VAR>volume_name</VAR> <VAR>server</VAR> <VAR>partition</VAR> <VAR>quota</VAR> <VAR>mount_point</VAR> <VAR>owner</VAR> <VAR>ACL</VAR>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>V
-</B><DD>Indicates a volume creation instruction. It must be a capital
-letter.
-<P><DT><B><VAR>volume_name</VAR>
-</B><DD>Specifies the volume's name. To follow the convention for AFS
-user volume names, specify the value <B>user.$USER</B>.
-Provide a value for the $USER variable via the <B>uss add</B>
-command's <B>-user</B> argument or the <VAR>username</VAR> field in the
-bulk input file <B>add</B> instruction.
-<P><DT><B><VAR>server</VAR>
-</B><DD>Names the file server machine on which to create the new user's
-volume. It is best to provide the fully-qualified hostname (for
-example, <B>fs1.abc.com</B>), but an abbreviated form is
-acceptable provided that the cell's naming service is available to
-resolve it at the time the volume is created. To read in the value from
-the <B>uss add</B> command's <B>-server</B> argument, specify the
-value <B>$SERVER</B>.
-<P><DT><B><VAR>partition</VAR>
-</B><DD>Specifies the partition on which to create the user's volume; it
-must be on the file server machine named in the <VAR>server</VAR> field.
-Identify the partition by its complete name (for example, <B>/vicepa</B>)
-or use or use one of the following abbreviations.
-<PRE> <B>/vicepa</B> = <B>vicepa</B> = <B>a</B> = <B>0</B>
- <B>/vicepb</B> = <B>vicepb</B> = <B>b</B> = <B>1</B>
-
-</PRE>
-<P>
-<P>After <B>/vicepz</B> (for which the index is 25) comes
-<PRE> <B>/vicepaa</B> = <B>vicepaa</B> = <B>aa</B> = <B>26</B>
- <B>/vicepab</B> = <B>vicepab</B> = <B>ab</B> = <B>27</B>
-
-</PRE>
-<P>and so on through
-<PRE> <B>/vicepiv</B> = <B>vicepiv</B> = <B>iv</B> = <B>255</B>
-
-</PRE>
-<P>To read in the value from the <B>uss add</B> command's
-<B>-partition</B> argument, specify the value <B>$PART</B>.
-<P><DT><B><VAR>quota</VAR>
-</B><DD>Sets the maximum number of kilobyte blocks the volume can occupy on the
-file server machine's disk. Specify an integer constant if all
-volumes have the same quota (<B>1024</B> equals a megabyte), or use one of
-the number variables ($1 through $9) to assign different values to different
-volumes.
-<P><DT><B><VAR>mount_point</VAR>
-</B><DD>Creates a mount point for the volume, which serves as the volume's
-root directory. Include the $USER variable as part of the pathname to
-follow the convention that user home directory names include the
-username.
-<P>Specify the read/write path to the mount point, to avoid the failure that
-results from attempting to create a new mount point in a read-only
-volume. By convention, the read/write path is indicated by placing a
-period before the cell name at the pathname's second level (for example,
-<B>/afs/.abc.com</B>). If the $AUTO variable appears
-in this field, the directories named by each <B>G</B> instruction possibly
-already indicate the read/write path. For further discussion of the
-concept of read/write and read-only paths through the filespace, see the
-reference page for the <B>fs mkmount</B> command..
-<TABLE><TR><TD ALIGN="LEFT" VALIGN="TOP"><B>Note:</B></TD><TD ALIGN="LEFT" VALIGN="TOP">If used, the $MTPT variable in this field takes its value from the <B>uss
-add</B> command's <B>-mount</B> argument or from the
-<VAR>mount_point</VAR> field of an <B>add</B> instruction in the bulk input
-file. However, subsequent uses of the $MTPT variable (usually in
-following <B>D</B>, <B>E</B>, or <B>F</B> instructions) take as
-their value the complete contents of this field.
-</TD></TR></TABLE>
-<P><DT><B><VAR>owner</VAR>
-</B><DD>Specifies the username or UNIX user ID (UID) of the user to be designated
-the mount point's owner in the output from the UNIX <B>ls -ld</B>
-command. To follow the convention for home directory ownership, place
-the value <B>$UID</B> in this field.
-<P><DT><B><VAR>ACL</VAR>
-</B><DD>Sets the ACL on the new directory. Provide one or more paired
-values, each pair consisting of an AFS username or group name and the desired
-permissions, in that order. Separate the two parts of the pair, and
-each pair, with a space. The <B>fs setacl</B> reference page
-describes the available permissions.
-<P>Grant all permissions to the new user at least. The appropriate
-value is <B>$USER all</B>.
-<P>AFS automatically grants the <B>system:administrators</B> group
-all permissions as well. It is not possible to grant any permissions to
-the issuer of the <B>uss</B> command. As the last step in account
-creation, the <B>uss</B> command interpreter automatically deletes that
-user from any ACLs set during the creation process.
-</DL>
-<P><A NAME="SPTWQ9"></A><B>The X Instruction for Running a
-Command</B>
-<A NAME="IDX4181"></A>
-<A NAME="IDX4182"></A>
-<A NAME="IDX4183"></A>
-<P>The <B>X</B> instruction in a <B>uss</B> template file runs the
-indicated command, which can be a standard UNIX or AFS command. It can
-include any variables from the template file, which the <B>uss</B> command
-interpreter resolves before passing the command on to the appropriate other
-command interpreter. It must be a single line only, however (cannot
-contain carriage returns or newline characters).
-<P>Any number of <B>X</B> instructions can appear in the template
-file. If an instruction manipulates an element created by another
-instruction, it must follow that instruction in the file.
-<P>The instruction has the following syntax:
-<PRE> <B>X "</B><VAR>command</VAR><B>"</B>
-
-</PRE>
-<P>where
-<DL>
-<P><DT><B>X
-</B><DD>Indicates a command execution instruction. It must be a capital
-letter.
-<P><DT><B><VAR>command</VAR>
-</B><DD>Specifies the command to run. Surround it with double quotes as
-shown if it contains one or more spaces. It can contain any variables
-from the template file, but not newline characters.
-</DL>
-<P><STRONG>Examples</STRONG>
-<P>The following example <B>A</B> instruction sets a password lifetime of
-254 days, prohibits password reuse, limits the number of consecutive failed
-authentication attempts to nine and sets the corresponding locktime to
-25:30 minutes (which is a multiple of 8.5 minutes). The
-username is read in from the <B>-user</B> argument to the <B>uss
-add</B> command or from the <I>username</I> field in each <B>add</B>
-instruction in a bulk input file.
-<PRE> A $USER 254 noreuse 9 25:30
-
-</PRE>
-<P>The following example <B>D</B> instruction creates a directory called
-<I>public</I> in a new user's home directory, designates the user as
-the directory's owner, and grants him or her all ACL permissions.
-<PRE> D $MTPT/public 0755 $UID $USER all
-
-</PRE>
-<P>The following example <B>E</B> instruction creates a file in the
-current working directory called
-<VAR>username</VAR>.<B>etcp</B>. The contents are an entry
-suitable for incorporating into the cell's global
-<B>/etc/password</B> file.
-<PRE> E $USER.etcp 0644 root "$USER:X:$UID:10:$NAME:$MTPT:/bin/csh"
-
-</PRE>
-<P>The following example <B>F</B> instruction, appropriate for the ABC
-Corporation cell, copies a prototype <B>.login</B> file into the
-user's home directory.
-<PRE> F $MTPT/.login 0644 $UID /afs/abc.com/common/uss/skel/.login
-
-</PRE>
-<P>In the following example, the State University cell's administrators
-have decided to distribute user home directories evenly into three
-directories. They define three <B>G</B> instructions:
-<PRE> G usr1
- G usr2
- G usr3
-
-</PRE>
-<P>and then put the following value in the <I>mount_point</I> field of the
-<B>V</B> instruction:
-<PRE> /afs/stateu.edu/$AUTO/$USER
-
-</PRE>
-<P>Alternatively, if they include the entire directory pathname in the
-<B>G</B> instruction:
-<PRE> G /afs/stateu.edu/usr1
- G /afs/stateu.edu/usr2
- G /afs/stateu.edu/usr3
-
-</PRE>
-<P>then the <I>mount_point</I> field of the <B>V</B> instruction
-specifies only the following:
-<PRE> $AUTO/$USER
-
-</PRE>
-<P>The following example <B>L</B> instruction creates a hard link between
-the files <B>mail</B> and <B>mbox</B> in the user's home
-directory.
-<PRE> L $MTPT/mbox $MTPT/mail
-
-</PRE>
-<P>The following example <B>S</B> instruction, appropriate for the ABC
-Corporation cell, links the file <B>Mail/outgoing</B> in the user's
-home directory to the file
-<B>/afs/abc.com/common/mail/outgoing</B>.
-<PRE> S /afs/abc.com/common/mail/outgoing $MTPT/Mail/outgoing
-
-</PRE>
-<P>The following example <B>V</B> instruction creates a volume called
-<B>user.</B><VAR>username</VAR> on the <B>/vicepa</B> partition
-of the specified file server machine, assigning it a quota of 3000 kilobyte
-blocks. The mount point is under <B>/afs/abc.com/usr</B> and
-matches the username (the value of the $USER variable). The user owns
-the home directory and has all access rights to it. The instruction
-appears on two lines only for legibility; it must appear on a single line
-in the template file.
-<PRE> V user.$USER $SERVER.abc.com /vicepa 3000 \
- /afs/abc.com/usr/$USER $UID $USER all
-
-</PRE>
-<P>The following example <B>X</B> instruction mounts the backup version of
-the user's volume at the <B>OldFiles</B> subdirectory.
-<PRE> X "fs mkm /afs/abc.com/usr/$USER/OldFiles user.$USER.backup"
-
-</PRE>
-<P><STRONG>Related Information</STRONG>
-<P><A HREF="auarf054.htm#HDRUSSBULKINPUT">uss Bulk Input File</A>
-<P><A HREF="auarf153.htm#HDRFS_MKMOUNT">fs mkmount</A>
-<P><A HREF="auarf243.htm#HDRUSS_ADD">uss add</A>
-<P><A HREF="auarf245.htm#HDRUSS_BULK">uss bulk</A>
-<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf054.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf056.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
-<!-- Begin Footer Records ========================================== -->
-<P><HR><B>
-<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
-</B>
-<!-- End Footer Records ============================================ -->
-<A NAME="Bot_Of_Page"></A>
-</BODY></HTML>
git://git.openafs.org / openafs.git / blobdiff