.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PTS_CREATEUSER 1" .TH PTS_CREATEUSER 1 "2021-01-27" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" pts_createuser \- Creates a user or machine entry in the Protection Database .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBpts createuser\fR \fB\-name\fR\ <\fIuser\ name\fR>+ [\fB\-id\fR\ <\fIuser\ id\fR>+] [\fB\-cell\fR\ <\fIcell\ name\fR>] [\fB\-noauth\fR] [\fB\-localauth\fR] [\fB\-force\fR] [\fB\-help\fR] [\fB\-auth\fR] [\fB\-encrypt\fR] [\fB\-config\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts createu\fR \fB\-na\fR\ <\fIuser\ name\fR>+ [\fB\-i\fR\ <\fIuser\ id\fR>+] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR] [\fB\-a\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts cu\fR \fB\-na\fR\ <\fIuser\ name\fR>+ [\fB\-i\fR\ <\fIuser\ id\fR>+] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR] [\fB\-a\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBpts createuser\fR command creates an entry in the Protection Database for each user or machine specified by the \fB\-name\fR argument. A user entry name becomes the user's \s-1AFS\s0 username (the one to provide when authenticating with the \s-1AFS\s0 Authentication Server). A machine entry's name is the machine's \s-1IP\s0 address or a wildcard notation that represents a range of consecutive \s-1IP\s0 addresses (a group of machines on the same network). It is not possible to authenticate as a machine, but a group to which a machine entry belongs can appear on a directory's access control list (\s-1ACL\s0), thereby granting the indicated permissions to any user logged on to the machine. .PP \&\s-1AFS\s0 user IDs (\s-1AFS\s0 UIDs) are positive integers and by default the Protection Server assigns an \s-1AFS UID\s0 that is one greater than the current value of the \f(CW\*(C`max user id\*(C'\fR counter in the Protection Database, incrementing the counter by one for each user. To assign a specific \s-1AFS UID,\s0 use the \fB\-id\fR argument. If any of the specified \s-1AFS\s0 UIDs is greater than the current value of the \f(CW\*(C`max user id\*(C'\fR counter, the counter is reset to that value. It is acceptable to specify an \s-1AFS UID\s0 smaller than the current value of the counter, but the creation operation fails if an existing user or machine entry already has it. To display or set the value of the \f(CW\*(C`max user id\*(C'\fR counter, use the \fBpts listmax\fR or \fBpts setmax\fR command, respectively. .PP The issuer of the \fBpts createuser\fR command is recorded as the entry's creator and the group system:administrators as its owner. .SH "CAUTIONS" .IX Header "CAUTIONS" The Protection Server reserves several \s-1AFS\s0 UIDs, including 0 (zero) and 32766 (anonymous) for internal use, and returns an error if the \fB\-id\fR argument has a reserved value. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-name\fR <\fIuser name\fR>+" 4 .IX Item "-name +" Specifies either a username for a user entry, or an \s-1IP\s0 address (complete or wildcarded) for a machine entry: .RS 4 .IP "\(bu" 4 A username can include up to 63 numbers and lowercase letters, but it is best to make it shorter than eight characters, because many application programs cannot handle longer names. Also, it is best not to include shell metacharacters or other punctuation marks. In particular, the colon (\f(CW\*(C`:\*(C'\fR) and at-sign (\f(CW\*(C`@\*(C'\fR) characters are not acceptable. The period is generally used only in special administrative names, to separate the username and an \&\fIinstance\fR, as in the example \f(CW\*(C`pat.admin\*(C'\fR. .IP "\(bu" 4 A machine identifier is its \s-1IP\s0 address in dotted decimal notation (for example, 192.12.108.240), or a wildcard notation that represents a set of \&\s-1IP\s0 addresses (a group of machines on the same network). The following are acceptable wildcard formats. The letters \f(CW\*(C`W\*(C'\fR, \f(CW\*(C`X\*(C'\fR, \f(CW\*(C`Y\*(C'\fR and \f(CW\*(C`Z\*(C'\fR each represent an actual number from the range 1 through 255. .RS 4 .IP "\(bu" 4 W.X.Y.Z represents a single machine, for example \f(CW192.12.108.240\fR. .IP "\(bu" 4 W.X.Y.0 matches all machines whose \s-1IP\s0 addresses start with the first three numbers. For example, \f(CW192.12.108.0\fR matches both \f(CW192.12.108.119\fR and \&\f(CW192.12.108.120\fR, but does not match \f(CW192.12.105.144\fR. .IP "\(bu" 4 W.X.0.0 matches all machines whose \s-1IP\s0 addresses start with the first two numbers. For example, the address \f(CW192.12.0.0\fR matches both \&\f(CW192.12.106.23\fR and \f(CW192.12.108.120\fR, but does not match \f(CW192.5.30.95\fR. .IP "\(bu" 4 W.0.0.0 matches all machines whose \s-1IP\s0 addresses start with the first number in the specified address. For example, the address \f(CW192.0.0.0\fR matches both \f(CW192.5.30.95\fR and \f(CW192.12.108.120\fR, but does not match \&\f(CW138.255.63.52\fR. .RE .RS 4 .Sp Do not define a machine entry with the name \f(CW0.0.0.0\fR to match every machine. The system:anyuser group is equivalent. .RE .RE .RS 4 .RE .IP "\fB\-id\fR <\fIuser id\fR>+" 4 .IX Item "-id +" Specifies an \s-1AFS UID\s0 for each user or machine entry, rather than allowing the Protection Server to assign it. Provide a positive integer. .Sp If this argument is used and the \fB\-name\fR argument names multiple new entries, it is best to provide an equivalent number of \s-1AFS\s0 UIDs. The first \s-1UID\s0 is assigned to the first entry, the second to the second entry, and so on. If there are fewer UIDs than entries, the Protection Server assigns UIDs to the unmatched entries based on the \f(CW\*(C`max user id\*(C'\fR counter. If there are more UIDs than entries, the excess UIDs are ignored. If any of the UIDs is greater than the current value of the \f(CW\*(C`max user id\*(C'\fR counter, the counter is reset to that value. .IP "\fB\-auth\fR" 4 .IX Item "-auth" Use the calling user's tokens to communicate with the Protection Server. For more details, see \fBpts\fR\|(1). .IP "\fB\-cell\fR <\fIcell name\fR>" 4 .IX Item "-cell " Names the cell in which to run the command. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-config\fR <\fIconfig directory\fR>" 4 .IX Item "-config " Use an alternate config directory. For more details, see \fBpts\fR\|(1). .IP "\fB\-encrypt\fR" 4 .IX Item "-encrypt" Encrypts any communication with the Protection Server. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-force\fR" 4 .IX Item "-force" Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .IP "\fB\-localauth\fR" 4 .IX Item "-localauth" Constructs a server ticket using a key from the local \&\fI/etc/openafs/server/KeyFile\fR file. Do not combine this flag with the \fB\-cell\fR or \fB\-noauth\fR options. For more details, see \fBpts\fR\|(1). .IP "\fB\-noauth\fR" 4 .IX Item "-noauth" Assigns the unprivileged identity anonymous to the issuer. For more details, see \fBpts\fR\|(1). .SH "OUTPUT" .IX Header "OUTPUT" The command generates the following string to confirm creation of each user: .PP .Vb 1 \& User has id .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" The following example creates a Protection Database entry for the user \&\f(CW\*(C`johnson\*(C'\fR. .PP .Vb 1 \& % pts createuser \-name johnson .Ve .PP The following example creates three wildcarded machine entries in the Example Corporation cell. The three entries encompass all of the machines on the company's networks without including machines on other networks: .PP .Vb 1 \& % pts createuser \-name 138.255.0.0 192.12.105.0 192.12.106.0 .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The issuer must belong to the system:administrators group. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBpts\fR\|(1), \&\fBpts_listmax\fR\|(1), \&\fBpts_setmax\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.