pts_createuser - Creates a user, machine or network Protection Service entry
pts createuser -name <user name>+ [-id <user id>+] [-type <user|machine|network>+] [-cell <cell name>] [-noauth] [-localauth] [-force] [-help] [-auth] [-encrypt [<yes|no>]] [-config <configuration file>]
The pts createuser command (alias pts cu) creates a Protection Service entry for each user, machine or network specified by the -name argument. A user or machine entry name becomes the user's or machine's username. A network entry's name is the IP version 4 address or a wildcard notation that represents a contiguous range of IP version 4 addresses. It is not possible to authenticate as a network but a group to which a network entry belongs can appear on an access control list (ACL), thereby granting the indicated permissions to any user, machine or process accessing the /afs file namespace from the specified network addresses.
Auristor User Numbers (AUNs) are positive integers and by default the Protection Service assigns an AUN that is one greater than the current value of the max user id
counter,
incrementing the counter by one for each user created.
To assign a specific AUN,
use the -id argument.
If any of the specified AUNs are greater than the current value of the max user id
counter,
the counter is reset to that value.
It is acceptable to specify an AUN smaller than the current value of the counter,
but the creation operation fails if an existing user,
machine or network entry has been assigned that value.
To display the value of the max user id
counter,
use the pts_listmax(1) command.
To set the value of the max user id
counter,
use the pts_setmax(1) command.
The issuer of the pts createuser command is recorded as the entry's creator and the group system:administrators
as its owner.
The owner of a user,
machine,
or network entry cannot be changed.
Specifies either a username for a user or machine entry, or an IP address (complete or wildcarded) for a network entry:
A username can include up to 63 numbers,
lowercase letters and symbols not including the colon (:
) or at-sign (@
).
Avoiding the use of shell metacharacters or other punctuation marks can improve usability for end users.
Auristor usernames are compared in a case insensitive manner which makes them compatible with Microsoft Windows Active Directory and other Kerberos authentication solutions.
A network identifier is its IP version 4 address in dotted decimal notation (for example,
192.168.108.240),
or a wildcard notation that represents a set of IP version 4 addresses (a sub-network).
The following are acceptable wildcard formats.
The letters W
,
X
,
Y
and Z
each represent an actual number from the range 1 through 255.
W.X.Y.Z represents a single network address,
for example 192.168.108.240
.
W.X.Y.0 matches all IP addresses that start with the first three numbers.
For example,
192.168.108.0
matches both 192.168.108.119
and 192.168.108.120
,
but does not match 192.168.105.144
.
W.X.0.0 matches all IP addresses that start with the first two numbers.
For example,
the address 172.16.0.0
matches both 172.16.106.23
and 172.16.108.120
,
but does not match 172.5.30.95
.
W.0.0.0 matches all IP addresses that start with the first number in the specified address.
For example,
the address 10.0.0.0
matches both 10.5.30.95
and 10.12.108.120
,
but does not match 192.168.63.52
.
Do not define a network entry with the name 0.0.0.0
to match every IP version 4 address.
The system:anyuser
group is equivalent.
Specifies an Auristor User Number (AUN) for each entry, rather than allowing the Protection Service to assign it. Provide a positive integer.
If this argument is used and the -name argument names multiple new entries,
it is best to provide an equivalent number of AUNs.
The first AUN is assigned to the first entry,
the second to the second entry,
and so on.
If there are fewer AUNs than entries,
the Protection Server assigns AUNs to the unmatched entries based on the max user id
counter.
If there are more AUNs than entries,
the excess AUNs are ignored.
If any of the AUNs is greater than the current value of the max user id
counter,
the counter is reset to that value.
Specifies the type of user to create,
one of user (default),
machine or network.
A user entity is implicitly a member of the system:authuser
group.
The machine and network entities are not system:authuser
group members.
If multiple user names are specified with -name, the types provided with -type are used sequentially, and any name with no matching type is assumed to have the default user type. Any additional type values are ignored.
Use the calling user's tokens to communicate with the Protection Server. For more details, see pts(1).
Names the cell in which to run the command. For more details, see pts(1).
Sets the location of the configuration file to be used. The default file is /etc/yfs/yfs-client.conf. For more details, see pts(1).
Enables or disables encryption for any communication with the Protection Server. For more details, see pts(1).
Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.
Prints the online help for this command. All other valid options are ignored.
Constructs a server ticket using a key from the local /etc/yfs/server/KeyFileExt file. Do not combine this flag with the -cell or -noauth options. For more details, see pts(1).
Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).
The Protection Server reserves AUN 32766 and returns an error if the -id argument has that value.
AUN 32766 is the AUN for anonymous
.
The value 0 (zero) is not valid as either an AUN or an AGN.
The command generates the following string to confirm creation of each user:
User <name> has id <id>
The following example creates a Protection Service entry for the user johnson
.
% pts createuser -name johnson
The following example creates three wildcarded network entries.
% pts createuser -name 10.255.0.0 192.168.105.0 172.16.106.0
The issuer must belong to the system:administrators group.
pts(1), pts_listmax(1), pts_setaccess(1), pts_setmax(1)
IBM Corporation 2000. http://www.ibm.com/ All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)
"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)
The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).
"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).
"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.