NAME

pts_createuser - Creates a user, machine or network Protection Service entry

SYNOPSIS

pts createuser -name <user name>+ [-id <user id>+] [-type <user|machine|network>+] [-cell <cell name>] [-noauth] [-localauth] [-force] [-help] [-auth] [-encrypt [<yes|no>]] [-config <configuration file>]

DESCRIPTION

The pts createuser command (alias pts cu) creates a Protection Service entry for each user, machine or network specified by the -name argument. A user or machine entry name becomes the user's or machine's username. A network entry's name is the IP version 4 address or a wildcard notation that represents a contiguous range of IP version 4 addresses. It is not possible to authenticate as a network but a group to which a network entry belongs can appear on an access control list (ACL), thereby granting the indicated permissions to any user, machine or process accessing the /afs file namespace from the specified network addresses.

Auristor User Numbers (AUNs) are positive integers and by default the Protection Service assigns an AUN that is one greater than the current value of the max user id counter, incrementing the counter by one for each user created. To assign a specific AUN, use the -id argument. If any of the specified AUNs are greater than the current value of the max user id counter, the counter is reset to that value. It is acceptable to specify an AUN smaller than the current value of the counter, but the creation operation fails if an existing user, machine or network entry has been assigned that value. To display the value of the max user id counter, use the pts_listmax(1) command. To set the value of the max user id counter, use the pts_setmax(1) command.

The issuer of the pts createuser command is recorded as the entry's creator and the group system:administrators as its owner. The owner of a user, machine, or network entry cannot be changed.

OPTIONS

-name <user name>+

Specifies either a username for a user or machine entry, or an IP address (complete or wildcarded) for a network entry:

-id <Auristor User Number>+

Specifies an Auristor User Number (AUN) for each entry, rather than allowing the Protection Service to assign it. Provide a positive integer.

If this argument is used and the -name argument names multiple new entries, it is best to provide an equivalent number of AUNs. The first AUN is assigned to the first entry, the second to the second entry, and so on. If there are fewer AUNs than entries, the Protection Server assigns AUNs to the unmatched entries based on the max user id counter. If there are more AUNs than entries, the excess AUNs are ignored. If any of the AUNs is greater than the current value of the max user id counter, the counter is reset to that value.

-type <user|machine|network>+

Specifies the type of user to create, one of user (default), machine or network. A user entity is implicitly a member of the system:authuser group. The machine and network entities are not system:authuser group members.

If multiple user names are specified with -name, the types provided with -type are used sequentially, and any name with no matching type is assumed to have the default user type. Any additional type values are ignored.

-auth

Use the calling user's tokens to communicate with the Protection Server. For more details, see pts(1).

-cell <cell name>

Names the cell in which to run the command. For more details, see pts(1).

-config <configuration file>

Sets the location of the configuration file to be used. The default file is /etc/yfs/yfs-client.conf. For more details, see pts(1).

-encrypt [<yes|no>]

Enables or disables encryption for any communication with the Protection Server. For more details, see pts(1).

-force

Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.

-help

Prints the online help for this command. All other valid options are ignored.

-localauth

Constructs a server ticket using a key from the local /etc/yfs/server/KeyFileExt file. Do not combine this flag with the -cell or -noauth options. For more details, see pts(1).

-noauth

Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).

CAUTIONS

The Protection Server reserves AUN 32766 and returns an error if the -id argument has that value. AUN 32766 is the AUN for anonymous.

The value 0 (zero) is not valid as either an AUN or an AGN.

OUTPUT

The command generates the following string to confirm creation of each user:

   User <name> has id <id>

EXAMPLES

The following example creates a Protection Service entry for the user johnson.

   % pts createuser -name johnson

The following example creates three wildcarded network entries.

   % pts createuser -name 10.255.0.0 192.168.105.0 172.16.106.0

PRIVILEGE REQUIRED

The issuer must belong to the system:administrators group.

SEE ALSO

pts(1), pts_listmax(1), pts_setaccess(1), pts_setmax(1)

COPYRIGHT

IBM Corporation 2000. http://www.ibm.com/ All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

ACKNOWLEDGEMENTS

"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)

"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)

The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).

"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).

"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.