| 1 | =head1 NAME |
| 2 | |
| 3 | pts_createuser - Creates a user or machine entry in the Protection Database |
| 4 | |
| 5 | =head1 SYNOPSIS |
| 6 | |
| 7 | =for html |
| 8 | <div class="synopsis"> |
| 9 | |
| 10 | B<pts createuser> S<<< B<-name> <I<user name>>+ >>> S<<< [B<-id> <I<user id>>+] >>> |
| 11 | S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-force>] |
| 12 | [B<-help>] [B<-auth>] [B<-encrypt>] S<<< [B<-config> <I<config directory>>] >>> |
| 13 | |
| 14 | B<pts createu> S<<< B<-na> <I<user name>>+ >>> S<<< [B<-i> <I<user id>>+] >>> |
| 15 | S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] |
| 16 | [B<-a>] [B<-e>] S<<< [B<-co> <I<config directory>>] >>> |
| 17 | |
| 18 | B<pts cu> S<<< B<-na> <I<user name>>+ >>> S<<< [B<-i> <I<user id>>+] >>> |
| 19 | S<<< [B<-c> <I<cell name>>] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] |
| 20 | [B<-a>] [B<-e>] S<<< [B<-co> <I<config directory>>] >>> |
| 21 | |
| 22 | =for html |
| 23 | </div> |
| 24 | |
| 25 | =head1 DESCRIPTION |
| 26 | |
| 27 | The B<pts createuser> command creates an entry in the Protection Database |
| 28 | for each user or machine specified by the B<-name> argument. A user entry |
| 29 | name becomes the user's AFS username (the one to provide when |
| 30 | authenticating with the AFS Authentication Server). A machine entry's |
| 31 | name is the machine's IP address or a wildcard notation that represents a |
| 32 | range of consecutive IP addresses (a group of machines on the same |
| 33 | network). It is not possible to authenticate as a machine, but a group to |
| 34 | which a machine entry belongs can appear on a directory's access control |
| 35 | list (ACL), thereby granting the indicated permissions to any user logged |
| 36 | on to the machine. |
| 37 | |
| 38 | AFS user IDs (AFS UIDs) are positive integers and by default the |
| 39 | Protection Server assigns an AFS UID that is one greater than the current |
| 40 | value of the C<max user id> counter in the Protection Database, |
| 41 | incrementing the counter by one for each user. To assign a specific AFS |
| 42 | UID, use the B<-id> argument. If any of the specified AFS UIDs is greater |
| 43 | than the current value of the C<max user id> counter, the counter is reset |
| 44 | to that value. It is acceptable to specify an AFS UID smaller than the |
| 45 | current value of the counter, but the creation operation fails if an |
| 46 | existing user or machine entry already has it. To display or set the value |
| 47 | of the C<max user id> counter, use the B<pts listmax> or B<pts setmax> |
| 48 | command, respectively. |
| 49 | |
| 50 | The issuer of the B<pts createuser> command is recorded as the entry's |
| 51 | creator and the group system:administrators as its owner. |
| 52 | |
| 53 | =head1 CAUTIONS |
| 54 | |
| 55 | The Protection Server reserves several AFS UIDs, including 0 (zero) and |
| 56 | 32766 (anonymous) for internal use, and returns an error if |
| 57 | the B<-id> argument has a reserved value. |
| 58 | |
| 59 | =head1 OPTIONS |
| 60 | |
| 61 | =over 4 |
| 62 | |
| 63 | =item B<-name> <I<user name>>+ |
| 64 | |
| 65 | Specifies either a username for a user entry, or an IP address (complete |
| 66 | or wildcarded) for a machine entry: |
| 67 | |
| 68 | =over 4 |
| 69 | |
| 70 | =item * |
| 71 | |
| 72 | A username can include up to 63 numbers and lowercase letters, but it is |
| 73 | best to make it shorter than eight characters, because many application |
| 74 | programs cannot handle longer names. Also, it is best not to include shell |
| 75 | metacharacters or other punctuation marks. In particular, the colon (C<:>) |
| 76 | and at-sign (C<@>) characters are not acceptable. The period is generally |
| 77 | used only in special administrative names, to separate the username and an |
| 78 | I<instance>, as in the example C<pat.admin>. |
| 79 | |
| 80 | =item * |
| 81 | |
| 82 | A machine identifier is its IP address in dotted decimal notation (for |
| 83 | example, 192.12.108.240), or a wildcard notation that represents a set of |
| 84 | IP addresses (a group of machines on the same network). The following are |
| 85 | acceptable wildcard formats. The letters C<W>, C<X>, C<Y> and C<Z> each |
| 86 | represent an actual number from the range 1 through 255. |
| 87 | |
| 88 | =over 4 |
| 89 | |
| 90 | =item * |
| 91 | |
| 92 | W.X.Y.Z represents a single machine, for example C<192.12.108.240>. |
| 93 | |
| 94 | =item * |
| 95 | |
| 96 | W.X.Y.0 matches all machines whose IP addresses start with the first three |
| 97 | numbers. For example, C<192.12.108.0> matches both C<192.12.108.119> and |
| 98 | C<192.12.108.120>, but does not match C<192.12.105.144>. |
| 99 | |
| 100 | =item * |
| 101 | |
| 102 | W.X.0.0 matches all machines whose IP addresses start with the first two |
| 103 | numbers. For example, the address C<192.12.0.0> matches both |
| 104 | C<192.12.106.23> and C<192.12.108.120>, but does not match C<192.5.30.95>. |
| 105 | |
| 106 | =item * |
| 107 | |
| 108 | W.0.0.0 matches all machines whose IP addresses start with the first |
| 109 | number in the specified address. For example, the address C<192.0.0.0> |
| 110 | matches both C<192.5.30.95> and C<192.12.108.120>, but does not match |
| 111 | C<138.255.63.52>. |
| 112 | |
| 113 | =back |
| 114 | |
| 115 | Do not define a machine entry with the name C<0.0.0.0> to match every |
| 116 | machine. The system:anyuser group is equivalent. |
| 117 | |
| 118 | =back |
| 119 | |
| 120 | =item B<-id> <I<user id>>+ |
| 121 | |
| 122 | Specifies an AFS UID for each user or machine entry, rather than allowing |
| 123 | the Protection Server to assign it. Provide a positive integer. |
| 124 | |
| 125 | If this argument is used and the B<-name> argument names multiple new |
| 126 | entries, it is best to provide an equivalent number of AFS UIDs. The |
| 127 | first UID is assigned to the first entry, the second to the second entry, |
| 128 | and so on. If there are fewer UIDs than entries, the Protection Server |
| 129 | assigns UIDs to the unmatched entries based on the C<max user id> |
| 130 | counter. If there are more UIDs than entries, the excess UIDs are |
| 131 | ignored. If any of the UIDs is greater than the current value of the C<max |
| 132 | user id> counter, the counter is reset to that value. |
| 133 | |
| 134 | =include fragments/pts-common.pod |
| 135 | |
| 136 | =back |
| 137 | |
| 138 | =head1 OUTPUT |
| 139 | |
| 140 | The command generates the following string to confirm creation of each |
| 141 | user: |
| 142 | |
| 143 | User <name> has id <id> |
| 144 | |
| 145 | =head1 EXAMPLES |
| 146 | |
| 147 | The following example creates a Protection Database entry for the user |
| 148 | C<johnson>. |
| 149 | |
| 150 | % pts createuser -name johnson |
| 151 | |
| 152 | The following example creates three wildcarded machine entries in the Example |
| 153 | Corporation cell. The three entries encompass all of the machines on the |
| 154 | company's networks without including machines on other networks: |
| 155 | |
| 156 | % pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0 |
| 157 | |
| 158 | =head1 PRIVILEGE REQUIRED |
| 159 | |
| 160 | The issuer must belong to the system:administrators group. |
| 161 | |
| 162 | =head1 SEE ALSO |
| 163 | |
| 164 | L<pts(1)>, |
| 165 | L<pts_listmax(1)>, |
| 166 | L<pts_setmax(1)> |
| 167 | |
| 168 | =head1 COPYRIGHT |
| 169 | |
| 170 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. |
| 171 | |
| 172 | This documentation is covered by the IBM Public License Version 1.0. It was |
| 173 | converted from HTML to POD by software written by Chas Williams and Russ |
| 174 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |