.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.20) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "USS_ADD 8" .TH USS_ADD 8 "2021-12-09" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" uss_add \- Creates a user account (deprecated) .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBuss add\fR \fB\-user\fR\ <\fIlogin\ name\fR> [\fB\-realname\fR\ <\fIfull\ name\ in\ quotes\fR>] [\fB\-pass\fR\ <\fIinitial\ password\fR>] [\fB\-pwexpires\fR <\fIpassword expires in [0..254] days (0 => never)\fR>] [\fB\-server\fR\ <\fIfile\ server\ for\ home\ volume\fR>] [\fB\-partition\fR\ <\fIfile\ server's\ disk\ partition\ for\ home\ volume\fR>] [\fB\-mount\fR\ <\fIhome\ directory\ mount\ point\fR>] [\fB\-uid\fR\ <\fIuid\ to\ assign\ the\ user\fR>] [\fB\-template\fR\ <\fIpathname\ of\ template\ file\fR>] [\fB\-verbose\fR] [\fB\-var\fR\ <\fIauxiliary\ argument\ pairs\ (Num\ val)\fR>+] [\fB\-cell\fR\ <\fIcell\ name\fR>] [\fB\-admin\fR\ <\fIadministrator\ to\ authenticate\fR>] [\fB\-dryrun\fR] [\fB\-skipauth\fR] [\fB\-overwrite\fR] [\fB\-help\fR] .PP \&\fBuss ad\fR \fB\-us\fR\ <\fIlogin\ name\fR> [\fB\-r\fR\ <\fIfull\ name\ in\ quotes\fR>] [\fB\-pas\fR\ <\fIinitial\ password\fR>] [\fB\-pw\fR <\fIpassword expires in [0..254] days (0 => never)\fR>] [\fB\-se\fR\ <\fIFileServer\ for\ home\ volume\fR>] [\fB\-par\fR\ <\fIFileServer's\ disk\ partition\ for\ home\ volume\fR>] [\fB\-m\fR\ <\fIhome\ directory\ mount\ point\fR>] [\fB\-ui\fR\ <\fIuid\ to\ assign\ the\ user\fR>] [\fB\-t\fR\ <\fIpathname\ of\ template\ file\fR>] [\fB\-ve\fR] [\fB\-va\fR\ <\fIauxiliary\ argument\ pairs\ (Num\ val)\fR>+] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-a\fR\ <\fIadministrator\ to\ authenticate\fR>] [\fB\-d\fR] [\fB\-sk\fR] [\fB\-o\fR] [\fB\-h\fR] .SH "CAUTIONS" .IX Header "CAUTIONS" The \fBuss\fR command suite is currently designed for cells using the obsolete Authentication Server, and therefore is primarily useful for sites that have not yet migrated to a Kerberos version 5 \s-1KDC\s0. The Authentication Server and supporting commands will be removed in a future version of OpenAFS, which may include \fBuss\fR unless someone who finds it useful converts it to work with a Kerberos version 5 \s-1KDC\s0. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBuss add\fR command creates entries in the Protection Database and Authentication Database for the user name specified by the \fB\-user\fR argument. By default, the Protection Server automatically allocates an \s-1AFS\s0 user \s-1ID\s0 (\s-1UID\s0) for the new user; to specify an alternate \s-1AFS\s0 \s-1UID\s0, include the \fB\-uid\fR argument. If a password is provided with the \fB\-pass\fR argument, it is stored as the user's password in the Authentication Database after conversion into a form suitable for use as an encryption key. Otherwise, the string \f(CW\*(C`changeme\*(C'\fR is assigned as the user's initial password. .PP The other results of the command depend on which instructions and which of a defined set of variables appear in the template file specified with the \&\fB\-template\fR argument. Many of the command's arguments supply a value for one of the defined variables, and failure to provide an argument when the corresponding variable appears in the template file halts the account creation process at the point where the command interpreter first encounters the variable in the template file. .PP To create multiple accounts with a single command, use the \fBuss bulk\fR command. To delete accounts with a single command, use the \fBuss delete\fR command. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-user\fR <\fIlogin name\fR>" 4 .IX Item "-user " Names the user's Authentication Database and Protection Database entries. It can include up to eight alphanumeric characters, but not any of the following characters: \f(CW\*(C`:\*(C'\fR (colon), \f(CW\*(C`@\*(C'\fR (at-sign), \f(CW\*(C`.\*(C'\fR (period), space, or newline. Because it becomes the username (the name under which a user logs in), it is best not to include shell metacharacters and to obey the restrictions that many operating systems impose on usernames (usually, to contain no more than eight lowercase letters). .Sp Corresponding variable in the template file: \f(CW$USER\fR. .IP "\fB\-realname\fR <\fIfull name in quotes\fR>" 4 .IX Item "-realname " Specifies the user's full name. If it contains spaces or punctuation, surround it with double quotes. If not provided, it defaults to the user name provided with the \fB\-user\fR argument. .Sp Corresponding variable in the template file: \f(CW$NAME\fR. Many operating systems include a field for the full name in a user's entry in the local password file (\fI/etc/passwd\fR or equivalent), and this variable can be used to pass a value to be used in that field. .IP "\fB\-pass\fR <\fIinitial password\fR>" 4 .IX Item "-pass " Specifies the user's initial password. Although the \s-1AFS\s0 commands that handle passwords accept strings of virtually unlimited length, it is best to use a password of eight characters or less, which is the maximum length that many applications and utilities accept. If not provided, this argument defaults to the string \f(CW\*(C`changeme\*(C'\fR. .Sp Corresponding variable in the template file: none. .IP "\fB\-pwexpires\fR <\fIpassword expiration\fR>" 4 .IX Item "-pwexpires " Sets the number of days after a user's password is changed that it remains valid. Provide an integer from the range \f(CW1\fR through \f(CW254\fR to specify the number of days until expiration, or the value \f(CW0\fR to indicate that the password never expires (the default). .Sp When the password becomes invalid (expires), the user is unable to authenticate, but has 30 more days in which to issue the \fBkpasswd\fR command to change the password (after that, only an administrator can change it). .Sp Corresponding variable in the template file: \f(CW$PWEXPIRES\fR. .IP "\fB\-server\fR <\fIfile server name\fR>" 4 .IX Item "-server " Names the file server machine on which to create the new user's volume. It is best to provide a fully qualified hostname (for example, \&\f(CW\*(C`fs1.example.com\*(C'\fR), but an abbreviated form is acceptable provided that the cell's naming service is available to resolve it at the time the volume is created. .Sp Corresponding variable in the template file: \f(CW$SERVER\fR. .IP "\fB\-partition\fR <\fIfile server partition\fR>" 4 .IX Item "-partition " Specifies the partition on which to create the user's volume; it must be on the file server machine named by the \fB\-server\fR argument. Provide the complete partition name (for example \fI/vicepa\fR) or one of the following abbreviated forms: .Sp .Vb 2 \& /vicepa = vicepa = a = 0 \& /vicepb = vicepb = b = 1 .Ve .Sp After \fI/vicepz\fR (for which the index is 25) comes .Sp .Vb 2 \& /vicepaa = vicepaa = aa = 26 \& /vicepab = vicepab = ab = 27 .Ve .Sp and so on through .Sp .Vb 1 \& /vicepiv = vicepiv = iv = 255 .Ve .Sp Corresponding variable in the template file: \f(CW$PART\fR. .IP "\fB\-mount\fR <\fIhome directory mount point\fR>" 4 .IX Item "-mount " Specifies the pathname for the user's home directory. Partial pathnames are interpreted relative to the current working directory. .Sp Specify the read/write path to the directory, to avoid the failure that results from attempting to create a new mount point in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathname's second level (for example, \&\fI/afs/.example.com\fR). For further discussion of the concept of read/write and read-only paths through the filespace, see the \fBfs mkmount\fR reference page. .Sp Corresponding variable in template: \f(CW$MTPT\fR, but in the template file's \f(CW\*(C`V\*(C'\fR instruction only. Occurrences of the \f(CW$MTPT\fR variable in template instructions that follow the \f(CW\*(C`V\*(C'\fR instruction take their value from the \&\f(CW\*(C`V\*(C'\fR instruction's \fImount_point\fR field. Thus the value of this command line argument becomes the value for the \f(CW$MTPT\fR variable in instructions that follow the \f(CW\*(C`V\*(C'\fR instruction only if the string \f(CW$MTPT\fR appears alone in the \f(CW\*(C`V\*(C'\fR instruction's \fImount_point\fR field. .IP "\fB\-uid\fR <\fIuid to assign the user\fR>" 4 .IX Item "-uid " Specifies a positive integer other than 0 (zero) to assign as the user's \&\s-1AFS\s0 \s-1UID\s0. If this argument is omitted, the Protection Server assigns an \s-1AFS\s0 \&\s-1UID\s0 that is one greater than the current value of the \f(CW\*(C`max user id\*(C'\fR counter (use the \fBpts listmax\fR command to display the counter). If including this argument, it is best first to use the \fBpts examine\fR command to verify that no existing account already has the desired \s-1AFS\s0 \&\s-1UID\s0; it one does, the account creation process terminates with an error. .Sp Corresponding variable in the template file: \f(CW$UID\fR. .IP "\fB\-template\fR <\fIpathname of template file\fR>" 4 .IX Item "-template " Specifies the pathname of the template file. If this argument is omitted, the command interpreter searches the following directories in the indicated order for a file called \f(CW\*(C`uss.template\*(C'\fR: .RS 4 .IP "\(bu" 4 The current working directory. .IP "\(bu" 4 \&\fI/afs/\fIcellname\fI/common/uss\fR, where \fIcellname\fR names the local cell. .IP "\(bu" 4 \&\fI/etc\fR .RE .RS 4 .Sp If the issuer provides a filename other than \f(CW\*(C`uss.template\*(C'\fR but without a pathname, the command interpreter searches for it in the indicated directories. If the issuer provides a full or partial pathname, the command interpreter consults the specified file only; it interprets partial pathnames relative to the current working directory. .Sp If the specified template file is empty (zero-length), the command creates Protection and Authentication Database entries only. .Sp \&\fIuss\fR\|(5) details the file's format. .RE .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" Produces on the standard output stream a detailed trace of the command's execution. If this argument is omitted, only warnings and error messages appear. .IP "\fB\-var\fR <\fIauxilliary argument pairs\fR>" 4 .IX Item "-var " Specifies values for each of the number variables \f(CW$1\fR through \f(CW$9\fR that can appear in the template file. Use the number variables to assign values to variables in the \fBuss\fR template file that are not part of the standard set. .Sp Corresponding variables in the template file: \f(CW$1\fR through \f(CW$9\fR. .Sp For each instance of this argument, provide two parts in the indicated order, separated by a space: .RS 4 .IP "\(bu" 4 The integer from the range \f(CW1\fR through \f(CW9\fR that matches the variable in the template file. Do not precede it with a dollar sign. .IP "\(bu" 4 A string of alphanumeric characters to assign as the value of the variable. .RE .RS 4 .Sp See the chapter on uss in the \fIOpenAFS Administration Guide\fR for further explanation. .RE .IP "\fB\-cell\fR <\fIcell name\fR>" 4 .IX Item "-cell " Specifies the cell in which to run the command. For more details, see \&\fIuss\fR\|(8). .IP "\fB\-admin\fR <\fIadministrator to authenticate\fR>" 4 .IX Item "-admin " Specifies the \s-1AFS\s0 user name under which to establish authenticated connections to the \s-1AFS\s0 server processes that maintain the various components of a user account. For more details, see \fIuss\fR\|(8). .IP "\fB\-dryrun\fR" 4 .IX Item "-dryrun" Reports actions that the command interpreter needs to perform while executing the command, without actually performing them. For more details, see \fIuss\fR\|(8). .IP "\fB\-skipauth\fR" 4 .IX Item "-skipauth" Prevents authentication with the \s-1AFS\s0 Authentication Server, allowing a site using Kerberos to substitute that form of authentication. .IP "\fB\-overwrite\fR" 4 .IX Item "-overwrite" Overwrites any directories, files and links that exist in the file system and for which there are definitions in \f(CW\*(C`D\*(C'\fR, \f(CW\*(C`E\*(C'\fR, \f(CW\*(C`F\*(C'\fR, \f(CW\*(C`L\*(C'\fR, or \f(CW\*(C`S\*(C'\fR instructions in the template file named by the \fB\-template\fR argument. If this flag is omitted, the command interpreter prompts once for confirmation that it is to overwrite all such elements. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH "EXAMPLES" .IX Header "EXAMPLES" The combination of the following example uss add command and \f(CW\*(C`V\*(C'\fR instruction in a template file called \f(CW\*(C`uss.tpl\*(C'\fR creates Protection and Authentication Database entries named \f(CW\*(C`smith\*(C'\fR, and a volume called \&\f(CW\*(C`user.smith\*(C'\fR with a quota of 2500 kilobyte blocks, mounted at the pathname \fI/afs/example.com/usr/smith\fR. The access control list (\s-1ACL\s0) on the mount point grants \f(CW\*(C`smith\*(C'\fR all rights. .PP The issuer of the \fBuss add\fR command provides only the template file's name, not its complete pathname, because it resides in the current working directory. The command and \f(CW\*(C`V\*(C'\fR instruction appear here on two lines only for legibility; there are no line breaks in the actual instruction or command. .PP .Vb 2 \& V user.$USER $SERVER.example.com /vice$PART $1 \e \& /afs/example.com/usr/$USER $UID $USER all \& \& % uss add \-user smith \-realname "John Smith" \-pass js_pswd \e \& \-server fs2 \-partition b \-template uss.tpl \-var 1 2500 .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The issuer (or the user named by the \fB\-admin\fR argument) must belong to the system:administrators group in the Protection Database and must have the \f(CW\*(C`ADMIN\*(C'\fR flag turned on in his or her Authentication Database entry. .PP If the template contains a \f(CW\*(C`V\*(C'\fR instruction, the issuer must be listed in the \fI/usr/afs/etc/UserList\fR file and must have at least \f(CW\*(C`a\*(C'\fR (administer) and \f(CW\*(C`i\*(C'\fR (insert) permissions on the \s-1ACL\s0 of the directory that houses the new mount point. If the template file includes instructions for creating other types of objects (directories, files or links), the issuer must have each privilege necessary to create them. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIUserList\fR\|(5), \&\fIuss\fR\|(5), \&\fIfs_mkmount\fR\|(1), \&\fIuss\fR\|(8), \&\fIuss_bulk\fR\|(8), \&\fIuss_delete\fR\|(8) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.