USS_ADD(8) AFS Command Reference USS_ADD(8)NAMEuss_add - Creates a user account (deprecated)
SYNOPSIS
uss add -user <login name> [-realname <full name in quotes>]
[-pass <initial password>]
[-pwexpires <password expires in [0..254] days (0 => never)>]
[-server <file server for home volume>]
[-partition <file server's disk partition for home volume>]
[-mount <home directory mount point>]
[-uid <uid to assign the user>]
[-template <pathname of template file>]
[-verbose] [-var <auxiliary argument pairs (Num val)>+]
[-cell <cell name>] [-admin <administrator to authenticate>]
[-dryrun] [-skipauth] [-overwrite] [-help]
uss ad -us <login name> [-r <full name in quotes>]
[-pas <initial password>]
[-pw <password expires in [0..254] days (0 => never)>]
[-se <FileServer for home volume>]
[-par <FileServer's disk partition for home volume>]
[-m <home directory mount point>]
[-ui <uid to assign the user>]
[-t <pathname of template file>] [-ve]
[-va <auxiliary argument pairs (Num val)>+] [-c <cell name>]
[-a <administrator to authenticate>] [-d] [-sk] [-o]
[-h]
CAUTIONS
The uss command suite is currently designed for cells using the
obsolete Authentication Server, and therefore is primarily useful for
sites that have not yet migrated to a Kerberos version 5 KDC. The
Authentication Server and supporting commands will be removed in a
future version of OpenAFS, which may include uss unless someone who
finds it useful converts it to work with a Kerberos version 5 KDC.
DESCRIPTION
The uss add command creates entries in the Protection Database and
Authentication Database for the user name specified by the -user
argument. By default, the Protection Server automatically allocates an
AFS user ID (UID) for the new user; to specify an alternate AFS UID,
include the -uid argument. If a password is provided with the -pass
argument, it is stored as the user's password in the Authentication
Database after conversion into a form suitable for use as an encryption
key. Otherwise, the string "changeme" is assigned as the user's initial
password.
The other results of the command depend on which instructions and which
of a defined set of variables appear in the template file specified
with the -template argument. Many of the command's arguments supply a
value for one of the defined variables, and failure to provide an
argument when the corresponding variable appears in the template file
halts the account creation process at the point where the command
interpreter first encounters the variable in the template file.
To create multiple accounts with a single command, use the uss bulk
command. To delete accounts with a single command, use the uss delete
command.
OPTIONS-user <login name>
Names the user's Authentication Database and Protection Database
entries. It can include up to eight alphanumeric characters, but
not any of the following characters: ":" (colon), "@" (at-sign),
"." (period), space, or newline. Because it becomes the username
(the name under which a user logs in), it is best not to include
shell metacharacters and to obey the restrictions that many
operating systems impose on usernames (usually, to contain no more
than eight lowercase letters).
Corresponding variable in the template file: $USER.
-realname <full name in quotes>
Specifies the user's full name. If it contains spaces or
punctuation, surround it with double quotes. If not provided, it
defaults to the user name provided with the -user argument.
Corresponding variable in the template file: $NAME. Many operating
systems include a field for the full name in a user's entry in the
local password file (/etc/passwd or equivalent), and this variable
can be used to pass a value to be used in that field.
-pass <initial password>
Specifies the user's initial password. Although the AFS commands
that handle passwords accept strings of virtually unlimited length,
it is best to use a password of eight characters or less, which is
the maximum length that many applications and utilities accept. If
not provided, this argument defaults to the string "changeme".
Corresponding variable in the template file: none.
-pwexpires <password expiration>
Sets the number of days after a user's password is changed that it
remains valid. Provide an integer from the range 1 through 254 to
specify the number of days until expiration, or the value 0 to
indicate that the password never expires (the default).
When the password becomes invalid (expires), the user is unable to
authenticate, but has 30 more days in which to issue the kpasswd
command to change the password (after that, only an administrator
can change it).
Corresponding variable in the template file: $PWEXPIRES.
-server <file server name>
Names the file server machine on which to create the new user's
volume. It is best to provide a fully qualified hostname (for
example, "fs1.abc.com"), but an abbreviated form is acceptable
provided that the cell's naming service is available to resolve it
at the time the volume is created.
Corresponding variable in the template file: $SERVER.
-partition <file server partition>
Specifies the partition on which to create the user's volume; it
must be on the file server machine named by the -server argument.
Provide the complete partition name (for example /vicepa) or one of
the following abbreviated forms:
/vicepa = vicepa = a = 0
/vicepb = vicepb = b = 1
After /vicepz (for which the index is 25) comes
/vicepaa = vicepaa = aa = 26
/vicepab = vicepab = ab = 27
and so on through
/vicepiv = vicepiv = iv = 255
Corresponding variable in the template file: $PART.
-mount <home directory mount point>
Specifies the pathname for the user's home directory. Partial
pathnames are interpreted relative to the current working
directory.
Specify the read/write path to the directory, to avoid the failure
that results from attempting to create a new mount point in a read-
only volume. By convention, the read/write path is indicated by
placing a period before the cell name at the pathname's second
level (for example, /afs/.abc.com). For further discussion of the
concept of read/write and read-only paths through the filespace,
see the fs mkmount reference page.
Corresponding variable in template: $MTPT, but in the template
file's "V" instruction only. Occurrences of the $MTPT variable in
template instructions that follow the "V" instruction take their
value from the "V" instruction's mount_point field. Thus the value
of this command line argument becomes the value for the $MTPT
variable in instructions that follow the "V" instruction only if
the string $MTPT appears alone in the "V" instruction's mount_point
field.
-uid <uid to assign the user>
Specifies a positive integer other than 0 (zero) to assign as the
user's AFS UID. If this argument is omitted, the Protection Server
assigns an AFS UID that is one greater than the current value of
the "max user id" counter (use the pts listmax command to display
the counter). If including this argument, it is best first to use
the pts examine command to verify that no existing account already
has the desired AFS UID; it one does, the account creation process
terminates with an error.
Corresponding variable in the template file: $UID.
-template <pathname of template file>
Specifies the pathname of the template file. If this argument is
omitted, the command interpreter searches the following directories
in the indicated order for a file called "uss.template":
· The current working directory.
· /afs/cellname/common/uss, where cellname names the local cell.
· /etc
If the issuer provides a filename other than "uss.template" but
without a pathname, the command interpreter searches for it in the
indicated directories. If the issuer provides a full or partial
pathname, the command interpreter consults the specified file only;
it interprets partial pathnames relative to the current working
directory.
If the specified template file is empty (zero-length), the command
creates Protection and Authentication Database entries only.
uss(5) details the file's format.
-verbose
Produces on the standard output stream a detailed trace of the
command's execution. If this argument is omitted, only warnings and
error messages appear.
-var <auxilliary argument pairs>
Specifies values for each of the number variables $1 through $9
that can appear in the template file. Use the number variables to
assign values to variables in the uss template file that are not
part of the standard set.
Corresponding variables in the template file: $1 through $9.
For each instance of this argument, provide two parts in the
indicated order, separated by a space:
· The integer from the range 1 through 9 that matches the
variable in the template file. Do not precede it with a dollar
sign.
· A string of alphanumeric characters to assign as the value of
the variable.
See the chapter on uss in the OpenAFS Administration Guide for
further explanation.
-cell <cell name>
Specifies the cell in which to run the command. For more details,
see uss(8).
-admin <administrator to authenticate>
Specifies the AFS user name under which to establish authenticated
connections to the AFS server processes that maintain the various
components of a user account. For more details, see uss(8).
-dryrun
Reports actions that the command interpreter needs to perform while
executing the command, without actually performing them. For more
details, see uss(8).
-skipauth
Prevents authentication with the AFS Authentication Server,
allowing a site using Kerberos to substitute that form of
authentication.
-overwrite
Overwrites any directories, files and links that exist in the file
system and for which there are definitions in "D", "E", "F", "L",
or "S" instructions in the template file named by the -template
argument. If this flag is omitted, the command interpreter prompts
once for confirmation that it is to overwrite all such elements.
-help
Prints the online help for this command. All other valid options
are ignored.
EXAMPLES
The combination of the following example uss add command and "V"
instruction in a template file called "uss.tpl" creates Protection and
Authentication Database entries named "smith", and a volume called
"user.smith" with a quota of 2500 kilobyte blocks, mounted at the
pathname /afs/abc.com/usr/smith. The access control list (ACL) on the
mount point grants "smith" all rights.
The issuer of the uss add command provides only the template file's
name, not its complete pathname, because it resides in the current
working directory. The command and "V" instruction appear here on two
lines only for legibility; there are no line breaks in the actual
instruction or command.
V user.$USER $SERVER.abc.com /vice$PART $1 \
/afs/abc.com/usr/$USER $UID $USER all
% uss add -user smith -realname "John Smith" -pass js_pswd \
-server fs2 -partition b -template uss.tpl -var 1 2500
PRIVILEGE REQUIRED
The issuer (or the user named by the -admin argument) must belong to
the system:administrators group in the Protection Database and must
have the "ADMIN" flag turned on in his or her Authentication Database
entry.
If the template contains a "V" instruction, the issuer must be listed
in the /usr/afs/etc/UserList file and must have at least "a"
(administer) and "i" (insert) permissions on the ACL of the directory
that houses the new mount point. If the template file includes
instructions for creating other types of objects (directories, files or
links), the issuer must have each privilege necessary to create them.
SEE ALSOUserList(5), uss(5), fs_mkmount(1), uss(8), uss_bulk(8), uss_delete(8)COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2013-10-09 USS_ADD(8)