PTS_CREATEUSER(1) AFS Command Reference PTS_CREATEUSER(1)
pts_createuser - Creates a user or machine entry in the Protection Database
pts createuser -name <user name>+ [-id <user id>+]
[-cell <cell name>] [-noauth] [-localauth] [-force]
pts createu -na <user name>+ [-i <user id>+]
[-c <cell name>] [-no] [-l] [-f] [-h]
pts cu -na <user name>+ [-i <user id>+]
[-c <cell name>] [-no] [-l] [-f] [-h]
The pts createuser command creates an entry in the Protection Database for each user or machine specified by the -name argument. A user
entry name becomes the user's AFS username (the one to provide when authenticating with the AFS Authentication Server). A machine entry's
name is the machine's IP address or a wildcard notation that represents a range of consecutive IP addresses (a group of machines on the
same network). It is not possible to authenticate as a machine, but a group to which a machine entry belongs can appear on a directory's
access control list (ACL), thereby granting the indicated permissions to any user logged on to the machine.
AFS user IDs (AFS UIDs) are positive integers and by default the Protection Server assigns an AFS UID that is one greater than the current
value of the "max user id" counter in the Protection Database, incrementing the counter by one for each user. To assign a specific AFS UID,
use the -id argument. If any of the specified AFS UIDs is greater than the current value of the "max user id" counter, the counter is reset
to that value. It is acceptable to specify an AFS UID smaller than the current value of the counter, but the creation operation fails if an
existing user or machine entry already has it. To display or set the value of the "max user id" counter, use the pts listmax or pts setmax
The issuer of the pts createuser command is recorded as the entry's creator and the group system:administrators as its owner.
The Protection Server reserves AFS UID 0 (zero) and returns an error if the -id argument has that value.
-name <user name>+
Specifies either a username for a user entry, or an IP address (complete or wildcarded) for a machine entry:
o A username can include up to 63 numbers and lowercase letters, but it is best to make it shorter than eight characters, because
many application programs cannot handle longer names. Also, it is best not to include shell metacharacters or other punctuation
marks. In particular, the colon (":") and at-sign ("@") characters are not acceptable. The period is generally used only in special
administrative names, to separate the username and an instance, as in the example "pat.admin".
o A machine identifier is its IP address in dotted decimal notation (for example, 126.96.36.199), or a wildcard notation that
represents a set of IP addresses (a group of machines on the same network). The following are acceptable wildcard formats. The
letters "W", "X", "Y" and "Z" each represent an actual number from the range 1 through 255.
o W.X.Y.Z represents a single machine, for example 188.8.131.52.
o W.X.Y.0 matches all machines whose IP addresses start with the first three numbers. For example, 184.108.40.206 matches both
220.127.116.11 and 18.104.22.168, but does not match 22.214.171.124.
o W.X.0.0 matches all machines whose IP addresses start with the first two numbers. For example, the address 126.96.36.199 matches
both 188.8.131.52 and 184.108.40.206, but does not match 220.127.116.11.
o W.0.0.0 matches all machines whose IP addresses start with the first number in the specified address. For example, the address
192.0.0.0 matches both 18.104.22.168 and 22.214.171.124, but does not match 126.96.36.199.
Do not define a machine entry with the name 0.0.0.0 to match every machine. The system:anyuser group is equivalent.
-id <user id>+
Specifies an AFS UID for each user or machine entry, rather than allowing the Protection Server to assign it. Provide a positive
If this argument is used and the -name argument names multiple new entries, it is best to provide an equivalent number of AFS UIDs.
The first UID is assigned to the first entry, the second to the second entry, and so on. If there are fewer UIDs than entries, the
Protection Server assigns UIDs to the unmatched entries based on the "max user id" counter. If there are more UIDs than entries, the
excess UIDs are ignored. If any of the UIDs is greater than the current value of the "max user id" counter, the counter is reset to
-cell <cell name>
Names the cell in which to run the command. For more details, see pts(1).
Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the
Prints the online help for this command. All other valid options are ignored.
Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. Do not combine this flag with the -cell or
-noauth options. For more details, see pts(1).
Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).
The command generates the following string to confirm creation of each user:
User <name> has id <id>
The following example creates a Protection Database entry for the user "johnson".
% pts createuser -name johnson
The following example creates three wildcarded machine entries in the ABC Corporation cell. The three entries encompass all of the machines
on the company's networks without including machines on other networks:
% pts createuser -name 188.8.131.52 184.108.40.206 220.127.116.11
The issuer must belong to the system:administrators group.
pts(1), pts_listmax(1), pts_setmax(1)
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2014-04-08 PTS_CREATEUSER(1)