Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
USS_ADD(8)		     AFS Command Reference		    USS_ADD(8)

NAME
       uss_add - Creates a user	account	(deprecated)

SYNOPSIS
       uss add -user <login name> [-realname <full name	in quotes>]
	   [-pass <initial password>]
	   [-pwexpires <password expires in [0..254] days (0 =_	never)>]
	   [-server <file server for home volume>]
	   [-partition <file server's disk partition for home volume>]
	   [-mount <home directory mount point>]
	   [-uid <uid to assign	the user>]
	   [-template <pathname	of template file>]
	   [-verbose] [-var <auxiliary argument	pairs (Num val)>+]
	   [-cell <cell	name>] [-admin <administrator to authenticate>]
	   [-dryrun] [-skipauth] [-overwrite] [-help]

       uss ad -us <login name> [-r <full name in quotes>]
	   [-pas <initial password>]
	   [-pw	<password expires in [0..254] days (0 =_ never)>]
	   [-se	<FileServer for	home volume>]
	   [-par <FileServer's disk partition for home volume>]
	   [-m <home directory mount point>]
	   [-ui	<uid to	assign the user>]
	   [-t <pathname of template file>] [-ve]
	   [-va	<auxiliary argument pairs (Num val)>+] [-c <cell name>]
	   [-a <administrator to authenticate>]	[-d] [-sk] [-o]
	   [-h]

CAUTIONS
       The uss command suite is	currently designed for cells using the
       obsolete	Authentication Server, and therefore is	primarily useful for
       sites that have not yet migrated	to a Kerberos version 5	KDC. The
       Authentication Server and supporting commands will be removed in	a
       future version of OpenAFS, which	may include uss	unless someone who
       finds it	useful converts	it to work with	a Kerberos version 5 KDC.

DESCRIPTION
       The uss add command creates entries in the Protection Database and
       Authentication Database for the user name specified by the -user
       argument. By default, the Protection Server automatically allocates an
       AFS user	ID (UID) for the new user; to specify an alternate AFS UID,
       include the -uid	argument. If a password	is provided with the -pass
       argument, it is stored as the user's password in	the Authentication
       Database	after conversion into a	form suitable for use as an encryption
       key. Otherwise, the string "changeme" is	assigned as the	user's initial
       password.

       The other results of the	command	depend on which	instructions and which
       of a defined set	of variables appear in the template file specified
       with the	-template argument. Many of the	command's arguments supply a
       value for one of	the defined variables, and failure to provide an
       argument	when the corresponding variable	appears	in the template	file
       halts the account creation process at the point where the command
       interpreter first encounters the	variable in the	template file.

       To create multiple accounts with	a single command, use the uss bulk
       command.	To delete accounts with	a single command, use the uss delete
       command.

OPTIONS
       -user <login name>
	   Names the user's Authentication Database and	Protection Database
	   entries. It can include up to eight alphanumeric characters,	but
	   not any of the following characters:	":" (colon), "@" (at-sign),
	   "." (period), space,	or newline. Because it becomes the username
	   (the	name under which a user	logs in), it is	best not to include
	   shell metacharacters	and to obey the	restrictions that many
	   operating systems impose on usernames (usually, to contain no more
	   than	eight lowercase	letters).

	   Corresponding variable in the template file:	$USER.

       -realname <full name in quotes>
	   Specifies the user's	full name. If it contains spaces or
	   punctuation,	surround it with double	quotes.	If not provided, it
	   defaults to the user	name provided with the -user argument.

	   Corresponding variable in the template file:	$NAME. Many operating
	   systems include a field for the full	name in	a user's entry in the
	   local password file (/etc/passwd or equivalent), and	this variable
	   can be used to pass a value to be used in that field.

       -pass <initial password>
	   Specifies the user's	initial	password. Although the AFS commands
	   that	handle passwords accept	strings	of virtually unlimited length,
	   it is best to use a password	of eight characters or less, which is
	   the maximum length that many	applications and utilities accept. If
	   not provided, this argument defaults	to the string "changeme".

	   Corresponding variable in the template file:	none.

       -pwexpires <password expiration>
	   Sets	the number of days after a user's password is changed that it
	   remains valid. Provide an integer from the range 1 through 254 to
	   specify the number of days until expiration,	or the value 0 to
	   indicate that the password never expires (the default).

	   When	the password becomes invalid (expires),	the user is unable to
	   authenticate, but has 30 more days in which to issue	the kpasswd
	   command to change the password (after that, only an administrator
	   can change it).

	   Corresponding variable in the template file:	$PWEXPIRES.

       -server <file server name>
	   Names the file server machine on which to create the	new user's
	   volume. It is best to provide a fully qualified hostname (for
	   example, "fs1.abc.com"), but	an abbreviated form is acceptable
	   provided that the cell's naming service is available	to resolve it
	   at the time the volume is created.

	   Corresponding variable in the template file:	$SERVER.

       -partition <file	server partition>
	   Specifies the partition on which to create the user's volume; it
	   must	be on the file server machine named by the -server argument.
	   Provide the complete	partition name (for example /vicepa) or	one of
	   the following abbreviated forms:

	      /vicepa	  =	vicepa	    =	   a	  =	 0
	      /vicepb	  =	vicepb	    =	   b	  =	 1

	   After /vicepz (for which the	index is 25) comes

	      /vicepaa	  =	vicepaa	    =	   aa	  =	 26
	      /vicepab	  =	vicepab	    =	   ab	  =	 27

	   and so on through

	      /vicepiv	  =	vicepiv	    =	   iv	  =	 255

	   Corresponding variable in the template file:	$PART.

       -mount <home directory mount point>
	   Specifies the pathname for the user's home directory. Partial
	   pathnames are interpreted relative to the current working
	   directory.

	   Specify the read/write path to the directory, to avoid the failure
	   that	results	from attempting	to create a new	mount point in a read-
	   only	volume.	By convention, the read/write path is indicated	by
	   placing a period before the cell name at the	pathname's second
	   level (for example, /afs/.abc.com). For further discussion of the
	   concept of read/write and read-only paths through the filespace,
	   see the fs mkmount reference	page.

	   Corresponding variable in template: $MTPT, but in the template
	   file's "V" instruction only.	Occurrences of the $MTPT variable in
	   template instructions that follow the "V" instruction take their
	   value from the "V" instruction's mount_point	field. Thus the	value
	   of this command line	argument becomes the value for the $MTPT
	   variable in instructions that follow	the "V"	instruction only if
	   the string $MTPT appears alone in the "V" instruction's mount_point
	   field.

       -uid <uid to assign the user>
	   Specifies a positive	integer	other than 0 (zero) to assign as the
	   user's AFS UID. If this argument is omitted,	the Protection Server
	   assigns an AFS UID that is one greater than the current value of
	   the "max user id" counter (use the pts listmax command to display
	   the counter). If including this argument, it	is best	first to use
	   the pts examine command to verify that no existing account already
	   has the desired AFS UID; it one does, the account creation process
	   terminates with an error.

	   Corresponding variable in the template file:	$UID.

       -template <pathname of template file>
	   Specifies the pathname of the template file.	If this	argument is
	   omitted, the	command	interpreter searches the following directories
	   in the indicated order for a	file called "uss.template":

	   o   The current working directory.

	   o   /afs/cellname/common/uss, where cellname	names the local	cell.

	   o   /etc

	   If the issuer provides a filename other than	"uss.template" but
	   without a pathname, the command interpreter searches	for it in the
	   indicated directories. If the issuer	provides a full	or partial
	   pathname, the command interpreter consults the specified file only;
	   it interprets partial pathnames relative to the current working
	   directory.

	   If the specified template file is empty (zero-length), the command
	   creates Protection and Authentication Database entries only.

	   uss(5) details the file's format.

       -verbose
	   Produces on the standard output stream a detailed trace of the
	   command's execution.	If this	argument is omitted, only warnings and
	   error messages appear.

       -var <auxilliary	argument pairs>
	   Specifies values for	each of	the number variables $1	through	$9
	   that	can appear in the template file. Use the number	variables to
	   assign values to variables in the uss template file that are	not
	   part	of the standard	set.

	   Corresponding variables in the template file: $1 through $9.

	   For each instance of	this argument, provide two parts in the
	   indicated order, separated by a space:

	   o   The integer from	the range 1 through 9 that matches the
	       variable	in the template	file. Do not precede it	with a dollar
	       sign.

	   o   A string	of alphanumeric	characters to assign as	the value of
	       the variable.

	   See the chapter on uss in the OpenAFS Administration	Guide for
	   further explanation.

       -cell <cell name>
	   Specifies the cell in which to run the command. For more details,
	   see uss(8).

       -admin <administrator to	authenticate>
	   Specifies the AFS user name under which to establish	authenticated
	   connections to the AFS server processes that	maintain the various
	   components of a user	account. For more details, see uss(8).

       -dryrun
	   Reports actions that	the command interpreter	needs to perform while
	   executing the command, without actually performing them. For	more
	   details, see	uss(8).

       -skipauth
	   Prevents authentication with	the AFS	Authentication Server,
	   allowing a site using Kerberos to substitute	that form of
	   authentication.

       -overwrite
	   Overwrites any directories, files and links that exist in the file
	   system and for which	there are definitions in "D", "E", "F",	"L",
	   or "S" instructions in the template file named by the -template
	   argument. If	this flag is omitted, the command interpreter prompts
	   once	for confirmation that it is to overwrite all such elements.

       -help
	   Prints the online help for this command. All	other valid options
	   are ignored.

EXAMPLES
       The combination of the following	example	uss add	command	and "V"
       instruction in a	template file called "uss.tpl" creates Protection and
       Authentication Database entries named "smith", and a volume called
       "user.smith" with a quota of 2500 kilobyte blocks, mounted at the
       pathname	/afs/abc.com/usr/smith.	The access control list	(ACL) on the
       mount point grants "smith" all rights.

       The issuer of the uss add command provides only the template file's
       name, not its complete pathname,	because	it resides in the current
       working directory. The command and "V" instruction appear here on two
       lines only for legibility; there	are no line breaks in the actual
       instruction or command.

	  V user.$USER $SERVER.abc.com /vice$PART $1 \
	      /afs/abc.com/usr/$USER $UID $USER	all

	  % uss	add -user smith	-realname "John	Smith" -pass js_pswd \
	      -server fs2 -partition b -template uss.tpl -var 1	2500

PRIVILEGE REQUIRED
       The issuer (or the user named by	the -admin argument) must belong to
       the system:administrators group in the Protection Database and must
       have the	"ADMIN"	flag turned on in his or her Authentication Database
       entry.

       If the template contains	a "V" instruction, the issuer must be listed
       in the /usr/local/etc/openafs/server/UserList file and must have	at
       least "a" (administer) and "i" (insert) permissions on the ACL of the
       directory that houses the new mount point. If the template file
       includes	instructions for creating other	types of objects (directories,
       files or	links),	the issuer must	have each privilege necessary to
       create them.

SEE ALSO
       UserList(5), uss(5), fs_mkmount(1), uss(8), uss_bulk(8),	uss_delete(8)

COPYRIGHT
       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by	the IBM	Public License Version 1.0.
       It was converted	from HTML to POD by software written by	Chas Williams
       and Russ	Allbery, based on work by Alf Wachsmann	and Elizabeth Cassell.

OpenAFS				  2016-12-14			    USS_ADD(8)

NAME | SYNOPSIS | CAUTIONS | DESCRIPTION | OPTIONS | EXAMPLES | PRIVILEGE REQUIRED | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=uss_add&sektion=8&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help