|-user <login name>||
Names the users Authentication Database and Protection Database
entries. It can include up to eight alphanumeric characters, but not any
of the following characters: : (colon), @ (at-sign), . (period),
space, or newline. Because it becomes the username (the name under which a
user logs in), it is best not to include shell metacharacters and to obey
the restrictions that many operating systems impose on usernames (usually,
to contain no more than eight lowercase letters).
Corresponding variable in the template file: $USER.
|-realname <full name in quotes>||
Specifies the users full name. If it contains spaces or punctuation,
surround it with double quotes. If not provided, it defaults to the user
name provided with the -user argument.
Corresponding variable in the template file: $NAME. Many operating systems include a field for the full name in a users entry in the local password file (/etc/passwd or equivalent), and this variable can be used to pass a value to be used in that field.
|-pass <initial password>||
Specifies the users initial password. Although the AFS commands that
handle passwords accept strings of virtually unlimited length, it is best
to use a password of eight characters or less, which is the maximum length
that many applications and utilities accept. If not provided, this
argument defaults to the string changeme.
Corresponding variable in the template file: none.
|-pwexpires <password expiration>||
Sets the number of days after a users password is changed that it remains
valid. Provide an integer from the range 1 through 254 to specify
the number of days until expiration, or the value 0 to indicate that
the password never expires (the default).
When the password becomes invalid (expires), the user is unable to authenticate, but has 30 more days in which to issue the kpasswd command to change the password (after that, only an administrator can change it).
Corresponding variable in the template file: $PWEXPIRES.
|-server <file server name>||
Names the file server machine on which to create the new users volume. It
is best to provide a fully qualified hostname (for example,
fs1.abc.com), but an abbreviated form is acceptable provided that the
cells naming service is available to resolve it at the time the volume is
Corresponding variable in the template file: $SERVER.
|-partition <file server partition>||
Specifies the partition on which to create the users volume; it must be
on the file server machine named by the -server argument. Provide the
complete partition name (for example /vicepa) or one of the following
After /vicepz (for which the index is 25) comes
and so on through
Corresponding variable in the template file: $PART.
|-mount <home directory mount point>||
Specifies the pathname for the users home directory. Partial pathnames
are interpreted relative to the current working directory.
Specify the read/write path to the directory, to avoid the failure that results from attempting to create a new mount point in a read-only volume. By convention, the read/write path is indicated by placing a period before the cell name at the pathnames second level (for example, /afs/.abc.com). For further discussion of the concept of read/write and read-only paths through the filespace, see the fs mkmount reference page.
Corresponding variable in template: $MTPT, but in the template files V instruction only. Occurrences of the $MTPT variable in template instructions that follow the V instruction take their value from the V instructions mount_point field. Thus the value of this command line argument becomes the value for the $MTPT variable in instructions that follow the V instruction only if the string $MTPT appears alone in the V instructions mount_point field.
|-uid <uid to assign the user>||
Specifies a positive integer other than 0 (zero) to assign as the users
AFS UID. If this argument is omitted, the Protection Server assigns an AFS
UID that is one greater than the current value of the max user id
counter (use the pts listmax command to display the counter). If
including this argument, it is best first to use the pts examine
command to verify that no existing account already has the desired AFS
UID; it one does, the account creation process terminates with an error.
Corresponding variable in the template file: $UID.
|-template <pathname of template file>||
Specifies the pathname of the template file. If this argument is omitted,
the command interpreter searches the following directories in the
indicated order for a file called uss.template:
If the issuer provides a filename other than uss.template but without a pathname, the command interpreter searches for it in the indicated directories. If the issuer provides a full or partial pathname, the command interpreter consults the specified file only; it interprets partial pathnames relative to the current working directory.
If the specified template file is empty (zero-length), the command creates Protection and Authentication Database entries only.
uss(5) details the files format.
|-verbose||Produces on the standard output stream a detailed trace of the commands execution. If this argument is omitted, only warnings and error messages appear.|
|-var <auxilliary argument pairs>||
Specifies values for each of the number variables $1 through $9 that can
appear in the template file. Use the number variables to assign values to
variables in the uss template file that are not part of the standard
Corresponding variables in the template file: $1 through $9.
For each instance of this argument, provide two parts in the indicated order, separated by a space:
See the chapter on uss in the OpenAFS Administration Guide for further explanation.
|-cell <cell name>||Specifies the cell in which to run the command. For more details, see uss(8).|
|-admin <administrator to authenticate>||Specifies the AFS user name under which to establish authenticated connections to the AFS server processes that maintain the various components of a user account. For more details, see uss(8).|
|-dryrun||Reports actions that the command interpreter needs to perform while executing the command, without actually performing them. For more details, see uss(8).|
|-skipauth||Prevents authentication with the AFS Authentication Server, allowing a site using Kerberos to substitute that form of authentication.|
|-overwrite||Overwrites any directories, files and links that exist in the file system and for which there are definitions in D, E, F, L, or S instructions in the template file named by the -template argument. If this flag is omitted, the command interpreter prompts once for confirmation that it is to overwrite all such elements.|
|-help||Prints the online help for this command. All other valid options are ignored.|
The combination of the following example uss add command and V instruction in a template file called uss.tpl creates Protection and Authentication Database entries named smith, and a volume called user.smith with a quota of 2500 kilobyte blocks, mounted at the pathname /afs/abc.com/usr/smith. The access control list (ACL) on the mount point grants smith all rights.
The issuer of the uss add command provides only the template files name, not its complete pathname, because it resides in the current working directory. The command and V instruction appear here on two lines only for legibility; there are no line breaks in the actual instruction or command.
V user.$USER $SERVER.abc.com /vice$PART $1 \ /afs/abc.com/usr/$USER $UID $USER all % uss add -user smith -realname "John Smith" -pass js_pswd \ -server fs2 -partition b -template uss.tpl -var 1 2500
The issuer (or the user named by the -admin argument) must belong to the system:administrators group in the Protection Database and must have the ADMIN flag turned on in his or her Authentication Database entry.
If the template contains a V instruction, the issuer must be listed in the /usr/local/etc/openafs/server/UserList file and must have at least a (administer) and i (insert) permissions on the ACL of the directory that houses the new mount point. If the template file includes instructions for creating other types of objects (directories, files or links), the issuer must have each privilege necessary to create them.
UserList(5), uss(5), fs_mkmount(1), uss(8), uss_bulk(8), uss_delete(8)
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.