SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

161

162

163

164

165

166

167

168

169

170

Daemon Mode Commands Operating on the USER

Entity

ADD USER

The ADD USER command adds a new user to the database and has the following syntax:

ADD USER <user-name>

[,ALLOW-CI yes|no ]

[,ALLOW-CI-PROGRAM-OVERRIDE yes|no ]

[,ALLOW-GATEWAY-PORTS yes|no ]

[,ALLOW-MULTIPLE-REMOTE-HOSTS yes|no ]

[,ALLOW-PTY yes|no ]

[,ALLOW-SHELL yes|no ]

[,ALLOW-TCP-FORWARDING yes|no ]

[,ALLOWED-AUTHENTICATIONS ( <method>, <method>, ...) | <method> ]

[,ALLOWED-SUBSYSTEMS ( <subsystem>, <subsystem>, ... ) | <subsystem> ]

[,CI-COMMAND [ <command> ] ]

[,CI-PROGRAM [ <filename> | *MENU* | *MENU* <service> [ FORCE ] ] ]

[,COMMENT <comment> | "<comment containing spaces>" ]

[,CPU-SET [<cpu> | <cpu-range> | ( <cpu-range-list> ) ] ]

[,FROZEN]

[,LIKE <existing-user-name>]

[,OWNER < system-user-name> | *NONE*]

[,PRINCIPAL { <user>@<REALM> | *@<REALM> | *@* } ]

[,PRIORITY -1 | <priority> ]

[,PTY-SERVER { *DEFAULT* | <process-name> } ]

[,PUBLICKEY <key-name> { FINGERPRINT <fingerprint-value> |

FILE <filename> } |

( { FINGERPRINT <fingerprint-value> |

FILE <filename> }

[, COMMENT "<comment>"]

[, LIVE-DATE <date-time>]

[, EXPIRE-DATE <date-time>] )

]...

[,RESTRICTION-PROFILE [<profile-name>] ]

[,SFTP-CPU-SET [<cpu> | <cpu-range> | ( <cpu-range-list> ) ] ]

[,SFTP-GUARDIAN-FILESET ( <pattern>, <pattern>, ... ) ]

[,SFTP-INITIAL-DIRECTORY <directory-path> [LOCKED]]

[,SFTP-PRIORITY [ <number> ] ]

[,SFTP-SECURITY ( [<sftp-attr>] [, <sftp-attr>] ... ) ]

[,SHELL-COMMAND [ <command> ] ]

[,SHELL-ENVIRONMENT [ <filename> ] ]

[,SHELL-PROGRAM [ *DEFAULT* | <path> | *MENU* | *MENU* <service> [ FORCE ] ] ]

[,SYSTEM-USER <system-user-name> | *NONE* ]

Only the <user-name> is mandatory in the command, all other fields are optional.

The individual attributes have the following meaning and syntax:

<user-name>

The name of the user to be added. It is not required that this user is a Guardian user name but Guardian user names like

ADMIN.JOE or alias names can be used. The important bit here is to be aware that this SSH user name is not used as

logon name: The actual Guardian user is defined by the attribute SYSTEM-USER.

It is possible to specify a logon id in double quotes, which allows to execute client commands like ssh

110,23@NonStop.com. But only if SYSTEM-USER is set to "110,23" or the corresponding <group>.<user> value (or an

alias with that logon id) the operations on the NonStop server will be executed with logon id 110,23.

It is also possible to have an unconventional SSH logon name different from the system-user name, for instance, ADD

USER "super.super,test", system-user super.super, when double quotes are used.

ALLOW-CI

168 • SSHCOM Command Reference HP NonStop SSH Reference Manual