<!-- $PostgreSQL: pgsql/doc/src/sgml/ref/createuser.sgml,v 1.41 2005/05/29 03:32:18 momjian Exp $ PostgreSQL documentation --> <refentry id="APP-CREATEUSER"> <refmeta> <refentrytitle id="APP-CREATEUSER-TITLE"><application>createuser</application></refentrytitle> <manvolnum>1</manvolnum> <refmiscinfo>Application</refmiscinfo> </refmeta> <refnamediv> <refname>createuser</refname> <refpurpose>define a new <productname>PostgreSQL</productname> user account</refpurpose> </refnamediv> <indexterm zone="app-createuser"> <primary>createuser</primary> </indexterm> <refsynopsisdiv> <cmdsynopsis> <command>createuser</command> <arg rep="repeat"><replaceable>option</replaceable></arg> <arg><replaceable>username</replaceable></arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>Description</title> <para> <application>createuser</application> creates a new <productname>PostgreSQL</productname> user. Only superusers (users with <literal>usesuper</literal> set in the <literal>pg_shadow</literal> table) can create new <productname>PostgreSQL</productname> users, so <application>createuser</application> must be invoked by someone who can connect as a <productname>PostgreSQL</productname> superuser. </para> <para> Being a superuser also implies the ability to bypass access permission checks within the database, so superuserdom should not be granted lightly. </para> <para> <application>createuser</application> is a wrapper around the <acronym>SQL</acronym> command <xref linkend="SQL-CREATEUSER" endterm="SQL-CREATEUSER-title">. There is no effective difference between creating users via this utility and via other methods for accessing the server. </para> </refsect1> <refsect1> <title>Options</title> <para> <application>createuser</> accepts the following command-line arguments: <variablelist> <varlistentry> <term><replaceable class="parameter">username</replaceable></term> <listitem> <para> Specifies the name of the <productname>PostgreSQL</productname> user to be created. This name must be unique among all users of this <productname>PostgreSQL</productname> installation. </para> </listitem> </varlistentry> <varlistentry> <term><option>-a</></term> <term><option>--adduser</></term> <listitem> <para> The new user is allowed to create other users. (Note: Actually, this makes the new user a <emphasis>superuser</>. The option is poorly named.) </para> </listitem> </varlistentry> <varlistentry> <term><option>-A</></term> <term><option>--no-adduser</></term> <listitem> <para> The new user is not allowed to create other users (i.e., the new user is a regular user, not a superuser). This is the default. </para> </listitem> </varlistentry> <varlistentry> <term><option>-d</></term> <term><option>--createdb</></term> <listitem> <para> The new user is allowed to create databases. </para> </listitem> </varlistentry> <varlistentry> <term><option>-D</></term> <term><option>--no-createdb</></term> <listitem> <para> The new user is not allowed to create databases. This is the default. </para> </listitem> </varlistentry> <varlistentry> <term><option>-e</></term> <term><option>--echo</></term> <listitem> <para> Echo the commands that <application>createuser</application> generates and sends to the server. </para> </listitem> </varlistentry> <varlistentry> <term><option>-E</></term> <term><option>--encrypted</></term> <listitem> <para> Encrypts the user's password stored in the database. If not specified, the default password behavior is used. </para> </listitem> </varlistentry> <varlistentry> <term><option>-i <replaceable class="parameter">number</replaceable></></term> <term><option>--sysid <replaceable class="parameter">number</replaceable></></term> <listitem> <para> Allows you to pick a non-default user ID for the new user. This is not necessary, but some people like it. </para> </listitem> </varlistentry> <varlistentry> <term><option>-N</></term> <term><option>--unencrypted</></term> <listitem> <para> Does not encrypt the user's password stored in the database. If not specified, the default password behavior is used. </para> </listitem> </varlistentry> <varlistentry> <term><option>-P</></term> <term><option>--pwprompt</></term> <listitem> <para> If given, <application>createuser</application> will issue a prompt for the password of the new user. This is not necessary if you do not plan on using password authentication. </para> </listitem> </varlistentry> <varlistentry> <term><option>-q</></term> <term><option>--quiet</></term> <listitem> <para> Do not display a response. </para> </listitem> </varlistentry> </variablelist> </para> <para> You will be prompted for a name and other missing information if it is not specified on the command line. </para> <para> <application>createuser</application> also accepts the following command-line arguments for connection parameters: <variablelist> <varlistentry> <term><option>-h <replaceable class="parameter">host</replaceable></></term> <term><option>--host <replaceable class="parameter">host</replaceable></></term> <listitem> <para> Specifies the host name of the machine on which the server is running. If the value begins with a slash, it is used as the directory for the Unix domain socket. </para> </listitem> </varlistentry> <varlistentry> <term><option>-p <replaceable class="parameter">port</replaceable></></term> <term><option>--port <replaceable class="parameter">port</replaceable></></term> <listitem> <para> Specifies the TCP port or local Unix domain socket file extension on which the server is listening for connections. </para> </listitem> </varlistentry> <varlistentry> <term><option>-U <replaceable class="parameter">username</replaceable></></term> <term><option>--username <replaceable class="parameter">username</replaceable></></term> <listitem> <para> User name to connect as (not the user name to create). </para> </listitem> </varlistentry> <varlistentry> <term><option>-W</></term> <term><option>--password</></term> <listitem> <para> Force password prompt (to connect to the server, not for the password of the new user). </para> </listitem> </varlistentry> </variablelist> </para> </refsect1> <refsect1> <title>Environment</title> <variablelist> <varlistentry> <term><envar>PGHOST</envar></term> <term><envar>PGPORT</envar></term> <term><envar>PGUSER</envar></term> <listitem> <para> Default connection parameters </para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>Diagnostics</title> <para> In case of difficulty, see <xref linkend="SQL-CREATEUSER" endterm="sql-createuser-title"> and <xref linkend="APP-PSQL"> for discussions of potential problems and error messages. The database server must be running at the targeted host. Also, any default connection settings and environment variables used by the <application>libpq</application> front-end library will apply. </para> </refsect1> <refsect1> <title>Examples</title> <para> To create a user <literal>joe</literal> on the default database server: <screen> <prompt>$ </prompt><userinput>createuser joe</userinput> <computeroutput>Shall the new user be allowed to create databases? (y/n) </computeroutput><userinput>n</userinput> <computeroutput>Shall the new user be allowed to create more new users? (y/n) </computeroutput><userinput>n</userinput> <computeroutput>CREATE USER</computeroutput> </screen> </para> <para> To create the same user <literal>joe</literal> using the server on host <literal>eden</>, port 5000, avoiding the prompts and taking a look at the underlying command: <screen> <prompt>$ </prompt><userinput>createuser -h eden -p 5000 -D -A -e joe</userinput> <computeroutput>CREATE USER joe NOCREATEDB NOCREATEUSER;</computeroutput> <computeroutput>CREATE USER</computeroutput> </screen> </para> <para> To create the user <literal>joe</literal> as a superuser, and assign a password immediately: <screen> <prompt>$ </prompt><userinput>createuser -P -d -a -e joe</userinput> <computeroutput>Enter password for new user: </computeroutput><userinput>xyzzy</userinput> <computeroutput>Enter it again: </computeroutput><userinput>xyzzy</userinput> <computeroutput>CREATE USER joe PASSWORD 'xyzzy' CREATEDB CREATEUSER;</computeroutput> <computeroutput>CREATE USER</computeroutput> </screen> In the above example, the new password isn't actually echoed when typed, but we show what was typed for clarity. However the password <emphasis>will</> appear in the echoed command, as illustrated — so you don't want to use <literal>-e</> when assigning a password, if anyone else can see your screen. </para> </refsect1> <refsect1> <title>See Also</title> <simplelist type="inline"> <member><xref linkend="app-dropuser"></member> <member><xref linkend="sql-createuser" endterm="sql-createuser-title"></member> <member>Environment Variables (<xref linkend="libpq-envars">)</member> </simplelist> </refsect1> </refentry> <!-- Keep this comment at the end of the file Local variables: mode: sgml sgml-omittag:nil sgml-shorttag:t sgml-minimize-attributes:nil sgml-always-quote-attributes:t sgml-indent-step:1 sgml-indent-data:t sgml-parent-document:nil sgml-default-dtd-file:"../reference.ced" sgml-exposed-tags:nil sgml-local-catalogs:"/usr/lib/sgml/catalog" sgml-local-ecat-files:nil End: -->