From 46651ce6fe013220ed397add242004d764fc0153 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 4 May 2024 14:15:05 +0200 Subject: Adding upstream version 14.5. Signed-off-by: Daniel Baumann --- doc/src/sgml/ref/createuser.sgml | 498 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 498 insertions(+) create mode 100644 doc/src/sgml/ref/createuser.sgml (limited to 'doc/src/sgml/ref/createuser.sgml') diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml new file mode 100644 index 0000000..17579e5 --- /dev/null +++ b/doc/src/sgml/ref/createuser.sgml @@ -0,0 +1,498 @@ + + + + + createuser + + + + createuser + 1 + Application + + + + createuser + define a new PostgreSQL user account + + + + + createuser + connection-option + option + username + + + + + + Description + + createuser creates a + new PostgreSQL user (or more precisely, a role). + Only superusers and users with CREATEROLE privilege can create + new users, so createuser must be + invoked by someone who can connect as a superuser or a user with + CREATEROLE privilege. + + + + If you wish to create a new superuser, you must connect as a + superuser, not merely with CREATEROLE privilege. + Being a superuser implies the ability to bypass all access permission + checks within the database, so superuser access should not be granted lightly. + + + + createuser is a wrapper around the + SQL command CREATE ROLE. + There is no effective difference between creating users via + this utility and via other methods for accessing the server. + + + + + + + Options + + + createuser accepts the following command-line arguments: + + + + username + + + Specifies the name of the PostgreSQL user + to be created. + This name must be different from all existing roles in this + PostgreSQL installation. + + + + + + + + + + Set a maximum number of connections for the new user. + The default is to set no limit. + + + + + + + + + + The new user will be allowed to create databases. + + + + + + + + + + The new user will not be allowed to create databases. This is the + default. + + + + + + + + + + Echo the commands that createuser generates + and sends to the server. + + + + + + + + + + This option is obsolete but still accepted for backward + compatibility. + + + + + + + + + + Indicates role to which this role will be added immediately as a new + member. Multiple roles to which this role will be added as a member + can be specified by writing multiple + switches. + + + + + + + + + + The new role will automatically inherit privileges of roles + it is a member of. + This is the default. + + + + + + + + + + The new role will not automatically inherit privileges of roles + it is a member of. + + + + + + + + + Prompt for the user name if none is specified on the command line, and + also prompt for whichever of the options + /, + /, + / is not specified on the command + line. (This was the default behavior up to PostgreSQL 9.1.) + + + + + + + + + + The new user will be allowed to log in (that is, the user name + can be used as the initial session user identifier). + This is the default. + + + + + + + + + + The new user will not be allowed to log in. + (A role without login privilege is still useful as a means of + managing database permissions.) + + + + + + + + + + If given, createuser will issue a prompt for + the password of the new user. This is not necessary if you do not plan + on using password authentication. + + + + + + + + + + The new user will be allowed to create new roles (that is, + this user will have CREATEROLE privilege). + + + + + + + + + + The new user will not be allowed to create new roles. This is the + default. + + + + + + + + + + The new user will be a superuser. + + + + + + + + + + The new user will not be a superuser. This is the default. + + + + + + + + + + Print the createuser version and exit. + + + + + + + + + The new user will have the REPLICATION privilege, + which is described more fully in the documentation for . + + + + + + + + + The new user will not have the REPLICATION + privilege, which is described more fully in the documentation for . + + + + + + + + + + Show help about createuser command line + arguments, and exit. + + + + + + + + + createuser also accepts the following + command-line arguments for connection parameters: + + + + + + + + Specifies the host name of the machine on which the + server + is running. If the value begins with a slash, it is used + as the directory for the Unix domain socket. + + + + + + + + + + Specifies the TCP port or local Unix domain socket file + extension on which the server + is listening for connections. + + + + + + + + + + User name to connect as (not the user name to create). + + + + + + + + + + Never issue a password prompt. If the server requires + password authentication and a password is not available by + other means such as a .pgpass file, the + connection attempt will fail. This option can be useful in + batch jobs and scripts where no user is present to enter a + password. + + + + + + + + + + Force createuser to prompt for a + password (for connecting to the server, not for the + password of the new user). + + + + This option is never essential, since + createuser will automatically prompt + for a password if the server demands password authentication. + However, createuser will waste a + connection attempt finding out that the server wants a password. + In some cases it is worth typing to avoid the extra + connection attempt. + + + + + + + + + + Environment + + + + PGHOST + PGPORT + PGUSER + + + + Default connection parameters + + + + + + PG_COLOR + + + Specifies whether to use color in diagnostic messages. Possible values + are always, auto and + never. + + + + + + + This utility, like most other PostgreSQL utilities, + also uses the environment variables supported by libpq + (see ). + + + + + + + Diagnostics + + + In case of difficulty, see + and for + discussions of potential problems and error messages. + The database server must be running at the + targeted host. Also, any default connection settings and environment + variables used by the libpq front-end + library will apply. + + + + + + + Examples + + + To create a user joe on the default database + server: + +$ createuser joe + + + + + To create a user joe on the default database + server with prompting for some additional attributes: + +$ createuser --interactive joe +Shall the new role be a superuser? (y/n) n +Shall the new role be allowed to create databases? (y/n) n +Shall the new role be allowed to create more new roles? (y/n) n + + + + + To create the same user joe using the + server on host eden, port 5000, with attributes explicitly specified, + taking a look at the underlying command: + +$ createuser -h eden -p 5000 -S -D -R -e joe +CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN; + + + + + To create the user joe as a superuser, + and assign a password immediately: + +$ createuser -P -s -e joe +Enter password for new role: xyzzy +Enter it again: xyzzy +CREATE ROLE joe PASSWORD 'md5b5f5ba1a423792b526f799ae4eb3d59e' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN; + + In the above example, the new password isn't actually echoed when typed, + but we show what was typed for clarity. As you see, the password is + encrypted before it is sent to the client. + + + + + + See Also + + + + + + + + -- cgit v1.2.3