Initializing the Protection Database

Now continue to configure your cell's security systems by populating the Protection Database with the newly created admin user, and permitting it to issue priviledged commands on the AFS filesystem. There is nothing special about the name "admin"; it is just a convenient name for these instructions. An other name could be used throughout this document, or multiple privileged accounts created.

  1. Issue the pts createuser command to create a Protection Database entry for the admin user.

    By default, the Protection Server assigns AFS UID 1 (one) to the admin user, because it is the first user entry you are creating. If the local password file (/etc/passwd or equivalent) already has an entry for admin that assigns it a UNIX UID other than 1, it is best to use the -id argument to the pts createuser command to make the new AFS UID match the existing UNIX UID. Otherwise, it is best to accept the default.

       # pts createuser -name admin [-id <AFS UID>]  -localauth
       User admin has id AFS UID
    
  2. Issue the pts adduser command to make the admin user a member of the system:administrators group, and the pts membership command to verify the new membership. Membership in the group enables the admin user to issue privileged pts commands and some privileged fs commands.

       # ./pts adduser admin system:administrators -localauth
       # ./pts membership admin -localauth
       Groups admin (id: 1) is a member of:
         system:administrators