mkuser command

Use the mkuser command to create a new user.

Synopsis

smcli [-c] [-prompt] [-user user_name] [-pw password] mkuser -u user_name -p password options

smcli mkuser [-h | -? | --help]

smcli mkuser [-v] -f file_name

smcli mkuser [-v][-d description] [-a add_role_list] [-g add_group_list] [-x timeout]

Operands

The mkuser command takes a user and password as operands. Both are required.
Tips:
  • The user name must be unique.
  • The user name must be no more than 32 characters long. It must begin with a letter and must contain a-z, A-Z,0-9, dash (-), or underscore (_) characters.
  • The user will be required to change the password when initially logging in

Description

Users with an administrator role (SMAdministrator or IBM® FSM Supervisor) authority can use this command to create a new system user.

Options

-a | --addroles add_role_list {roleType:roleName[:resource1[;resource2]...],...}
Add roles for the user by specifying a comma-separated list of roles. Each role entry is listed with a role type and role name, and optionally followed by a role resource or target depending on the role type. The following format is used to list each role entry:
roleType:roleName[:resource1[;resource2]...] where:
  • roleType can be CMM, FSM, or IMM.
  • roleName can be any existing role for the specified type.
  • resource1[;resource2 are the role resources or targets:
    • Resources specified for CMM roles must be centrally managed chassis. To specify all chassis or resources for a CMM role, use "all-chassis."
    • Resources specified for IMM roles must be compute node bays or I/O bays in a centrally managed chassis. To specify all compute node bays or I/O bays for an IMM role, use "all-bays." Always specify one or more chassis or, "all-chassis" when specifying an IMM role.
Tips:
  • Use the lschassisrole command to list existing custom chassis roles.
  • Use the lsrole command to list existing IBM FSM roles.
  • Use the lsCentrallyManagedChassis for a list of all centrally managed chassis.
  • A chassis can be specified using the IP address, host name, or the object identifier (OID) for the CMM in the chassis.
  • To add a CMM role to all centrally managed chassis specify the role type, role, and "all-chassis".
  • To add an IMM role to all bays on a centrally managed chassis, specify the role type, role, "all-bays," and one or more centrally managed chassis or "all-chassis."
  • Use "Supervisor" for an FSM, CMM, or IMM role with all permissions.
  • Use "Operator" for an FSM, CMM, or IMM role with limited permissions.
-d | --desc description
Specifies the description of the user. If the description contains spaces, enclose it in quotation marks.
-f | --file {file_name | -}
Retrieves data either from the input file file_name or from input piped from another command.

To retrieve input piped from another command, specify a hyphen (-) instead of a file name (for example, smcli cmd1 | smcli cmd2 -f -). To retrieve input from a file, specify the full path. If the path contains spaces, enclose it in quotation marks.

Ensure that the file follows the following format:
user_name_1;p:password;any_option_1:value_1,value_2, ...value_n;any_option_2:value_1,value_2, ...value_n; ...any_option_n:value_1,value_2, ...value_nuser_name_2;p:password;any_option_1:value_1,value_2, ...value_n;any_option_2:value_1,value_2, ...value_n; ...any_option_n:value_1,value_2, ...value_n
.
.
.
user_name_n;p:password;any_option_1:value_1,value_2, ...value_n;any_option_2:value_1,value_2, ...value_n; ...any_option_n:value_1,value_2, ...value_n
where:
  • user_name is the user name
  • any_option is optional and any option, such as -A, -a, or -g
  • user_name;p:password is required on each line
  • All any_option:value_1,value_2, ...value_n groupings are separated by a semicolon (;)
  • All any_option and value_1,value_2, ...value_n groupings are separated by a colon (:)
  • All value_1,value_2, ...value_n groupings are separated by a comma (,)
Examples:
  • o Create a new user test and assign SMAdministrator role with access to the Operating Systems resource group. 
    test;p:passw0rd;a:SMAdministrator;Operating Systems
  • Create a new user test and assign SMMonitor role with access to the Operating Systems resource group and SMUser role with access to the Power Systems resource group. 
    test;p:passw0rd;SMMonitor;Operating Systems,SMUser;Power Systems
-g | --addgroups add_group_list
Specifies the group to which the user will belong. Separate multiple groups (group names) with commas.
Tips:
  • Use the lsusergp command to list all user groups.
  • You must add the group smadmin if you are specifying the role FSM:Supervisor.
  • You must add the group smuser if you are specifying the role FSM:Operator.
Note: All users are added to the user group smdefault.
-h | -?
Displays the syntax and a brief description of the command.
Tip: If you specify additional options other than -h | -? | --help, the options are ignored.
-h | --?
Displays the syntax and a brief description of the command.
-p | --password password
Specifies the password for the user. This is a required parameter. This password is set to expired and must be changed the first time that the user attempts to log in. The password must meet the password policy settings in effect. If this option is not specified, mkuser prompts the user for a value.
Note: The specified password must meet the requirements of the system password policy. See Password policy settings for more information.
-u | --username user_name
Specifies the name of the user to be created.
Tips:
  • The name must be unique.
  • The user name must be no more than 32 characters long.
  • The name must begin with a letter and must contain a-z, A-Z, 0-9, dash (-), or underscore (_) characters.
-v | --verbose
Writes verbose messages to standard output.

If this option is not specified, this command suppresses noncritical messages.

-x | --extra timeout
Specify the secure shell (SSH) timeout value in seconds as a key = value pair. For example: 
-x timeout=120

The value sets a timeout interval in seconds after which, if no data has been received from the client, the user's session will end.

The value must be a nonnegative integer less than 2147483648. A value of 0 (zero) means no timeout.

Note: Specifying credentials from a command prompt presents a security risk, since they might be recorded in the shell or other operating system areas.

Exit status

The following codes are returned by this command.
  • 0: The operation completed.
  • 1: A usage error occurred.
  • 21: A specified user group does not exist.
  • 27: A specified attribute is not valid.
  • 52: A specified role does not exist.
  • 65: User already exists.
  • 71: Indicates an internal user registry error.
  • 75: A specified chassis is not centrally managed by the IBM FSM or does not exist.
  • 76: A specified user group does not exist.
  • 81: An internal error occurred. See the logs for details.
  • 110: Command could not complete because an internal error occurred.

Examples

  1. Create a user with a default role.
    smcli mkuser -u newUser -p password
  2. Create a user with an IBM FSM Operator role.
    smcli mkuser -u newUser -p password -a FSM:Operator
  3. Create a user with an IBM FSM Supervisor role.
    smcli mkuser -u newUser -p password -a FSM:Supervisor
  4. Create a user with a CMM custom role for 2 chassis (listed by OID).
    smcli mkuser -u newUser -p password -a "CMM:customRole1:6104;6789"
  5. Create a user with an IMM custom role for specified bays and bay ranges on a chassis (listed by OID).
    smcli mkuser -u newUser -p password -a "IMM:customRole2:bay1;bay6-10;iobay4;6104"
  6. Create a user with an IMM custom role for all bays on multiple chassis (listed by OID).
    smcli mkuser -u newUser -p password -a "IMM:customRole2:all-bays;6104;6604"