<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>createuser</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 8.2.14 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="PostgreSQL Client Applications"
HREF="reference-client.html"><LINK
REL="PREVIOUS"
TITLE="createlang"
HREF="app-createlang.html"><LINK
REL="NEXT"
TITLE="dropdb"
HREF="app-dropdb.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2009-09-04T05:25:47"></HEAD
><BODY
CLASS="REFENTRY"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
>PostgreSQL 8.2.14 Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="app-createlang.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="app-createlang.html"
>Fast Backward</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="app-dropdb.html"
>Fast Forward</A
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="app-dropdb.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="APP-CREATEUSER"
></A
><SPAN
CLASS="APPLICATION"
>createuser</SPAN
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN55974"
></A
><H2
>Name</H2
>createuser -- define a new <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> user account</DIV
><A
NAME="AEN55978"
></A
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN55980"
></A
><H2
>Synopsis</H2
><P
><TT
CLASS="COMMAND"
>createuser</TT
> [<TT
CLASS="REPLACEABLE"
><I
>option</I
></TT
>...] [<TT
CLASS="REPLACEABLE"
><I
>username</I
></TT
>]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN55987"
></A
><H2
>Description</H2
><P
> <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> creates a
new <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> user (or more precisely, a role).
Only superusers and users with <TT
CLASS="LITERAL"
>CREATEROLE</TT
> privilege can create
new users, so <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> must be
invoked by someone who can connect as a superuser or a user with
<TT
CLASS="LITERAL"
>CREATEROLE</TT
> privilege.
</P
><P
> If you wish to create a new superuser, you must connect as a
superuser, not merely with <TT
CLASS="LITERAL"
>CREATEROLE</TT
> privilege.
Being a superuser implies the ability to bypass all access permission
checks within the database, so superuserdom should not be granted lightly.
</P
><P
> <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> is a wrapper around the
<ACRONYM
CLASS="ACRONYM"
>SQL</ACRONYM
> command <A
HREF="sql-createrole.html"
><I
>CREATE ROLE</I
></A
>.
There is no effective difference between creating users via
this utility and via other methods for accessing the server.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56001"
></A
><H2
>Options</H2
><P
> <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> accepts the following command-line arguments:
<P
></P
></P><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="REPLACEABLE"
><I
>username</I
></TT
></DT
><DD
><P
> Specifies the name of the <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> user
to be created.
This name must be different from all existing roles in this
<SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> installation.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-s</TT
><BR><TT
CLASS="OPTION"
>--superuser</TT
></DT
><DD
><P
> The new user will be a superuser.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-S</TT
><BR><TT
CLASS="OPTION"
>--no-superuser</TT
></DT
><DD
><P
> The new user will not be a superuser.
This is the default.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-d</TT
><BR><TT
CLASS="OPTION"
>--createdb</TT
></DT
><DD
><P
> The new user will be allowed to create databases.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-D</TT
><BR><TT
CLASS="OPTION"
>--no-createdb</TT
></DT
><DD
><P
> The new user will not be allowed to create databases.
This is the default.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-r</TT
><BR><TT
CLASS="OPTION"
>--createrole</TT
></DT
><DD
><P
> The new user will be allowed to create new roles (that is,
this user will have <TT
CLASS="LITERAL"
>CREATEROLE</TT
> privilege).
</P
></DD
><DT
><TT
CLASS="OPTION"
>-R</TT
><BR><TT
CLASS="OPTION"
>--no-createrole</TT
></DT
><DD
><P
> The new user will not be allowed to create new roles.
This is the default.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-l</TT
><BR><TT
CLASS="OPTION"
>--login</TT
></DT
><DD
><P
> The new user will be allowed to log in (that is, the user name
can be used as the initial session user identifier).
This is the default.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-L</TT
><BR><TT
CLASS="OPTION"
>--no-login</TT
></DT
><DD
><P
> The new user will not be allowed to log in.
(A role without login privilege is still useful as a means of
managing database permissions.)
</P
></DD
><DT
><TT
CLASS="OPTION"
>-i</TT
><BR><TT
CLASS="OPTION"
>--inherit</TT
></DT
><DD
><P
> The new role will automatically inherit privileges of roles
it is a member of.
This is the default.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-I</TT
><BR><TT
CLASS="OPTION"
>--no-inherit</TT
></DT
><DD
><P
> The new role will not automatically inherit privileges of roles
it is a member of.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-c <TT
CLASS="REPLACEABLE"
><I
>number</I
></TT
></TT
><BR><TT
CLASS="OPTION"
>--connection-limit <TT
CLASS="REPLACEABLE"
><I
>number</I
></TT
></TT
></DT
><DD
><P
> Set a maximum number of connections for the new user.
The default is to set no limit.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-P</TT
><BR><TT
CLASS="OPTION"
>--pwprompt</TT
></DT
><DD
><P
> If given, <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> will issue a prompt for
the password of the new user. This is not necessary if you do not plan
on using password authentication.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-E</TT
><BR><TT
CLASS="OPTION"
>--encrypted</TT
></DT
><DD
><P
> Encrypts the user's password stored in the database. If not
specified, the default password behavior is used.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-N</TT
><BR><TT
CLASS="OPTION"
>--unencrypted</TT
></DT
><DD
><P
> Does not encrypt the user's password stored in the database. If
not specified, the default password behavior is used.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-e</TT
><BR><TT
CLASS="OPTION"
>--echo</TT
></DT
><DD
><P
> Echo the commands that <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> generates
and sends to the server.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-q</TT
><BR><TT
CLASS="OPTION"
>--quiet</TT
></DT
><DD
><P
> Do not display a response.
</P
></DD
></DL
></DIV
><P>
</P
><P
> You will be prompted for a name and other missing information if it
is not specified on the command line.
</P
><P
> <SPAN
CLASS="APPLICATION"
>createuser</SPAN
> also accepts the following
command-line arguments for connection parameters:
<P
></P
></P><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="OPTION"
>-h <TT
CLASS="REPLACEABLE"
><I
>host</I
></TT
></TT
><BR><TT
CLASS="OPTION"
>--host <TT
CLASS="REPLACEABLE"
><I
>host</I
></TT
></TT
></DT
><DD
><P
> Specifies the host name of the machine on which the
server
is running. If the value begins with a slash, it is used
as the directory for the Unix domain socket.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-p <TT
CLASS="REPLACEABLE"
><I
>port</I
></TT
></TT
><BR><TT
CLASS="OPTION"
>--port <TT
CLASS="REPLACEABLE"
><I
>port</I
></TT
></TT
></DT
><DD
><P
> Specifies the TCP port or local Unix domain socket file
extension on which the server
is listening for connections.
</P
></DD
><DT
><TT
CLASS="OPTION"
>-U <TT
CLASS="REPLACEABLE"
><I
>username</I
></TT
></TT
><BR><TT
CLASS="OPTION"
>--username <TT
CLASS="REPLACEABLE"
><I
>username</I
></TT
></TT
></DT
><DD
><P
> User name to connect as (not the user name to create).
</P
></DD
><DT
><TT
CLASS="OPTION"
>-W</TT
><BR><TT
CLASS="OPTION"
>--password</TT
></DT
><DD
><P
> Force password prompt (to connect to the server, not for the
password of the new user).
</P
></DD
></DL
></DIV
><P>
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56168"
></A
><H2
>Environment</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="ENVAR"
>PGHOST</TT
><BR><TT
CLASS="ENVAR"
>PGPORT</TT
><BR><TT
CLASS="ENVAR"
>PGUSER</TT
></DT
><DD
><P
> Default connection parameters
</P
></DD
></DL
></DIV
><P
> This utility, like most other <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> utilities,
also uses the environment variables supported by <SPAN
CLASS="APPLICATION"
>libpq</SPAN
>
(see <A
HREF="libpq-envars.html"
>Section 29.12</A
>).
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56184"
></A
><H2
>Diagnostics</H2
><P
> In case of difficulty, see <A
HREF="sql-createrole.html"
><I
>CREATE ROLE</I
></A
> and <A
HREF="app-psql.html"
><SPAN
CLASS="APPLICATION"
>psql</SPAN
></A
> for
discussions of potential problems and error messages.
The database server must be running at the
targeted host. Also, any default connection settings and environment
variables used by the <SPAN
CLASS="APPLICATION"
>libpq</SPAN
> front-end
library will apply.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56190"
></A
><H2
>Examples</H2
><P
> To create a user <TT
CLASS="LITERAL"
>joe</TT
> on the default database
server:
</P><PRE
CLASS="SCREEN"
><SAMP
CLASS="PROMPT"
>$ </SAMP
><KBD
CLASS="USERINPUT"
>createuser joe</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>Shall the new role be a superuser? (y/n) </SAMP
><KBD
CLASS="USERINPUT"
>n</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>Shall the new role be allowed to create databases? (y/n) </SAMP
><KBD
CLASS="USERINPUT"
>n</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>Shall the new role be allowed to create more new roles? (y/n) </SAMP
><KBD
CLASS="USERINPUT"
>n</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>CREATE USER</SAMP
></PRE
><P>
</P
><P
> To create the same user <TT
CLASS="LITERAL"
>joe</TT
> using the
server on host <TT
CLASS="LITERAL"
>eden</TT
>, port 5000, avoiding the prompts and
taking a look at the underlying command:
</P><PRE
CLASS="SCREEN"
><SAMP
CLASS="PROMPT"
>$ </SAMP
><KBD
CLASS="USERINPUT"
>createuser -h eden -p 5000 -S -D -R -e joe</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;</SAMP
>
<SAMP
CLASS="COMPUTEROUTPUT"
>CREATE ROLE</SAMP
></PRE
><P>
</P
><P
> To create the user <TT
CLASS="LITERAL"
>joe</TT
> as a superuser,
and assign a password immediately:
</P><PRE
CLASS="SCREEN"
><SAMP
CLASS="PROMPT"
>$ </SAMP
><KBD
CLASS="USERINPUT"
>createuser -P -s -e joe</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>Enter password for new role: </SAMP
><KBD
CLASS="USERINPUT"
>xyzzy</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>Enter it again: </SAMP
><KBD
CLASS="USERINPUT"
>xyzzy</KBD
>
<SAMP
CLASS="COMPUTEROUTPUT"
>CREATE ROLE joe PASSWORD 'xyzzy' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;</SAMP
>
<SAMP
CLASS="COMPUTEROUTPUT"
>CREATE ROLE</SAMP
></PRE
><P>
In the above example, the new password isn't actually echoed when typed,
but we show what was typed for clarity. However the password
<SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>will</I
></SPAN
> appear in the echoed command, as illustrated —
so you don't want to use <TT
CLASS="LITERAL"
>-e</TT
> when assigning a password, if
anyone else can see your screen.
</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN56225"
></A
><H2
>See Also</H2
><A
HREF="app-dropuser.html"
><SPAN
CLASS="APPLICATION"
>dropuser</SPAN
></A
>, <A
HREF="sql-createrole.html"
><I
>CREATE ROLE</I
></A
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="app-createlang.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="app-dropdb.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><SPAN
CLASS="APPLICATION"
>createlang</SPAN
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="reference-client.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><SPAN
CLASS="APPLICATION"
>dropdb</SPAN
></TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
a866202fe868538f89a755dbcabc378b
>
files
>
8
