<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >createuser</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REV="MADE" HREF="mailto:pgsql-docs@postgresql.org"><LINK REL="HOME" TITLE="PostgreSQL 8.2.14 Documentation" HREF="index.html"><LINK REL="UP" TITLE="PostgreSQL Client Applications" HREF="reference-client.html"><LINK REL="PREVIOUS" TITLE="createlang" HREF="app-createlang.html"><LINK REL="NEXT" TITLE="dropdb" HREF="app-dropdb.html"><LINK REL="STYLESHEET" TYPE="text/css" HREF="stylesheet.css"><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"><META NAME="creation" CONTENT="2009-09-04T05:25:47"></HEAD ><BODY CLASS="REFENTRY" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="5" ALIGN="center" VALIGN="bottom" >PostgreSQL 8.2.14 Documentation</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="top" ><A HREF="app-createlang.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="10%" ALIGN="left" VALIGN="top" ><A HREF="app-createlang.html" >Fast Backward</A ></TD ><TD WIDTH="60%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="top" ><A HREF="app-dropdb.html" >Fast Forward</A ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="top" ><A HREF="app-dropdb.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="APP-CREATEUSER" ></A ><SPAN CLASS="APPLICATION" >createuser</SPAN ></H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN55974" ></A ><H2 >Name</H2 >createuser -- define a new <SPAN CLASS="PRODUCTNAME" >PostgreSQL</SPAN > user account</DIV ><A NAME="AEN55978" ></A ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN55980" ></A ><H2 >Synopsis</H2 ><P ><TT CLASS="COMMAND" >createuser</TT > [<TT CLASS="REPLACEABLE" ><I >option</I ></TT >...] [<TT CLASS="REPLACEABLE" ><I >username</I ></TT >]</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN55987" ></A ><H2 >Description</H2 ><P > <SPAN CLASS="APPLICATION" >createuser</SPAN > creates a new <SPAN CLASS="PRODUCTNAME" >PostgreSQL</SPAN > user (or more precisely, a role). Only superusers and users with <TT CLASS="LITERAL" >CREATEROLE</TT > privilege can create new users, so <SPAN CLASS="APPLICATION" >createuser</SPAN > must be invoked by someone who can connect as a superuser or a user with <TT CLASS="LITERAL" >CREATEROLE</TT > privilege. </P ><P > If you wish to create a new superuser, you must connect as a superuser, not merely with <TT CLASS="LITERAL" >CREATEROLE</TT > privilege. Being a superuser implies the ability to bypass all access permission checks within the database, so superuserdom should not be granted lightly. </P ><P > <SPAN CLASS="APPLICATION" >createuser</SPAN > is a wrapper around the <ACRONYM CLASS="ACRONYM" >SQL</ACRONYM > command <A HREF="sql-createrole.html" ><I >CREATE ROLE</I ></A >. There is no effective difference between creating users via this utility and via other methods for accessing the server. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN56001" ></A ><H2 >Options</H2 ><P > <SPAN CLASS="APPLICATION" >createuser</SPAN > accepts the following command-line arguments: <P ></P ></P><DIV CLASS="VARIABLELIST" ><DL ><DT ><TT CLASS="REPLACEABLE" ><I >username</I ></TT ></DT ><DD ><P > Specifies the name of the <SPAN CLASS="PRODUCTNAME" >PostgreSQL</SPAN > user to be created. This name must be different from all existing roles in this <SPAN CLASS="PRODUCTNAME" >PostgreSQL</SPAN > installation. </P ></DD ><DT ><TT CLASS="OPTION" >-s</TT ><BR><TT CLASS="OPTION" >--superuser</TT ></DT ><DD ><P > The new user will be a superuser. </P ></DD ><DT ><TT CLASS="OPTION" >-S</TT ><BR><TT CLASS="OPTION" >--no-superuser</TT ></DT ><DD ><P > The new user will not be a superuser. This is the default. </P ></DD ><DT ><TT CLASS="OPTION" >-d</TT ><BR><TT CLASS="OPTION" >--createdb</TT ></DT ><DD ><P > The new user will be allowed to create databases. </P ></DD ><DT ><TT CLASS="OPTION" >-D</TT ><BR><TT CLASS="OPTION" >--no-createdb</TT ></DT ><DD ><P > The new user will not be allowed to create databases. This is the default. </P ></DD ><DT ><TT CLASS="OPTION" >-r</TT ><BR><TT CLASS="OPTION" >--createrole</TT ></DT ><DD ><P > The new user will be allowed to create new roles (that is, this user will have <TT CLASS="LITERAL" >CREATEROLE</TT > privilege). </P ></DD ><DT ><TT CLASS="OPTION" >-R</TT ><BR><TT CLASS="OPTION" >--no-createrole</TT ></DT ><DD ><P > The new user will not be allowed to create new roles. This is the default. </P ></DD ><DT ><TT CLASS="OPTION" >-l</TT ><BR><TT CLASS="OPTION" >--login</TT ></DT ><DD ><P > The new user will be allowed to log in (that is, the user name can be used as the initial session user identifier). This is the default. </P ></DD ><DT ><TT CLASS="OPTION" >-L</TT ><BR><TT CLASS="OPTION" >--no-login</TT ></DT ><DD ><P > The new user will not be allowed to log in. (A role without login privilege is still useful as a means of managing database permissions.) </P ></DD ><DT ><TT CLASS="OPTION" >-i</TT ><BR><TT CLASS="OPTION" >--inherit</TT ></DT ><DD ><P > The new role will automatically inherit privileges of roles it is a member of. This is the default. </P ></DD ><DT ><TT CLASS="OPTION" >-I</TT ><BR><TT CLASS="OPTION" >--no-inherit</TT ></DT ><DD ><P > The new role will not automatically inherit privileges of roles it is a member of. </P ></DD ><DT ><TT CLASS="OPTION" >-c <TT CLASS="REPLACEABLE" ><I >number</I ></TT ></TT ><BR><TT CLASS="OPTION" >--connection-limit <TT CLASS="REPLACEABLE" ><I >number</I ></TT ></TT ></DT ><DD ><P > Set a maximum number of connections for the new user. The default is to set no limit. </P ></DD ><DT ><TT CLASS="OPTION" >-P</TT ><BR><TT CLASS="OPTION" >--pwprompt</TT ></DT ><DD ><P > If given, <SPAN CLASS="APPLICATION" >createuser</SPAN > will issue a prompt for the password of the new user. This is not necessary if you do not plan on using password authentication. </P ></DD ><DT ><TT CLASS="OPTION" >-E</TT ><BR><TT CLASS="OPTION" >--encrypted</TT ></DT ><DD ><P > Encrypts the user's password stored in the database. If not specified, the default password behavior is used. </P ></DD ><DT ><TT CLASS="OPTION" >-N</TT ><BR><TT CLASS="OPTION" >--unencrypted</TT ></DT ><DD ><P > Does not encrypt the user's password stored in the database. If not specified, the default password behavior is used. </P ></DD ><DT ><TT CLASS="OPTION" >-e</TT ><BR><TT CLASS="OPTION" >--echo</TT ></DT ><DD ><P > Echo the commands that <SPAN CLASS="APPLICATION" >createuser</SPAN > generates and sends to the server. </P ></DD ><DT ><TT CLASS="OPTION" >-q</TT ><BR><TT CLASS="OPTION" >--quiet</TT ></DT ><DD ><P > Do not display a response. </P ></DD ></DL ></DIV ><P> </P ><P > You will be prompted for a name and other missing information if it is not specified on the command line. </P ><P > <SPAN CLASS="APPLICATION" >createuser</SPAN > also accepts the following command-line arguments for connection parameters: <P ></P ></P><DIV CLASS="VARIABLELIST" ><DL ><DT ><TT CLASS="OPTION" >-h <TT CLASS="REPLACEABLE" ><I >host</I ></TT ></TT ><BR><TT CLASS="OPTION" >--host <TT CLASS="REPLACEABLE" ><I >host</I ></TT ></TT ></DT ><DD ><P > Specifies the host name of the machine on which the server is running. If the value begins with a slash, it is used as the directory for the Unix domain socket. </P ></DD ><DT ><TT CLASS="OPTION" >-p <TT CLASS="REPLACEABLE" ><I >port</I ></TT ></TT ><BR><TT CLASS="OPTION" >--port <TT CLASS="REPLACEABLE" ><I >port</I ></TT ></TT ></DT ><DD ><P > Specifies the TCP port or local Unix domain socket file extension on which the server is listening for connections. </P ></DD ><DT ><TT CLASS="OPTION" >-U <TT CLASS="REPLACEABLE" ><I >username</I ></TT ></TT ><BR><TT CLASS="OPTION" >--username <TT CLASS="REPLACEABLE" ><I >username</I ></TT ></TT ></DT ><DD ><P > User name to connect as (not the user name to create). </P ></DD ><DT ><TT CLASS="OPTION" >-W</TT ><BR><TT CLASS="OPTION" >--password</TT ></DT ><DD ><P > Force password prompt (to connect to the server, not for the password of the new user). </P ></DD ></DL ></DIV ><P> </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN56168" ></A ><H2 >Environment</H2 ><P ></P ><DIV CLASS="VARIABLELIST" ><DL ><DT ><TT CLASS="ENVAR" >PGHOST</TT ><BR><TT CLASS="ENVAR" >PGPORT</TT ><BR><TT CLASS="ENVAR" >PGUSER</TT ></DT ><DD ><P > Default connection parameters </P ></DD ></DL ></DIV ><P > This utility, like most other <SPAN CLASS="PRODUCTNAME" >PostgreSQL</SPAN > utilities, also uses the environment variables supported by <SPAN CLASS="APPLICATION" >libpq</SPAN > (see <A HREF="libpq-envars.html" >Section 29.12</A >). </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN56184" ></A ><H2 >Diagnostics</H2 ><P > In case of difficulty, see <A HREF="sql-createrole.html" ><I >CREATE ROLE</I ></A > and <A HREF="app-psql.html" ><SPAN CLASS="APPLICATION" >psql</SPAN ></A > for discussions of potential problems and error messages. The database server must be running at the targeted host. Also, any default connection settings and environment variables used by the <SPAN CLASS="APPLICATION" >libpq</SPAN > front-end library will apply. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN56190" ></A ><H2 >Examples</H2 ><P > To create a user <TT CLASS="LITERAL" >joe</TT > on the default database server: </P><PRE CLASS="SCREEN" ><SAMP CLASS="PROMPT" >$ </SAMP ><KBD CLASS="USERINPUT" >createuser joe</KBD > <SAMP CLASS="COMPUTEROUTPUT" >Shall the new role be a superuser? (y/n) </SAMP ><KBD CLASS="USERINPUT" >n</KBD > <SAMP CLASS="COMPUTEROUTPUT" >Shall the new role be allowed to create databases? (y/n) </SAMP ><KBD CLASS="USERINPUT" >n</KBD > <SAMP CLASS="COMPUTEROUTPUT" >Shall the new role be allowed to create more new roles? (y/n) </SAMP ><KBD CLASS="USERINPUT" >n</KBD > <SAMP CLASS="COMPUTEROUTPUT" >CREATE USER</SAMP ></PRE ><P> </P ><P > To create the same user <TT CLASS="LITERAL" >joe</TT > using the server on host <TT CLASS="LITERAL" >eden</TT >, port 5000, avoiding the prompts and taking a look at the underlying command: </P><PRE CLASS="SCREEN" ><SAMP CLASS="PROMPT" >$ </SAMP ><KBD CLASS="USERINPUT" >createuser -h eden -p 5000 -S -D -R -e joe</KBD > <SAMP CLASS="COMPUTEROUTPUT" >CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;</SAMP > <SAMP CLASS="COMPUTEROUTPUT" >CREATE ROLE</SAMP ></PRE ><P> </P ><P > To create the user <TT CLASS="LITERAL" >joe</TT > as a superuser, and assign a password immediately: </P><PRE CLASS="SCREEN" ><SAMP CLASS="PROMPT" >$ </SAMP ><KBD CLASS="USERINPUT" >createuser -P -s -e joe</KBD > <SAMP CLASS="COMPUTEROUTPUT" >Enter password for new role: </SAMP ><KBD CLASS="USERINPUT" >xyzzy</KBD > <SAMP CLASS="COMPUTEROUTPUT" >Enter it again: </SAMP ><KBD CLASS="USERINPUT" >xyzzy</KBD > <SAMP CLASS="COMPUTEROUTPUT" >CREATE ROLE joe PASSWORD 'xyzzy' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;</SAMP > <SAMP CLASS="COMPUTEROUTPUT" >CREATE ROLE</SAMP ></PRE ><P> In the above example, the new password isn't actually echoed when typed, but we show what was typed for clarity. However the password <SPAN CLASS="emphasis" ><I CLASS="EMPHASIS" >will</I ></SPAN > appear in the echoed command, as illustrated — so you don't want to use <TT CLASS="LITERAL" >-e</TT > when assigning a password, if anyone else can see your screen. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN56225" ></A ><H2 >See Also</H2 ><A HREF="app-dropuser.html" ><SPAN CLASS="APPLICATION" >dropuser</SPAN ></A >, <A HREF="sql-createrole.html" ><I >CREATE ROLE</I ></A ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="app-createlang.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="app-dropdb.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><SPAN CLASS="APPLICATION" >createlang</SPAN ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="reference-client.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><SPAN CLASS="APPLICATION" >dropdb</SPAN ></TD ></TR ></TABLE ></DIV ></BODY ></HTML >