Initializing the Protection Database

Now continue to configure your cell's security systems by populating the Protection Database with the newly created admin user, and permitting it to issue priviledged commands on the AFS filesystem.

  1. Issue the pts createuser command to create a Protection Database entry for the admin user.

    By default, the Protection Server assigns AFS UID 1 (one) to the admin user, because it is the first user entry you are creating. If the local password file (/etc/passwd or equivalent) already has an entry for admin that assigns it a UNIX UID other than 1, it is best to use the -id argument to the pts createuser command to make the new AFS UID match the existing UNIX UID. Otherwise, it is best to accept the default.

       # pts createuser -name admin [-id <AFS UID>]  -noauth
       User admin has id AFS UID
    
  2. Issue the pts adduser command to make the admin user a member of the system:administrators group, and the pts membership command to verify the new membership. Membership in the group enables the admin user to issue privileged pts commands and some privileged fs commands.

       # ./pts adduser admin system:administrators -noauth
       # ./pts membership admin -noauth
       Groups admin (id: 1) is a member of:
         system:administrators
    

  3. Issue the bos restart command with the -all flag to restart the database server processes, so that they start using the new server encryption key.

       # ./bos restart <machine name> -all
       -noauth