1CREATEUSER(1) PostgreSQL Client Applications CREATEUSER(1)
2
3
4
6 createuser - define a new PostgreSQL user account
7
8
10 createuser [ option... ] [ username ]
11
13 createuser creates a new PostgreSQL user (or more precisely, a role).
14 Only superusers and users with CREATEROLE privilege can create new
15 users, so createuser must be invoked by someone who can connect as a
16 superuser or a user with CREATEROLE privilege.
17
18 If you wish to create a new superuser, you must connect as a superuser,
19 not merely with CREATEROLE privilege. Being a superuser implies the
20 ability to bypass all access permission checks within the database, so
21 superuserdom should not be granted lightly.
22
23 createuser is a wrapper around the SQL command CREATE ROLE [cre‐
24 ate_role(7)]. There is no effective difference between creating users
25 via this utility and via other methods for accessing the server.
26
28 createuser accepts the following command-line arguments:
29
30 username
31 Specifies the name of the PostgreSQL user to be created. This
32 name must be different from all existing roles in this Post‐
33 greSQL installation.
34
35 -s
36
37 --superuser
38 The new user will be a superuser.
39
40 -S
41
42 --no-superuser
43 The new user will not be a superuser. This is the default.
44
45 -d
46
47 --createdb
48 The new user will be allowed to create databases.
49
50 -D
51
52 --no-createdb
53 The new user will not be allowed to create databases. This is
54 the default.
55
56 -r
57
58 --createrole
59 The new user will be allowed to create new roles (that is, this
60 user will have CREATEROLE privilege).
61
62 -R
63
64 --no-createrole
65 The new user will not be allowed to create new roles. This is
66 the default.
67
68 -l
69
70 --login
71 The new user will be allowed to log in (that is, the user name
72 can be used as the initial session user identifier). This is
73 the default.
74
75 -L
76
77 --no-login
78 The new user will not be allowed to log in. (A role without
79 login privilege is still useful as a means of managing database
80 permissions.)
81
82 -i
83
84 --inherit
85 The new role will automatically inherit privileges of roles it
86 is a member of. This is the default.
87
88 -I
89
90 --no-inherit
91 The new role will not automatically inherit privileges of roles
92 it is a member of.
93
94 -c number
95
96 --connection-limit number
97 Set a maximum number of connections for the new user. The
98 default is to set no limit.
99
100 -P
101
102 --pwprompt
103 If given, createuser will issue a prompt for the password of the
104 new user. This is not necessary if you do not plan on using
105 password authentication.
106
107 -E
108
109 --encrypted
110 Encrypts the user's password stored in the database. If not
111 specified, the default password behavior is used.
112
113 -N
114
115 --unencrypted
116 Does not encrypt the user's password stored in the database. If
117 not specified, the default password behavior is used.
118
119 -e
120
121 --echo Echo the commands that createuser generates and sends to the
122 server.
123
124 You will be prompted for a name and other missing information if it is
125 not specified on the command line.
126
127 createuser also accepts the following command-line arguments for con‐
128 nection parameters:
129
130 -h host
131
132 --host host
133 Specifies the host name of the machine on which the server is
134 running. If the value begins with a slash, it is used as the
135 directory for the Unix domain socket.
136
137 -p port
138
139 --port port
140 Specifies the TCP port or local Unix domain socket file exten‐
141 sion on which the server is listening for connections.
142
143 -U username
144
145 --username username
146 User name to connect as (not the user name to create).
147
148 -w
149
150 --no-password
151 Never issue a password prompt. If the server requires password
152 authentication and a password is not available by other means
153 such as a .pgpass file, the connection attempt will fail. This
154 option can be useful in batch jobs and scripts where no user is
155 present to enter a password.
156
157 -W
158
159 --password
160 Force createuser to prompt for a password (for connecting to the
161 server, not for the password of the new user).
162
163 This option is never essential, since createuser will automati‐
164 cally prompt for a password if the server demands password
165 authentication. However, createuser will waste a connection
166 attempt finding out that the server wants a password. In some
167 cases it is worth typing -W to avoid the extra connection
168 attempt.
169
171 PGHOST
172
173 PGPORT
174
175 PGUSER Default connection parameters
176
177 This utility, like most other PostgreSQL utilities, also uses the envi‐
178 ronment variables supported by libpq (see in the documentation).
179
181 In case of difficulty, see CREATE ROLE [create_role(7)] and psql(1) for
182 discussions of potential problems and error messages. The database
183 server must be running at the targeted host. Also, any default connec‐
184 tion settings and environment variables used by the libpq front-end
185 library will apply.
186
188 To create a user joe on the default database server:
189
190 $ createuser joe
191 Shall the new role be a superuser? (y/n) n
192 Shall the new role be allowed to create databases? (y/n) n
193 Shall the new role be allowed to create more new roles? (y/n) n
194
195
196 To create the same user joe using the server on host eden, port 5000,
197 avoiding the prompts and taking a look at the underlying command:
198
199 $ createuser -h eden -p 5000 -S -D -R -e joe
200 CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;
201
202
203 To create the user joe as a superuser, and assign a password immedi‐
204 ately:
205
206 $ createuser -P -s -e joe
207 Enter password for new role: xyzzy
208 Enter it again: xyzzy
209 CREATE ROLE joe PASSWORD 'md5b5f5ba1a423792b526f799ae4eb3d59e' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
210
211 In the above example, the new password isn't actually echoed when
212 typed, but we show what was typed for clarity. As you see, the password
213 is encrypted before it is sent to the client. If the option --unen‐
214 crypted is used, the password will appear in the echoed command (and
215 possibly also in the server log and elsewhere), so you don't want to
216 use -e in that case, if anyone else can see your screen.
217
219 dropuser(1), CREATE ROLE [create_role(7)]
220
221
222
223Application 2014-02-17 CREATEUSER(1)