createuser(1)

1CREATEUSER(1)           PostgreSQL Client Applications           CREATEUSER(1)
2
3
4

NAME

6       createuser - define a new PostgreSQL user account
7
8

SYNOPSIS

10       createuser [ option... ]  [ username ]
11

DESCRIPTION

13       createuser  creates  a new PostgreSQL user (or more precisely, a role).
14       Only superusers and users with  CREATEROLE  privilege  can  create  new
15       users,  so  createuser  must be invoked by someone who can connect as a
16       superuser or a user with CREATEROLE privilege.
17
18       If you wish to create a new superuser, you must connect as a superuser,
19       not  merely  with  CREATEROLE privilege.  Being a superuser implies the
20       ability to bypass all access permission checks within the database,  so
21       superuserdom should not be granted lightly.
22
23       createuser  is  a  wrapper  around  the  SQL  command CREATE ROLE [cre‐
24       ate_role(7)].  There is no effective difference between creating  users
25       via this utility and via other methods for accessing the server.
26

OPTIONS

28       createuser accepts the following command-line arguments:
29
30       username
31              Specifies  the  name of the PostgreSQL user to be created.  This
32              name must be different from all existing  roles  in  this  Post‐
33              greSQL installation.
34
35       -s
36
37       --superuser
38              The new user will be a superuser.
39
40       -S
41
42       --no-superuser
43              The new user will not be a superuser.  This is the default.
44
45       -d
46
47       --createdb
48              The new user will be allowed to create databases.
49
50       -D
51
52       --no-createdb
53              The  new  user will not be allowed to create databases.  This is
54              the default.
55
56       -r
57
58       --createrole
59              The new user will be allowed to create new roles (that is,  this
60              user will have CREATEROLE privilege).
61
62       -R
63
64       --no-createrole
65              The  new  user will not be allowed to create new roles.  This is
66              the default.
67
68       -l
69
70       --login
71              The new user will be allowed to log in (that is, the  user  name
72              can  be  used  as the initial session user identifier).  This is
73              the default.
74
75       -L
76
77       --no-login
78              The new user will not be allowed to log  in.   (A  role  without
79              login  privilege is still useful as a means of managing database
80              permissions.)
81
82       -i
83
84       --inherit
85              The new role will automatically inherit privileges of  roles  it
86              is a member of.  This is the default.
87
88       -I
89
90       --no-inherit
91              The  new role will not automatically inherit privileges of roles
92              it is a member of.
93
94       -c number
95
96       --connection-limit number
97              Set a maximum number of  connections  for  the  new  user.   The
98              default is to set no limit.
99
100       -P
101
102       --pwprompt
103              If given, createuser will issue a prompt for the password of the
104              new user. This is not necessary if you  do  not  plan  on  using
105              password authentication.
106
107       -E
108
109       --encrypted
110              Encrypts  the  user's  password  stored  in the database. If not
111              specified, the default password behavior is used.
112
113       -N
114
115       --unencrypted
116              Does not encrypt the user's password stored in the database.  If
117              not specified, the default password behavior is used.
118
119       -e
120
121       --echo Echo  the  commands  that  createuser generates and sends to the
122              server.
123
124       You will be prompted for a name and other missing information if it  is
125       not specified on the command line.
126
127       createuser  also  accepts the following command-line arguments for con‐
128       nection parameters:
129
130       -h host
131
132       --host host
133              Specifies the host name of the machine on which  the  server  is
134              running.  If  the  value  begins with a slash, it is used as the
135              directory for the Unix domain socket.
136
137       -p port
138
139       --port port
140              Specifies the TCP port or local Unix domain socket  file  exten‐
141              sion on which the server is listening for connections.
142
143       -U username
144
145       --username username
146              User name to connect as (not the user name to create).
147
148       -w
149
150       --no-password
151              Never  issue  a password prompt. If the server requires password
152              authentication and a password is not available  by  other  means
153              such  as  a .pgpass file, the connection attempt will fail. This
154              option can be useful in batch jobs and scripts where no user  is
155              present to enter a password.
156
157       -W
158
159       --password
160              Force createuser to prompt for a password (for connecting to the
161              server, not for the password of the new user).
162
163              This option is never essential, since createuser will  automati‐
164              cally  prompt  for  a  password  if  the server demands password
165              authentication.  However, createuser  will  waste  a  connection
166              attempt  finding  out that the server wants a password.  In some
167              cases it is worth  typing  -W  to  avoid  the  extra  connection
168              attempt.
169

ENVIRONMENT

171       PGHOST
172
173       PGPORT
174
175       PGUSER Default connection parameters
176
177       This utility, like most other PostgreSQL utilities, also uses the envi‐
178       ronment variables supported by libpq (see in the documentation).
179

DIAGNOSTICS

181       In case of difficulty, see CREATE ROLE [create_role(7)] and psql(1) for
182       discussions  of  potential  problems  and error messages.  The database
183       server must be running at the targeted host. Also, any default  connec‐
184       tion  settings  and  environment  variables used by the libpq front-end
185       library will apply.
186

EXAMPLES

188       To create a user joe on the default database server:
189
190       $ createuser joe
191       Shall the new role be a superuser? (y/n) n
192       Shall the new role be allowed to create databases? (y/n) n
193       Shall the new role be allowed to create more new roles? (y/n) n
194
195
196       To create the same user joe using the server on host eden,  port  5000,
197       avoiding the prompts and taking a look at the underlying command:
198
199       $ createuser -h eden -p 5000 -S -D -R -e joe
200       CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;
201
202
203       To  create  the  user joe as a superuser, and assign a password immedi‐
204       ately:
205
206       $ createuser -P -s -e joe
207       Enter password for new role: xyzzy
208       Enter it again: xyzzy
209       CREATE ROLE joe PASSWORD 'md5b5f5ba1a423792b526f799ae4eb3d59e' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
210
211       In the above example, the  new  password  isn't  actually  echoed  when
212       typed, but we show what was typed for clarity. As you see, the password
213       is encrypted before it is sent to the client.  If  the  option  --unen‐
214       crypted  is  used,  the password will appear in the echoed command (and
215       possibly also in the server log and elsewhere), so you  don't  want  to
216       use -e in that case, if anyone else can see your screen.
217