1CREATEUSER(1) PostgreSQL Client Applications CREATEUSER(1)
2
6 createuser - define a new PostgreSQL user account
7
10 createuser [ option... ] [ username ]
11
13 createuser creates a new PostgreSQL user (or more precisely, a role).
14 Only superusers and users with CREATEROLE privilege can create new
15 users, so createuser must be invoked by someone who can connect as a
16 superuser or a user with CREATEROLE privilege.
17 If you wish to create a new superuser, you must connect as a superuser,
19 not merely with CREATEROLE privilege. Being a superuser implies the
20 ability to bypass all access permission checks within the database, so
21 superuserdom should not be granted lightly.
22 createuser is a wrapper around the SQL command CREATE ROLE [cre‐
24 ate_role(7)]. There is no effective difference between creating users
25 via this utility and via other methods for accessing the server.
26
28 createuser accepts the following command-line arguments:
29 username
31 Specifies the name of the PostgreSQL user to be created. This
32 name must be different from all existing roles in this Post‐
33 greSQL installation.
34 -s
36 --superuser
38 The new user will be a superuser.
39 -S
41 --no-superuser
43 The new user will not be a superuser. This is the default.
44 -d
46 --createdb
48 The new user will be allowed to create databases.
49 -D
51 --no-createdb
53 The new user will not be allowed to create databases. This is
54 the default.
55 -r
57 --createrole
59 The new user will be allowed to create new roles (that is, this
60 user will have CREATEROLE privilege).
61 -R
63 --no-createrole
65 The new user will not be allowed to create new roles. This is
66 the default.
67 -l
69 --login
71 The new user will be allowed to log in (that is, the user name
72 can be used as the initial session user identifier). This is
73 the default.
74 -L
76 --no-login
78 The new user will not be allowed to log in. (A role without
79 login privilege is still useful as a means of managing database
80 permissions.)
81 -i
83 --inherit
85 The new role will automatically inherit privileges of roles it
86 is a member of. This is the default.
87 -I
89 --no-inherit
91 The new role will not automatically inherit privileges of roles
92 it is a member of.
93 -c number
95 --connection-limit number
97 Set a maximum number of connections for the new user. The
98 default is to set no limit.
99 -P
101 --pwprompt
103 If given, createuser will issue a prompt for the password of the
104 new user. This is not necessary if you do not plan on using
105 password authentication.
106 -E
108 --encrypted
110 Encrypts the user's password stored in the database. If not
111 specified, the default password behavior is used.
112 -N
114 --unencrypted
116 Does not encrypt the user's password stored in the database. If
117 not specified, the default password behavior is used.
118 -e
120 --echo Echo the commands that createuser generates and sends to the
122 server.
123 -q
125 --quiet
127 Do not display a response.
128 You will be prompted for a name and other missing information if it is
130 not specified on the command line.
131 createuser also accepts the following command-line arguments for con‐
133 nection parameters:
134 -h host
136 --host host
138 Specifies the host name of the machine on which the server is
139 running. If the value begins with a slash, it is used as the
140 directory for the Unix domain socket.
141 -p port
143 --port port
145 Specifies the TCP port or local Unix domain socket file exten‐
146 sion on which the server is listening for connections.
147 -U username
149 --username username
151 User name to connect as (not the user name to create).
152 -W
154 --password
156 Force password prompt (to connect to the server, not for the
157 password of the new user).
158
160 PGHOST
161 PGPORT
163 PGUSER Default connection parameters
165 This utility, like most other PostgreSQL utilities, also uses the envi‐
167 ronment variables supported by libpq (see in the documentation).
168
170 In case of difficulty, see CREATE ROLE [create_role(7)] and psql(1) for
171 discussions of potential problems and error messages. The database
172 server must be running at the targeted host. Also, any default connec‐
173 tion settings and environment variables used by the libpq front-end
174 library will apply.
175
177 To create a user joe on the default database server:
178 $ createuser joe
180 Shall the new role be a superuser? (y/n) n
181 Shall the new role be allowed to create databases? (y/n) n
182 Shall the new role be allowed to create more new roles? (y/n) n
183 CREATE USER
184 To create the same user joe using the server on host eden, port 5000,
187 avoiding the prompts and taking a look at the underlying command:
188 $ createuser -h eden -p 5000 -S -D -R -e joe
190 CREATE ROLE joe NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;
191 CREATE ROLE
192 To create the user joe as a superuser, and assign a password immedi‐
195 ately:
196 $ createuser -P -s -e joe
198 Enter password for new role: xyzzy
199 Enter it again: xyzzy
200 CREATE ROLE joe PASSWORD 'xyzzy' SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
201 CREATE ROLE
202 In the above example, the new password isn't actually echoed when
204 typed, but we show what was typed for clarity. However the password
205 will appear in the echoed command, as illustrated — so you don't want
206 to use -e when assigning a password, if anyone else can see your
207 screen.
208
210 dropuser(1), CREATE ROLE [create_role(7)]
211Application 2008-06-08 CREATEUSER(1)