Use the mkuser command to create either a local or a remote user to access a system.


mkuser -nameuser_name { -remote | -usergrp { group_id | group_name } { -keyfilesshkey_filename | -password [cleartext_password] } }


(Required) Specifies the unique user name. The user name cannot start or end with a blank. The user name must consist of a string of 1 - 256 ASCII characters, with the exception of the following characters: %:",*' .
(Required) Specifies whether the user authenticates to the system using a remote authentication service or system authentication methods. Either the remote parameter or the usergrp parameter must be set. If usergrp is specified, it must be followed by group_name or group_id (see next parameter).
group_name| group_id
(Required if usergrp is specified) The ID or name of the user group with which the local user is to be associated.
-password cleartext_password
(Optional) Specifies the password to be associated with the user. The password cannot start or end with a blank. It must consist of a string of 6 - 64 printable ASCII characters. You can optionally specify the password with the password parameter. If you do not specify the password, the system prompts you for it before running the command and does not display the password that you type.
-keyfile sshkey_filename
(Optional) Specifies the name of the file that contains the Secure Shell (SSH) public key.


The mkuser command creates a new local or remote user to access a system. The command returns the ID of the created user.

You must have the Security Administrator role to create, delete, or change a user.

If you create a local user, you must specify the existing user group that the user belongs to. All local users must have a group. The user group defines roles that provide the user with access to specific operations on the system. You must also specify either the keyfile or password parameter, or both.

If you create a remote user, you must specify both the keyfile and password parameters. Remote users have their groups defined by the remote authentication service.

Up to 400 users can be defined on the system. You can also create new users and assign keys to them.

If you use the keyfile parameter, the SSH key file should be placed in the /tmp directory before running this command. When you run the command, the SSH key is copied into system state and activated for the user, and the input file is deleted.

An invocation example

mkuser -name jane -usergrp Service -password secret

The resulting output:

User, id [1], successfully created