NAME
pts_adduser - Adds a user or machine to a Protection Database group
SYNOPSIS
pts adduser -user <user name>+ -group <group name>+
[-cell <cell name>] [-noauth] [-localauth] [-force] [-help]
pts ad -u <user name>+ -g <group name>+
[-c <cell name>] [-n] [-l] [-f] [-h]
DESCRIPTION
The pts adduser command adds each user or machine entry named by the
-user argument as a member of each group named by the -group argument.
To remove members of a group, use the pts removeuser command. To list
the groups to which a user or machine belongs, or the members of a
specified group, use the pts membership command.
CAUTIONS
After being added as a group member, a currently authenticated user
must reauthenticate (for example, by issuing the klog command) to
obtain permissions granted to the group on an access control list
(ACL).
OPTIONS
-user <user name>+
Specifies the name of each user or machine entry to add to each
group named by the -group argument. The name of a machine entry
resembles an IP address and can use the wildcard notation described
on the pts createuser reference page. The user or machine entry
must already exist in the Protection Database.
-group <group name>+
Specifies the complete name (including the owner prefix if
applicable) of each group to which to add members. The group entry
must already exist in the Protection Database.
-cell <cell name>
Names the cell in which to run the command. For more details, see
pts(1).
-noauth
Assigns the unprivileged identity anonymous to the issuer. For more
details, see pts(1).
-localauth
Constructs a server ticket using a key from the local
/etc/openafs/server/KeyFile file. The pts command interpreter
presents the ticket to the Protection Server during mutual
authentication. Do not combine this flag with the -cell or -noauth
options. For more details, see pts(1).
-force
Enables the command to continue executing as far as possible when
errors or other problems occur, rather than halting execution at
the first error.
-help
Prints the online help for this command. All other valid options
are ignored.
EXAMPLES
The following example adds user smith to the group
system:administrators.
% pts adduser -user smith -group system:administrators
The following example adds users "jones", "terry", and pat to the
smith:colleagues group.
% pts adduser -user jones terry pat -group smith:colleagues
The following example adds the machine entries in the ABC Corporation
subnet to the group "bin-prot". Because of the IP address range of the
ABC Corporation subnet, the system administrator was able to group the
machines into three machine entries (using the wildcard notation
discussed on the pts createuser reference page).
% pts adduser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot
PRIVILEGE REQUIRED
The required privilege depends on the setting of the fourth privacy
flag in the Protection Database entry for each group named by the
-group argument (use the pts examine command to display the flags):
· If it is the hyphen, only the group’s owner and members of the
system:administrators group can add members.
· If it is lowercase "a", current members of the group can add new
members.
· If it is uppercase "A", anyone who can access the cell’s database
server machines can add new members.
SEE ALSO
pts(1), pts_createuser(1), pts_examine(1), pts_membership(1),
pts_removeuser(1), pts_setfields(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.