Man Linux: Main Page and Category List

NAME

       pts_setfields - Sets privacy flags or quota for a Protection Database
       entry

SYNOPSIS

       pts setfields -nameorid <user or group name or id>+
           [-access <set privacy flags>]
           [-groupquota <set limit on group creation>]
           [-cell <cell name>] [-noauth] [-localauth]
           [-force] [-help]

       pts setf -na <user or group name or id>+
           [-a <set privacy flags>]
           [-g <set limit on group creation>] [-c <cell name>]
           [-no] [-l] [-f] [-h]

DESCRIPTION

       The pts setfields command sets the group-creation quota, the privacy
       flags, or both, associated with each user, machine, or group entry
       specified by the -nameorid argument.

       To examine the current quota and privacy flags, use the pts examine
       command.

CAUTIONS

       Changing a machine or group’s group-creation quota is allowed, but not
       recommended. The concept is meaningless for machines and groups,
       because it is impossible to authenticate as a group or machine.

       Similarly, some privacy flag settings do not have a sensible
       interpretation. OPTIONS specifies the appropriate settings.

OPTIONS

       -nameorid <user or group name or id>+
           Specifies the name or AFS UID of each user, the IP address
           (complete or wildcard-style) of each machine, or the name or AFS
           GID of each machine for which to set privacy flags or group-
           creation quota. It is acceptable to mix users, machines, and groups
           on the same command line, as well as names (IP addresses for
           machines) and IDs. Precede the GID of each group with a hyphen to
           indicate that it is negative.

       -access <privacy flags>
           Specifies the privacy flags to apply to each entry. Provide a
           string of five characters, one for each of the permissions. If this
           option is omitted, the current setting remains unchanged.

           Set each flag to achieve the desired combination of permissions. If
           the following list does not mention a certain setting, it is not
           acceptable. For further discussion of the privacy flags, see
           pts_examine(1).

           ·   The first flag determines who can use the pts examine command
               to display information from a user, machine or group’s
               Protection Database entry.

               ·   Set it to lowercase "s" to permit the members of the
                   system:administrators group to display a user, machine, or
                   group entry, and the associated user to display a user
                   entry.

               ·   Set it to uppercase "S" to permit anyone who can access the
                   cell’s database server machines to display a user, machine,
                   or group entry.

           ·   The second flag determines who can use the pts listowned
               command to list the groups that a user or group owns.

               ·   Set it to the hyphen ("-") to permit the members of the
                   system:administrators group and a user to list the groups
                   he or she owns, or to permit the members of the
                   system:administrators group and a group’s owner to list the
                   groups that a group owns.

               ·   Set it to uppercase letter "O" to permit anyone who can
                   access the cell’s database server machines to list the
                   groups owned by a machine or group entry.

           ·   The third flag determines who can use the pts membership
               command to list the groups to which a user or machine belongs,
               or the users and machines that belong to a group.

               ·   Set it to the hyphen ("-") to permit the members of the
                   system:administrators group and a user to list the groups
                   he or she belongs to, to permit the members of the
                   system:administrators group to list the groups a machine
                   belongs to, or to permit the members of the
                   system:administrators group and a group’s owner to list the
                   users and machines that belong to it.

               ·   Set it to lowercase "m" to permit members of a group to
                   list the other members. (For user and machine entries, this
                   setting is equivalent to the hyphen.)

               ·   Set it to uppercase "M" to permit anyone who can access the
                   cell’s database server machines to list membership
                   information for a user, machine or group.

           ·   The fourth flag determines who can use the pts adduser command
               to add users and machines as members of a group. This flag has
               no sensible interpretation for user and machine entries, but
               must be set nonetheless, preferably to the hyphen.

               ·   Set it to the hyphen ("-") to permit the members of the
                   system:administrators group and the owner of the group to
                   add members.

               ·   Set it to lowercase "a" to permit members of a group to add
                   other members.

               ·   Set it to uppercase "A" to permit anyone who can access the
                   cell’s database server machines to add members to a group.

           ·   The fifth flag determines who can use the pts removeuser
               command to remove users and machines from membership in a
               group. This flag has no sensible interpretation for user and
               machine entries, but must be set nonetheless, preferably to the
               hyphen.

               ·   Set it to the hyphen ("-") to permit the members of the
                   system:administrators group and the owner of the group to
                   remove members.

               ·   Set it to lowercase "r" to permit members of a group to
                   remove other members.

       -groupquota <group creation quota>
           Specifies the number of additional groups a user can create (it
           does not matter how many he or she has created already). Do not
           include this argument for a group or machine entry.

       -cell <cell name>
           Names the cell in which to run the command. For more details, see
           pts(1).

       -noauth
           Assigns the unprivileged identity anonymous to the issuer. For more
           details, see pts(1).

       -localauth
           Constructs a server ticket using a key from the local
           /etc/openafs/server/KeyFile file. Do not combine this flag with the
           -cell or -noauth options. For more details, see pts(1).

       -force
           Enables the command to continue executing as far as possible when
           errors or other problems occur, rather than halting execution at
           the first error.

       -help
           Prints the online help for this command. All other valid options
           are ignored.

EXAMPLES

       The following example changes the privacy flags on the group
       "operators", retaining the default values of the first, second and
       third flags, but setting the fourth and fifth flags to enable the
       group’s members to add and remove other members.

          % pts setfields -nameorid operators -access S-Mar

       The following example changes the privacy flags and sets group quota on
       the user entry "admin". It retains the default values of the first,
       fourth, and fifth flags, but sets the second and third flags, to enable
       anyone to list the groups that "admin" owns and belongs to.  Users
       authenticated as "admin" can create an additional 50 groups.

          % pts setfields -nameorid admin -access SOM-- -groupquota 50

PRIVILEGE REQUIRED

       To edit group entries or set the privacy flags on any type of entry,
       the issuer must own the entry or belong to the system:administrators
       group. To set group-creation quota on a user entry, the issuer must
       belong to the system:administrators group.

SEE ALSO

       pts(1), pts_adduser(1), pts_examine(1), pts_listowned(1),
       pts_membership(1), pts_removeuser(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.
       It was converted from HTML to POD by software written by Chas Williams
       and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.