.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PTS 1" .TH PTS 1 "2021-01-14" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" pts \- Introduction to the pts command suite .SH "DESCRIPTION" .IX Header "DESCRIPTION" The commands in the \fBpts\fR command suite are the administrative interface to the Protection Server, which runs on each database server machine in a cell and maintains the Protection Database. The database stores the information that \s-1AFS\s0 uses to augment and refine the standard \s-1UNIX\s0 scheme for controlling access to files and directories. .PP Instead of relying only on the mode bits that define access rights for individual files, \s-1AFS\s0 associates an access control list (\s-1ACL\s0) with each directory. The \s-1ACL\s0 lists users and groups and specifies which of seven possible access permissions they have for the directory and the files it contains. (It is still possible to set a directory or file's mode bits, but \s-1AFS\s0 interprets them in its own way; see the chapter on protection in the \fIOpenAFS Administration Guide\fR for details.) .PP \&\s-1AFS\s0 enables users to define groups in the Protection Database and place them on ACLs to extend a set of rights to multiple users simultaneously. Groups simplify administration by making it possible to add someone to many ACLs by adding them to a group that already exists on those ACLs. Machines can also be members of a group, so that users logged into the machine automatically inherit the permissions granted to the group. .PP There are several categories of commands in the pts command suite: .IP "\(bu" 4 Commands to create and remove Protection Database entries: \&\fBpts creategroup\fR, \&\fBpts createuser\fR, and \fBpts delete\fR. .IP "\(bu" 4 Commands to administer and display group membership: \&\fBpts adduser\fR, \&\fBpts listowned\fR, \&\fBpts membership\fR, and \fBpts removeuser\fR. .IP "\(bu" 4 Commands to administer and display properties of user and group entries other than membership: \&\fBpts chown\fR, \&\fBpts examine\fR, \&\fBpts listentries\fR, \&\fBpts rename\fR, and \fBpts setfields\fR. .IP "\(bu" 4 Commands to set and examine the counters used when assigning IDs to users and groups: \&\fBpts listmax\fR and \fBpts setmax\fR. .IP "\(bu" 4 Commands to run commands interactively: \&\fBpts interactive\fR, \&\fBpts sleep\fR, and \fBpts quit\fR. .IP "\(bu" 4 A command to run commands from a file: \&\fBpts source\fR. .IP "\(bu" 4 Commands to obtain help: \&\fBpts apropos\fR and \fBpts help\fR. .IP "\(bu" 4 A command to display the OpenAFS command suite version: \fBpts version\fR. .SH "OPTIONS" .IX Header "OPTIONS" The following arguments and flags are available on many commands in the \&\fBpts\fR suite. The reference page for each command also lists them, but they are described here in greater detail. .IP "\fB\-cell\fR <\fIcell name\fR>" 4 .IX Item "-cell " Names the cell in which to run the command. It is acceptable to abbreviate the cell name to the shortest form that distinguishes it from the other entries in the \fI/etc/openafs/CellServDB\fR file on the local machine. If the \fB\-cell\fR argument is omitted, the command interpreter determines the name of the local cell by reading the following in order: .RS 4 .IP "\(bu" 4 The value of the \s-1AFSCELL\s0 environment variable. .IP "\(bu" 4 The local \fI/etc/openafs/ThisCell\fR file. .Sp Do not combine the \fB\-cell\fR and \fB\-localauth\fR options. A command on which the \fB\-localauth\fR flag is included always runs in the local cell (as defined in the server machine's local \fI/etc/openafs/server/ThisCell\fR file), whereas a command on which the \fB\-cell\fR argument is included runs in the specified foreign cell. .RE .RS 4 .RE .IP "\fB\-config\fR <\fIconfig directory\fR>" 4 .IX Item "-config " The location of the directory to use to obtain configuration information, including the CellServDB. This is primarily provided for testing purposes. .IP "\fB\-force\fR" 4 .IX Item "-force" Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution immediately. Without it, the command halts as soon as the first error is encountered. In either case, the \fBpts\fR command interpreter reports errors at the command shell. This flag is especially useful if the issuer provides many values for a command line argument; if one of them is invalid, the command interpreter continues on to process the remaining arguments. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints a command's online help message on the standard output stream. Do not combine this flag with any of the command's other options; when it is provided, the command interpreter ignores all other options, and only prints the help message. .IP "\fB\-noauth\fR" 4 .IX Item "-noauth" Establishes an unauthenticated connection to the Protection Server, in which the server treats the issuer as the unprivileged user \&\f(CW\*(C`anonymous\*(C'\fR. It is useful only when authorization checking is disabled on the server machine (during the installation of a file server machine or when the \fBbos setauth\fR command has been used during other unusual circumstances). In normal circumstances, the Protection Server allows only privileged users to issue commands that change the Protection Database, and refuses to perform such an action even if the \&\fB\-noauth\fR flag is provided. .IP "\fB\-encrypt\fR" 4 .IX Item "-encrypt" Establishes an authenticated, encrypted connection to the Protection Server. It is useful when it is desired to obscure network traffic related to the transactions being done. .IP "\fB\-localauth\fR" 4 .IX Item "-localauth" Constructs a server ticket using the server encryption key with the highest key version number in the local \fI/etc/openafs/server/KeyFile\fR file. The \&\fBpts\fR command interpreter presents the ticket, which never expires, to the \s-1BOS\s0 Server during mutual authentication. .Sp Use this flag only when issuing a command on a server machine; client machines do not usually have a \fI/etc/openafs/server/KeyFile\fR file. The issuer of a command that includes this flag must be logged on to the server machine as the local superuser \f(CW\*(C`root\*(C'\fR. The flag is useful for commands invoked by an unattended application program, such as a process controlled by the \s-1UNIX\s0 \fBcron\fR utility. It is also useful if an administrator is unable to authenticate to \s-1AFS\s0 but is logged in as the local superuser \&\f(CW\*(C`root\*(C'\fR. .Sp Do not combine the \fB\-cell\fR and \fB\-localauth\fR options. A command on which the \fB\-localauth\fR flag is included always runs in the local cell (as defined in the server machine's local \fI/etc/openafs/server/ThisCell\fR file), whereas a command on which the \fB\-cell\fR argument is included runs in the specified foreign cell. Also, do not combine the \fB\-localauth\fR and \&\fB\-noauth\fR flags. .IP "\fB\-auth\fR" 4 .IX Item "-auth" Use the calling user's tokens from the kernel to communicate with the ptserver (that is, the same tokens displayed by \fBtokens\fR\|(1). This is the default if neither \fB\-localauth\fR nor \fB\-noauth\fR is given. .Sp Since this option is the default, it is usually not useful for running single command line operations. However, it can be useful when running commands via \&\fBpts_interactive\fR\|(1), since otherwise it would be impossible to switch from, for example, \fB\-localauth\fR back to using regular tokens during a bulk operation. See \fBpts_interactive\fR\|(1) for more details. .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" Members of the system:administrators group can issue all \fBpts\fR commands on any entry in the Protection Database. .PP Users who do not belong to the system:administrators group can list information about their own entry and any group entries they own. The privacy flags set with the \fBpts setfields\fR command control access to entries owned by other users. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBpts_adduser\fR\|(1), \&\fBpts_apropos\fR\|(1), \&\fBpts_chown\fR\|(1), \&\fBpts_creategroup\fR\|(1), \&\fBpts_createuser\fR\|(1), \&\fBpts_delete\fR\|(1), \&\fBpts_examine\fR\|(1), \&\fBpts_help\fR\|(1), \&\fBpts_interactive\fR\|(1), \&\fBpts_listentries\fR\|(1), \&\fBpts_listmax\fR\|(1), \&\fBpts_listowned\fR\|(1), \&\fBpts_membership\fR\|(1), \&\fBpts_quit\fR\|(1), \&\fBpts_removeuser\fR\|(1), \&\fBpts_rename\fR\|(1), \&\fBpts_setfields\fR\|(1), \&\fBpts_setmax\fR\|(1), \&\fBpts_sleep\fR\|(1), \&\fBpts_source\fR\|(1) .PP The \fIOpenAFS Administration Guide\fR at . .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.