.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "PTS_ADDUSER 1"
.TH PTS_ADDUSER 1 "2021-01-14" "OpenAFS" "AFS Command Reference"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
pts_adduser \- Adds a user or machine to a Protection Database group
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBpts adduser\fR \fB\-user\fR\ <\fIuser\ name\fR>+ \fB\-group\fR\ <\fIgroup\ name\fR>+
    [\fB\-cell\fR\ <\fIcell\ name\fR>] [\fB\-noauth\fR] [\fB\-localauth\fR] [\fB\-force\fR] [\fB\-help\fR]
    [\fB\-auth\fR] [\fB\-encrypt\fR] [\fB\-config\fR\ <\fIconfig\ directory\fR>]
.PP
\&\fBpts ad\fR \fB\-u\fR\ <\fIuser\ name\fR>+ \fB\-g\fR\ <\fIgroup\ name\fR>+
    [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-n\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR]
    [\fB\-a\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBpts adduser\fR command adds each user or machine entry named by the
\&\fB\-user\fR argument as a member of each group named by the \fB\-group\fR
argument.
.PP
To remove members of a group, use the \fBpts removeuser\fR command. To list
the groups to which a user or machine belongs, or the members of a
specified group, use the \fBpts membership\fR command.
.SH "CAUTIONS"
.IX Header "CAUTIONS"
After being added as a group member, a currently authenticated user must
reauthenticate (for example, by issuing the \fBaklog\fR or \fBklog.krb5\fR commands)
to obtain permissions granted to the group on an access control list (\s-1ACL\s0).
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-user\fR <\fIuser name\fR>+" 4
.IX Item "-user <user name>+"
Specifies the name of each user or machine entry to add to each group
named by the \fB\-group\fR argument. The name of a machine entry resembles an
\&\s-1IP\s0 address and can use the wildcard notation described on the \fBpts
createuser\fR reference page. The user or machine entry must already exist
in the Protection Database.
.IP "\fB\-group\fR <\fIgroup name\fR>+" 4
.IX Item "-group <group name>+"
Specifies the complete name (including the owner prefix if applicable) of
each group to which to add members. The group entry must already exist in
the Protection Database.
.IP "\fB\-auth\fR" 4
.IX Item "-auth"
Use the calling user's tokens to communicate with the Protection Server. For
more details, see \fBpts\fR\|(1).
.IP "\fB\-cell\fR <\fIcell name\fR>" 4
.IX Item "-cell <cell name>"
Names the cell in which to run the command. For more details, see
\&\fBpts\fR\|(1).
.IP "\fB\-config\fR <\fIconfig directory\fR>" 4
.IX Item "-config <config directory>"
Use an alternate config directory. For more details, see \fBpts\fR\|(1).
.IP "\fB\-encrypt\fR" 4
.IX Item "-encrypt"
Encrypts any communication with the Protection Server. For more details, see
\&\fBpts\fR\|(1).
.IP "\fB\-force\fR" 4
.IX Item "-force"
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
.IP "\fB\-help\fR" 4
.IX Item "-help"
Prints the online help for this command. All other valid options are
ignored.
.IP "\fB\-localauth\fR" 4
.IX Item "-localauth"
Constructs a server ticket using a key from the local
\&\fI/etc/openafs/server/KeyFile\fR file. Do not combine this flag with the \fB\-cell\fR 
or \fB\-noauth\fR options. For more details, see \fBpts\fR\|(1).
.IP "\fB\-noauth\fR" 4
.IX Item "-noauth"
Assigns the unprivileged identity anonymous to the issuer. For more
details, see \fBpts\fR\|(1).
.SH "EXAMPLES"
.IX Header "EXAMPLES"
The following example adds user smith to the group system:administrators.
.PP
.Vb 1
\&   % pts adduser \-user smith \-group system:administrators
.Ve
.PP
The following example adds users \f(CW\*(C`jones\*(C'\fR, \f(CW\*(C`terry\*(C'\fR, and \fBpat\fR to the
smith:colleagues group.
.PP
.Vb 1
\&   % pts adduser \-user jones terry pat \-group smith:colleagues
.Ve
.PP
The following example adds the machine entries in the Example Corporation
subnet to the group \f(CW\*(C`bin\-prot\*(C'\fR. Because of the \s-1IP\s0 address range of the
Example Corporation subnet, the system administrator was able to group the
machines into three machine entries (using the wildcard notation discussed
on the \fBpts createuser\fR reference page).
.PP
.Vb 1
\&   % pts adduser \-user 138.255.0.0 192.12.105.0 192.12.106.0 \-group bin\-prot
.Ve
.SH "PRIVILEGE REQUIRED"
.IX Header "PRIVILEGE REQUIRED"
The required privilege depends on the setting of the fourth privacy flag
in the Protection Database entry for each group named by the \fB\-group\fR
argument (use the \fBpts examine\fR command to display the flags):
.IP "\(bu" 4
If it is the hyphen, only the group's owner and members of the
system:administrators group can add members.
.IP "\(bu" 4
If it is lowercase \f(CW\*(C`a\*(C'\fR, current members of the group can add new members.
.IP "\(bu" 4
If it is uppercase \f(CW\*(C`A\*(C'\fR, anyone who can access the cell's database server
machines can add new members.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBpts\fR\|(1),
\&\fBpts_createuser\fR\|(1),
\&\fBpts_examine\fR\|(1),
\&\fBpts_membership\fR\|(1),
\&\fBpts_removeuser\fR\|(1),
\&\fBpts_setfields\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
\&\s-1IBM\s0 Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
.PP
This documentation is covered by the \s-1IBM\s0 Public License Version 1.0.  It was
converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.