.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PTS_EXAMINE 1" .TH PTS_EXAMINE 1 "2021-01-14" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" pts_examine \- Displays a Protection Database entry .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBpts examine\fR \fB\-nameorid\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-cell\fR\ <\fIcell\ name\fR>] [\fB\-noauth\fR] [\fB\-localauth\fR] [\fB\-force\fR] [\fB\-auth\fR] [\fB\-help\fR] [\fB\-encrypt\fR] [\fB\-config\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts e\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-a\fR] [\fB\-h\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts check\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-a\fR] [\fB\-h\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts che\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-a\fR] [\fB\-h\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBpts examine\fR command displays information from the Protection Database entry of each user, machine or group specified by the \&\fB\-nameorid\fR argument. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\-nameorid <\fIuser or group name or id\fR>+" 4 .IX Item "-nameorid +" Specifies the name or \s-1AFS UID\s0 of each user, the name or \s-1AFS GID\s0 of each group, or the \s-1IP\s0 address (complete or wildcard-style) or \s-1AFS UID\s0 of each machine for which to display the Protection Database entry. It is acceptable to mix users, machines, and groups on the same command line, as well as names (\s-1IP\s0 addresses for machines) and IDs. Precede the \s-1GID\s0 of each group with a hyphen to indicate that it is negative. .IP "\fB\-auth\fR" 4 .IX Item "-auth" Use the calling user's tokens to communicate with the Protection Server. For more details, see \fBpts\fR\|(1). .IP "\fB\-cell\fR <\fIcell name\fR>" 4 .IX Item "-cell " Names the cell in which to run the command. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-config\fR <\fIconfig directory\fR>" 4 .IX Item "-config " Use an alternate config directory. For more details, see \fBpts\fR\|(1). .IP "\fB\-encrypt\fR" 4 .IX Item "-encrypt" Encrypts any communication with the Protection Server. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-force\fR" 4 .IX Item "-force" Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .IP "\fB\-localauth\fR" 4 .IX Item "-localauth" Constructs a server ticket using a key from the local \&\fI/etc/openafs/server/KeyFile\fR file. Do not combine this flag with the \fB\-cell\fR or \fB\-noauth\fR options. For more details, see \fBpts\fR\|(1). .IP "\fB\-noauth\fR" 4 .IX Item "-noauth" Assigns the unprivileged identity anonymous to the issuer. For more details, see \fBpts\fR\|(1). .SH "OUTPUT" .IX Header "OUTPUT" The output for each entry consists of two lines that include the following fields: .IP "Name" 4 .IX Item "Name" The contents of this field depend on the type of entry: .RS 4 .IP "\(bu" 4 For a user entry, it is the username that the user types when authenticating with \s-1AFS.\s0 .IP "\(bu" 4 For a machine entry, it is either the \s-1IP\s0 address of a single machine in dotted decimal format, or a wildcard notation that represents a group of machines on the same network. See the \fBpts createuser\fR reference page for an explanation of the wildcard notation. .IP "\(bu" 4 For a group entry, it is one of two types of group name. If the name has a colon between the two parts, it represents a regular group and the part before the prefix reflects the group's owner. A prefix-less group does not have the owner field or the colon. For more details on group names, see the \fBpts creategroup\fR reference page. .RE .RS 4 .RE .IP "id" 4 .IX Item "id" A unique number that the \s-1AFS\s0 server processes use to identify \s-1AFS\s0 users, machines and groups. \s-1AFS\s0 UIDs for user and machine entries are positive integers, and \s-1AFS\s0 GIDs for group entries are negative integers. \s-1AFS\s0 UIDs and GIDs are similar in function to the UIDs and GIDs used in local file systems such as \s-1UFS,\s0 but apply only to \s-1AFS\s0 operations. .IP "owner" 4 .IX Item "owner" The user or group that owns the entry and thus can administer it (change the values in most of the fields displayed in the output of this command), or delete it entirely. The Protection Server automatically records the system:administrators group in this field for user and machine entries at creation time. .IP "creator" 4 .IX Item "creator" The user who issued the \fBpts createuser\fR or \fBpts creategroup\fR command to create the entry. This field serves as an audit trail, and cannot be changed. .IP "membership" 4 .IX Item "membership" An integer that for users and machines represents the number of groups to which the user or machine belongs. For groups, it represents the number of group members. .IP "flags" 4 .IX Item "flags" A string of five characters, referred to as \fIprivacy flags\fR, which indicate who can display or administer certain aspects of the entry. .RS 4 .IP "s" 4 .IX Item "s" Controls who can issue the \fBpts examine\fR command to display the entry. .IP "o" 4 .IX Item "o" Controls who can issue the \fBpts listowned\fR command to display the groups that a user or group owns. .IP "m" 4 .IX Item "m" Controls who can issue the \fBpts membership\fR command to display the groups a user or machine belongs to, or which users or machines belong to a group. .IP "a" 4 .IX Item "a" Controls who can issue the \fBpts adduser\fR command to add a user or machine to a group. It is meaningful only for groups, but a value must always be set for it even on user and machine entries. .IP "r" 4 .IX Item "r" Controls who can issue the \fBpts removeuser\fR command to remove a user or machine from a group. It is meaningful only for groups, but a value must always be set for it even on user and machine entries. .RE .RS 4 .Sp Each flag can take three possible types of values to enable a different set of users to issue the corresponding command: .IP "\(bu" 4 A hyphen (\-) designates the members of the system:administrators group and the entry's owner. For user entries, it designates the user in addition. .IP "\(bu" 4 The lowercase version of the letter applies meaningfully to groups only, and designates members of the group in addition to the individuals designated by the hyphen. .IP "\(bu" 4 The uppercase version of the letter designates everyone. .RE .RS 4 .Sp For example, the flags \f(CW\*(C`SOmar\*(C'\fR on a group entry indicate that anyone can examine the group's entry and display the groups that it owns, and that only the group's members can display, add, or remove its members. .Sp The default privacy flags for user and machine entries are \f(CW\*(C`S\-\-\-\-\*(C'\fR, meaning that anyone can display the entry. The ability to perform any other functions is restricted to members of the system:administrators group and the entry's owner (as well as the user for a user entry). .Sp The default privacy flags for group entries are \f(CW\*(C`S\-M\-\-\*(C'\fR, meaning that all users can display the entry and the members of the group, but only the entry owner and members of the system:administrators group can perform other functions. The defaults for the privacy flags may be changed by running \fBptserver\fR with the \fB\-default_access\fR option. See \fBptserver\fR\|(8) for more discussion of the \fB\-default_access\fR option. .RE .IP "group quota" 4 .IX Item "group quota" The number of additional groups the user is allowed to create. The \fBpts createuser\fR command sets it to 20 for both users and machines, but it has no meaningful interpretation for a machine, because it is not possible to authenticate as a machine. Similarly, it has no meaning in group entries that only deal with the local cell and the \fBpts creategroup\fR command sets it to 0 (zero); do not change this value. .Sp When using cross-realm authentication, a special group of the form system:authuser@FOREIGN.REALM is created by an administrator and used. If the group quota for this special group is greater than zero, then aklog will automatically register foreign users in the local \s-1PTS\s0 database, add the foreign user to the system:authuser@FOREIGN.REALM, and decrement the group quota by one. .SH "EXAMPLES" .IX Header "EXAMPLES" The following example displays the user entry for \f(CW\*(C`terry\*(C'\fR and the machine entry \f(CW158.12.105.44\fR. .PP .Vb 5 \& % pts examine terry 158.12.105.44 \& Name: terry, id: 1045, owner: system:administrators, creator: admin, \& membership: 9, flags: S\-\-\-\-, group quota: 15. \& Name: 158.12.105.44, id: 5151, owner: system:administrators, \& creator: byu, membership: 1, flags: S\-\-\-\-, group quota: 20. .Ve .PP The following example displays the entries for the \s-1AFS\s0 groups with GIDs \&\-673 and \-674. .PP .Vb 5 \& % pts examine \-673 \-674 \& Name: terry:friends, id: \-673, owner: terry, creator: terry, \& membership: 5, flags: S\-M\-\-, group quota: 0. \& Name: smith:colleagues, id: \-674, owner: smith, creator: smith, \& membership: 14, flags: SOM\-\-, group quota: 0. .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The required privilege depends on the setting of the first privacy flag in the Protection Database entry of each entry specified by the \fB\-nameorid\fR argument: .IP "\(bu" 4 If it is lowercase \f(CW\*(C`s\*(C'\fR, members of the system:administrators group and the user associated with a user entry can examine it, and only members of the system:administrators group can examine a machine or group entry. .IP "\(bu" 4 If it is uppercase \f(CW\*(C`S\*(C'\fR, anyone who can access the cell's database server machines can examine the entry. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBpts\fR\|(1), \&\fBpts_adduser\fR\|(1), \&\fBpts_chown\fR\|(1), \&\fBpts_creategroup\fR\|(1), \&\fBpts_createuser\fR\|(1), \&\fBpts_listowned\fR\|(1), \&\fBpts_membership\fR\|(1), \&\fBpts_removeuser\fR\|(1), \&\fBpts_rename\fR\|(1), \&\fBpts_setfields\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.