.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "PTS_SETFIELDS 1" .TH PTS_SETFIELDS 1 "2021-01-14" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" pts_setfields \- Sets privacy flags or quota for a Protection Database entry .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBpts setfields\fR \fB\-nameorid\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-access\fR\ <\fIset\ privacy\ flags\fR>] [\fB\-groupquota\fR\ <\fIset\ limit\ on\ group\ creation\fR>] [\fB\-cell\fR\ <\fIcell\ name\fR>] [\fB\-noauth\fR] [\fB\-localauth\fR] [\fB\-force\fR] [\fB\-help\fR] [\fB\-auth\fR] [\fB\-encrypt\fR] [\fB\-config\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts setf\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-ac\fR\ <\fIset\ privacy\ flags\fR>] [\fB\-g\fR\ <\fIset\ limit\ on\ group\ creation\fR>] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR] [\fB\-au\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBpts setfields\fR command sets the group-creation quota, the privacy flags, or both, associated with each user, machine, or group entry specified by the \fB\-nameorid\fR argument. .PP To examine the current quota and privacy flags, use the \fBpts examine\fR command. .SH "CAUTIONS" .IX Header "CAUTIONS" Changing a machine or group's group-creation quota is allowed, but not recommended. The concept is meaningless for machines and groups, because it is impossible to authenticate as a group or machine. .PP Similarly, some privacy flag settings do not have a sensible interpretation. \*(L"\s-1OPTIONS\*(R"\s0 specifies the appropriate settings. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-nameorid\fR <\fIuser or group name or id\fR>+" 4 .IX Item "-nameorid +" Specifies the name or \s-1AFS UID\s0 of each user, the \s-1IP\s0 address (complete or wildcard-style) of each machine, or the name or \s-1AFS GID\s0 of each machine for which to set privacy flags or group-creation quota. It is acceptable to mix users, machines, and groups on the same command line, as well as names (\s-1IP\s0 addresses for machines) and IDs. Precede the \s-1GID\s0 of each group with a hyphen to indicate that it is negative. .IP "\fB\-access\fR <\fIprivacy flags\fR>" 4 .IX Item "-access " Specifies the privacy flags to apply to each entry. Provide a string of five characters, one for each of the permissions. If this option is omitted, the current setting remains unchanged. .Sp Set each flag to achieve the desired combination of permissions. If the following list does not mention a certain setting, it is not acceptable. For further discussion of the privacy flags, see \&\fBpts_examine\fR\|(1). .RS 4 .IP "\(bu" 4 The first flag determines who can use the \fBpts examine\fR command to display information from a user, machine or group's Protection Database entry. .RS 4 .IP "\(bu" 4 Set it to lowercase \f(CW\*(C`s\*(C'\fR to permit the members of the system:administrators group to display a user, machine, or group entry, the associated user to display a user entry, and the owner or members of a group to display the group entry. .IP "\(bu" 4 Set it to uppercase \f(CW\*(C`S\*(C'\fR to permit anyone who can access the cell's database server machines to display a user, machine, or group entry. .RE .RS 4 .RE .IP "\(bu" 4 The second flag determines who can use the \fBpts listowned\fR command to list the groups that a user or group owns. .RS 4 .IP "\(bu" 4 Set it to the hyphen (\f(CW\*(C`\-\*(C'\fR) to permit the members of the system:administrators group and a user to list the groups he or she owns, or to permit the members of the system:administrators group and a group's owner to list the groups that a group owns. .IP "\(bu" 4 Set it to uppercase letter \f(CW\*(C`O\*(C'\fR to permit anyone who can access the cell's database server machines to list the groups owned by a machine or group entry. .RE .RS 4 .RE .IP "\(bu" 4 The third flag determines who can use the \fBpts membership\fR command to list the groups to which a user or machine belongs, or the users and machines that belong to a group. .RS 4 .IP "\(bu" 4 Set it to the hyphen (\f(CW\*(C`\-\*(C'\fR) to permit the members of the system:administrators group and a user to list the groups he or she belongs to, to permit the members of the \fBsystem:administrators\fR group to list the groups a machine belongs to, or to permit the members of the system:administrators group and a group's owner to list the users and machines that belong to it. .IP "\(bu" 4 Set it to lowercase \f(CW\*(C`m\*(C'\fR to permit members of a group to list the other members. (For user and machine entries, this setting is equivalent to the hyphen.) .IP "\(bu" 4 Set it to uppercase \f(CW\*(C`M\*(C'\fR to permit anyone who can access the cell's database server machines to list membership information for a user, machine or group. .RE .RS 4 .RE .IP "\(bu" 4 The fourth flag determines who can use the \fBpts adduser\fR command to add users and machines as members of a group. This flag has no sensible interpretation for user and machine entries, but must be set nonetheless, preferably to the hyphen. .RS 4 .IP "\(bu" 4 Set it to the hyphen (\f(CW\*(C`\-\*(C'\fR) to permit the members of the system:administrators group and the owner of the group to add members. .IP "\(bu" 4 Set it to lowercase \f(CW\*(C`a\*(C'\fR to permit members of a group to add other members. .IP "\(bu" 4 Set it to uppercase \f(CW\*(C`A\*(C'\fR to permit anyone who can access the cell's database server machines to add members to a group. .RE .RS 4 .RE .IP "\(bu" 4 The fifth flag determines who can use the \fBpts removeuser\fR command to remove users and machines from membership in a group. This flag has no sensible interpretation for user and machine entries, but must be set nonetheless, preferably to the hyphen. .RS 4 .IP "\(bu" 4 Set it to the hyphen (\f(CW\*(C`\-\*(C'\fR) to permit the members of the system:administrators group and the owner of the group to remove members. .IP "\(bu" 4 Set it to lowercase \f(CW\*(C`r\*(C'\fR to permit members of a group to remove other members. .RE .RS 4 .RE .RE .RS 4 .RE .IP "\fB\-groupquota\fR <\fIgroup creation quota\fR>" 4 .IX Item "-groupquota " Specifies the number of additional groups a user can create (it does not matter how many he or she has created already). Do not include this argument for a group or machine entry. .IP "\fB\-auth\fR" 4 .IX Item "-auth" Use the calling user's tokens to communicate with the Protection Server. For more details, see \fBpts\fR\|(1). .IP "\fB\-cell\fR <\fIcell name\fR>" 4 .IX Item "-cell " Names the cell in which to run the command. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-config\fR <\fIconfig directory\fR>" 4 .IX Item "-config " Use an alternate config directory. For more details, see \fBpts\fR\|(1). .IP "\fB\-encrypt\fR" 4 .IX Item "-encrypt" Encrypts any communication with the Protection Server. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-force\fR" 4 .IX Item "-force" Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .IP "\fB\-localauth\fR" 4 .IX Item "-localauth" Constructs a server ticket using a key from the local \&\fI/etc/openafs/server/KeyFile\fR file. Do not combine this flag with the \fB\-cell\fR or \fB\-noauth\fR options. For more details, see \fBpts\fR\|(1). .IP "\fB\-noauth\fR" 4 .IX Item "-noauth" Assigns the unprivileged identity anonymous to the issuer. For more details, see \fBpts\fR\|(1). .SH "EXAMPLES" .IX Header "EXAMPLES" The following example changes the privacy flags on the group \f(CW\*(C`operators\*(C'\fR, retaining the default values of the first, second and third flags, but setting the fourth and fifth flags to enable the group's members to add and remove other members. .PP .Vb 1 \& % pts setfields \-nameorid operators \-access S\-Mar .Ve .PP The following example changes the privacy flags and sets group quota on the user entry \f(CW\*(C`admin\*(C'\fR. It retains the default values of the first, fourth, and fifth flags, but sets the second and third flags, to enable anyone to list the groups that \f(CW\*(C`admin\*(C'\fR owns and belongs to. Users authenticated as \f(CW\*(C`admin\*(C'\fR can create an additional 50 groups. .PP .Vb 1 \& % pts setfields \-nameorid admin \-access SOM\-\- \-groupquota 50 .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" To edit group entries or set the privacy flags on any type of entry, the issuer must own the entry or belong to the system:administrators group. To set group-creation quota on a user entry, the issuer must belong to the system:administrators group. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBpts\fR\|(1), \&\fBpts_adduser\fR\|(1), \&\fBpts_examine\fR\|(1), \&\fBpts_listowned\fR\|(1), \&\fBpts_membership\fR\|(1), \&\fBpts_removeuser\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.