.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "PTS_CREATEGROUP 1"
.TH PTS_CREATEGROUP 1 "2023-12-24" "OpenAFS" "AFS Command Reference"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
pts_creategroup \- Creates an (empty) Protection Database group entry
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBpts creategroup\fR \fB\-name\fR\ <\fIgroup\ name\fR>+
    [\fB\-owner\fR\ <\fIowner\ of\ the\ group\fR>]
    [\fB\-id\fR\ <\fIid\ (negated)\ for\ the\ group\fR>+] [\fB\-cell\fR\ <\fIcell\ name\fR>]
    [\fB\-noauth\fR] [\fB\-localauth\fR] [\fB\-force\fR] [\fB\-help\fR]
    [\fB\-auth\fR] [\fB\-encrypt\fR] [\fB\-config\fR\ <\fIconfig\ directory\fR>]
.PP
\&\fBpts createg\fR \fB\-na\fR\ <\fIgroup\ name\fR>+  [\fB\-o\fR\ <\fIowner\ of\ the\ group\fR>]
    [\fB\-i\fR\ <\fIid\ (negated)\ for\ the\ group\fR>+] [\fB\-c\fR\ <\fIcell\ name\fR>]
    [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR]
    [\fB\-a\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>]
.PP
\&\fBpts cg\fR \fB\-na\fR\ <\fIgroup\ name\fR>+ [\fB\-o\fR\ <\fIowner\ of\ the\ group\fR>]
    [\fB\-i\fR\ <\fIid\ (negated)\ for\ the\ group\fR>+] [\fB\-c\fR\ <\fIcell\ name\fR>]
    [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR]
    [\fB\-a\fR] [\fB\-e\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBpts creategroup\fR command creates an entry in the Protection Database
for each group specified by the \fB\-name\fR argument. The entry records the
issuer of the command as the group's creator, and as the group's owner
unless the \fB\-owner\fR argument names an alternate user or group as the
owner.
.PP
There are two types of groups:
.IP "\(bu" 4
\&\fIregular\fR, the names of which have two parts separated by a colon. The
part before the colon names the group's owner.  Any user can create such
groups.
.IP "\(bu" 4
\&\fIprefix-less\fR, which do not have an owner prefix. Only members of the
system:administrators group can create prefix-less groups.
.PP
Creating a group lowers the issuer's group-creation quota by one. This is
true even if the \fB\-owner\fR argument is used to assign ownership to an
alternate user or group. To display a user's group-creation quota, use the
\&\fBpts examine\fR command; to set it, use the \fBpts setfields\fR command.
.PP
\&\s-1AFS\s0 group \s-1ID\s0 (\s-1AFS GID\s0) numbers are negative integers and by default the
Protection Server assigns a \s-1GID\s0 that is one less (more negative) than the
current value of the \f(CW\*(C`max group id\*(C'\fR counter in the Protection Database,
decrementing the counter by one for each group. Members of the
system:administrators group can use the \fB\-id\fR argument to assign specific
\&\s-1AFS GID\s0 numbers. If any of the specified GIDs is lower (more negative)
than the current value of the \f(CW\*(C`max group id\*(C'\fR counter, the counter is
reset to that value. It is acceptable to specify a \s-1GID\s0 greater (less
negative) than the current value of the counter, but the creation
operation fails if an existing group already has it. To display or set the
value of the \f(CW\*(C`max group id\*(C'\fR counter, use the \fBpts listmax\fR or \fBpts
setmax\fR command, respectively.
.SH "OUTPUT"
.IX Header "OUTPUT"
The command generates the following string to confirm creation of each
group:
.PP
.Vb 1
\&   group <name> has id <AFS GID>
.Ve
.SH "CAUTIONS"
.IX Header "CAUTIONS"
Although using the \fB\-owner\fR argument to designate a machine entry as a
group's owner does not generate an error, it is not recommended. The
Protection Server does not extend the usual privileges of group ownership
to users logged onto the machine.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-name\fR <\fIgroup name\fR>" 4
.IX Item "-name <group name>"
Specifies the name of each group to create. Provide a string of up to 63
characters, which can include lowercase (but not uppercase) letters,
numbers, and punctuation marks. A regular name includes a single colon
(\f(CW\*(C`:\*(C'\fR) to separate the two parts of the name; the colon cannot appear in a
prefix-less group name.
.Sp
A regular group's name must have the following format:
.Sp
.Vb 1
\&   <owner_name>:<group_name>
.Ve
.Sp
and the <owner_name> field must reflect the actual owner of the group, as
follows:
.RS 4
.IP "\(bu" 4
If the optional \fB\-owner\fR argument is not included, the field must match
the \s-1AFS\s0 username under which the issuer is currently authenticated.
.IP "\(bu" 4
If the \fB\-owner\fR argument names an alternate \s-1AFS\s0 user, the field must
match that \s-1AFS\s0 username.
.IP "\(bu" 4
If the \fB\-owner\fR argument names another regular group, the field must
match the owning group's owner field (the part of its name before the
colon). If the \fB\-owner\fR argument names a prefix-less group, the field
must match the owning group's complete name.
.RE
.RS 4
.RE
.IP "\fB\-owner\fR <\fIowner of the group\fR>" 4
.IX Item "-owner <owner of the group>"
Specifies a user or group as the owner for each group, rather than the
issuer of the command. Provide either an \s-1AFS\s0 username or the name of a
regular or prefix-less group. An owning group must already have at least
one member. This requirement prevents assignment of self-ownership to a
group during its creation; use the \fBpts chown\fR command after issuing this
command, if desired.
.IP "\fB\-id\fR <\fIid for the group\fR>" 4
.IX Item "-id <id for the group>"
Specifies a negative integer \s-1AFS GID\s0 number for each group, rather than
allowing the Protection Server to assign it. Precede the integer with a
hyphen (\f(CW\*(C`\-\*(C'\fR) to indicate that it is negative.
.Sp
If this argument is used and the \fB\-name\fR argument names multiple new
groups, it is best to provide an equivalent number of \s-1AFS\s0 GIDs. The first
\&\s-1GID\s0 is assigned to the first group, the second to the second group, and so
on. If there are fewer GIDs than groups, the Protection Server assigns
GIDs to the unmatched groups based on the \f(CW\*(C`max group id\*(C'\fR counter. If
there are more GIDs than groups, the excess GIDs are ignored. If any of
the GIDs is lower (more negative) than the current value of the \f(CW\*(C`max
group id\*(C'\fR counter, the counter is reset to that value.
.IP "\fB\-auth\fR" 4
.IX Item "-auth"
Use the calling user's tokens to communicate with the Protection Server. For
more details, see \fBpts\fR\|(1).
.IP "\fB\-cell\fR <\fIcell name\fR>" 4
.IX Item "-cell <cell name>"
Names the cell in which to run the command. For more details, see
\&\fBpts\fR\|(1).
.IP "\fB\-config\fR <\fIconfig directory\fR>" 4
.IX Item "-config <config directory>"
Use an alternate config directory. For more details, see \fBpts\fR\|(1).
.IP "\fB\-encrypt\fR" 4
.IX Item "-encrypt"
Encrypts any communication with the Protection Server. For more details, see
\&\fBpts\fR\|(1).
.IP "\fB\-force\fR" 4
.IX Item "-force"
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
.IP "\fB\-help\fR" 4
.IX Item "-help"
Prints the online help for this command. All other valid options are
ignored.
.IP "\fB\-localauth\fR" 4
.IX Item "-localauth"
Constructs a server ticket using a key from the local
\&\fI/etc/openafs/server/KeyFile\fR file. Do not combine this flag with the \fB\-cell\fR 
or \fB\-noauth\fR options. For more details, see \fBpts\fR\|(1).
.IP "\fB\-noauth\fR" 4
.IX Item "-noauth"
Assigns the unprivileged identity anonymous to the issuer. For more
details, see \fBpts\fR\|(1).
.SH "EXAMPLES"
.IX Header "EXAMPLES"
In the following example, the user pat creates groups called
\&\f(CW\*(C`pat:friends\*(C'\fR and \f(CW\*(C`pat:colleagues\*(C'\fR.
.PP
.Vb 1
\&   % pts creategroup \-name pat:friends pat:colleagues
.Ve
.PP
The following example shows a member of the system:administrators group
creating the prefix-less group \f(CW\*(C`staff\*(C'\fR and assigning its ownership to the
system:administrators group rather than to herself.
.PP
.Vb 1
\&   % pts creategroup \-name staff \-owner system:administrators
.Ve
.PP
In the following example, the user pat creates a group called
\&\f(CW\*(C`smith:team\-members\*(C'\fR, which is allowed because the \fB\-owner\fR argument
specifies the required value (\f(CW\*(C`smith\*(C'\fR).
.PP
.Vb 1
\&   % pts creategroup \-name smith:team\-members \-owner smith
.Ve
.SH "PRIVILEGE REQUIRED"
.IX Header "PRIVILEGE REQUIRED"
The issuer must belong to the system:administrators group to create
prefix-less groups or include the \fB\-id\fR argument.
.PP
To create a regular group, the issuer must
.IP "\(bu" 4
Be authenticated. The command fails if the \fB\-noauth\fR flag is provided.
.IP "\(bu" 4
Have a group-creation quota greater than zero. The \fBpts examine\fR command
displays this quota.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBpts\fR\|(1),
\&\fBpts_examine\fR\|(1),
\&\fBpts_listmax\fR\|(1),
\&\fBpts_setfields\fR\|(1),
\&\fBpts_setmax\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
\&\s-1IBM\s0 Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
.PP
This documentation is covered by the \s-1IBM\s0 Public License Version 1.0.  It was
converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.