[hcoop/debian/openafs.git] / doc / man-pages / pod1 / pts_setfields.pod.in

=head1 NAME

pts_setfields - Sets privacy flags or quota for a Protection Database entry

=head1 SYNOPSIS

=for html
<div class="synopsis">

B<pts setfields> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
    S<<< [B<-access> <I<set privacy flags>>] >>>
    S<<< [B<-groupquota> <I<set limit on group creation>>] >>>
    S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
    [B<-force>] [B<-help>] [B<-auth>] [B<-encrypt>]
    S<<< [B<-config> <I<config directory>>] >>>

B<pts setf> S<<< B<-na> <I<user or group name or id>>+ >>>
    S<<< [B<-ac> <I<set privacy flags>>] >>>
    S<<< [B<-g> <I<set limit on group creation>>] >>> S<<< [B<-c> <I<cell name>>] >>>
    [B<-no>] [B<-l>] [B<-f>] [B<-h>] [B<-au>] [B<-e>]
    S<<< [B<-co> <I<config directory>>] >>>

=for html
</div>

=head1 DESCRIPTION

The B<pts setfields> command sets the group-creation quota, the privacy
flags, or both, associated with each user, machine, or group entry
specified by the B<-nameorid> argument.

To examine the current quota and privacy flags, use the B<pts examine>
command.

=head1 CAUTIONS

Changing a machine or group's group-creation quota is allowed, but not
recommended. The concept is meaningless for machines and groups, because
it is impossible to authenticate as a group or machine.

Similarly, some privacy flag settings do not have a sensible
interpretation. L</OPTIONS> specifies the appropriate settings.

=head1 OPTIONS

=over 4

=item B<-nameorid> <I<user or group name or id>>+

Specifies the name or AFS UID of each user, the IP address (complete or
wildcard-style) of each machine, or the name or AFS GID of each machine
for which to set privacy flags or group-creation quota. It is acceptable
to mix users, machines, and groups on the same command line, as well as
names (IP addresses for machines) and IDs. Precede the GID of each group
with a hyphen to indicate that it is negative.

=item B<-access> <I<privacy flags>>

Specifies the privacy flags to apply to each entry. Provide a string of
five characters, one for each of the permissions. If this option is
omitted, the current setting remains unchanged.

Set each flag to achieve the desired combination of permissions. If the
following list does not mention a certain setting, it is not
acceptable. For further discussion of the privacy flags, see
L<pts_examine(1)>.

=over 4

=item *

The first flag determines who can use the B<pts examine> command to
display information from a user, machine or group's Protection Database
entry.

=over 4

=item *

Set it to lowercase C<s> to permit the members of the
system:administrators group to display a user, machine, or group entry,
the associated user to display a user entry, and the owner or members of a
group to display the group entry.

=item *

Set it to uppercase C<S> to permit anyone who can access the cell's
database server machines to display a user, machine, or group entry.

=back

=item *

The second flag determines who can use the B<pts listowned> command to
list the groups that a user or group owns.

=over 4

=item *

Set it to the hyphen (C<->) to permit the members of the
system:administrators group and a user to list the groups he or she owns,
or to permit the members of the system:administrators group and a group's
owner to list the groups that a group owns.

=item *

Set it to uppercase letter C<O> to permit anyone who can access the cell's
database server machines to list the groups owned by a machine or group
entry.

=back

=item *

The third flag determines who can use the B<pts membership> command to
list the groups to which a user or machine belongs, or the users and
machines that belong to a group.

=over 4

=item *

Set it to the hyphen (C<->) to permit the members of the
system:administrators group and a user to list the groups he or she
belongs to, to permit the members of the B<system:administrators> group to
list the groups a machine belongs to, or to permit the members of the
system:administrators group and a group's owner to list the users and
machines that belong to it.

=item *

Set it to lowercase C<m> to permit members of a group to list the other
members. (For user and machine entries, this setting is equivalent to the
hyphen.)

=item *

Set it to uppercase C<M> to permit anyone who can access the cell's
database server machines to list membership information for a user,
machine or group.

=back

=item *

The fourth flag determines who can use the B<pts adduser> command to add
users and machines as members of a group. This flag has no sensible
interpretation for user and machine entries, but must be set nonetheless,
preferably to the hyphen.

=over 4

=item *

Set it to the hyphen (C<->) to permit the members of the
system:administrators group and the owner of the group to add members.

=item *

Set it to lowercase C<a> to permit members of a group to add other
members.

=item *

Set it to uppercase C<A> to permit anyone who can access the cell's
database server machines to add members to a group.

=back

=item *

The fifth flag determines who can use the B<pts removeuser> command to
remove users and machines from membership in a group. This flag has no
sensible interpretation for user and machine entries, but must be set
nonetheless, preferably to the hyphen.

=over 4

=item *

Set it to the hyphen (C<->) to permit the members of the
system:administrators group and the owner of the group to remove members.

=item *

Set it to lowercase C<r> to permit members of a group to remove other
members.

=back

=back

=item B<-groupquota> <I<group creation quota>>

Specifies the number of additional groups a user can create (it does not
matter how many he or she has created already). Do not include this
argument for a group or machine entry.

=include fragments/pts-common.pod

=back

=head1 EXAMPLES

The following example changes the privacy flags on the group C<operators>,
retaining the default values of the first, second and third flags, but
setting the fourth and fifth flags to enable the group's members to add
and remove other members.

   % pts setfields -nameorid operators -access S-Mar

The following example changes the privacy flags and sets group quota on
the user entry C<admin>. It retains the default values of the first,
fourth, and fifth flags, but sets the second and third flags, to enable
anyone to list the groups that C<admin> owns and belongs to.  Users
authenticated as C<admin> can create an additional 50 groups.

   % pts setfields -nameorid admin -access SOM-- -groupquota 50

=head1 PRIVILEGE REQUIRED

To edit group entries or set the privacy flags on any type of entry, the
issuer must own the entry or belong to the system:administrators group. To
set group-creation quota on a user entry, the issuer must belong to the
system:administrators group.

=head1 SEE ALSO

L<pts(1)>,
L<pts_adduser(1)>,
L<pts_examine(1)>,
L<pts_listowned(1)>,
L<pts_membership(1)>,
L<pts_removeuser(1)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	pts_setfields - Sets privacy flags or quota for a Protection Database entry
	4
	5	=head1 SYNOPSIS
	6
	7	=for html
	8	<div class="synopsis">
	9
	10	B<pts setfields> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
	11	S<<< [B<-access> <I<set privacy flags>>] >>>
	12	S<<< [B<-groupquota> <I<set limit on group creation>>] >>>
	13	S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
	14	[B<-force>] [B<-help>] [B<-auth>] [B<-encrypt>]
	15	S<<< [B<-config> <I<config directory>>] >>>
	16
	17	B<pts setf> S<<< B<-na> <I<user or group name or id>>+ >>>
	18	S<<< [B<-ac> <I<set privacy flags>>] >>>
	19	S<<< [B<-g> <I<set limit on group creation>>] >>> S<<< [B<-c> <I<cell name>>] >>>
	20	[B<-no>] [B<-l>] [B<-f>] [B<-h>] [B<-au>] [B<-e>]
	21	S<<< [B<-co> <I<config directory>>] >>>
	22
	23	=for html
	24	</div>
	25
	26	=head1 DESCRIPTION
	27
	28	The B<pts setfields> command sets the group-creation quota, the privacy
	29	flags, or both, associated with each user, machine, or group entry
	30	specified by the B<-nameorid> argument.
	31
	32	To examine the current quota and privacy flags, use the B<pts examine>
	33	command.
	34
	35	=head1 CAUTIONS
	36
	37	Changing a machine or group's group-creation quota is allowed, but not
	38	recommended. The concept is meaningless for machines and groups, because
	39	it is impossible to authenticate as a group or machine.
	40
	41	Similarly, some privacy flag settings do not have a sensible
	42	interpretation. L</OPTIONS> specifies the appropriate settings.
	43
	44	=head1 OPTIONS
	45
	46	=over 4
	47
	48	=item B<-nameorid> <I<user or group name or id>>+
	49
	50	Specifies the name or AFS UID of each user, the IP address (complete or
	51	wildcard-style) of each machine, or the name or AFS GID of each machine
	52	for which to set privacy flags or group-creation quota. It is acceptable
	53	to mix users, machines, and groups on the same command line, as well as
	54	names (IP addresses for machines) and IDs. Precede the GID of each group
	55	with a hyphen to indicate that it is negative.
	56
	57	=item B<-access> <I<privacy flags>>
	58
	59	Specifies the privacy flags to apply to each entry. Provide a string of
	60	five characters, one for each of the permissions. If this option is
	61	omitted, the current setting remains unchanged.
	62
	63	Set each flag to achieve the desired combination of permissions. If the
	64	following list does not mention a certain setting, it is not
65	acceptable. For further discussion of the privacy flags, see
66	L<pts_examine(1)>.
67
68	=over 4
69
70	=item *
71
72	The first flag determines who can use the B<pts examine> command to
73	display information from a user, machine or group's Protection Database
74	entry.
75
76	=over 4
77
78	=item *
79
80	Set it to lowercase C<s> to permit the members of the
81	system:administrators group to display a user, machine, or group entry,
82	the associated user to display a user entry, and the owner or members of a
83	group to display the group entry.
84
85	=item *
86
87	Set it to uppercase C<S> to permit anyone who can access the cell's
88	database server machines to display a user, machine, or group entry.
89
90	=back
91
92	=item *
93
94	The second flag determines who can use the B<pts listowned> command to
95	list the groups that a user or group owns.
96
97	=over 4
98
99	=item *
100
101	Set it to the hyphen (C<->) to permit the members of the
102	system:administrators group and a user to list the groups he or she owns,
103	or to permit the members of the system:administrators group and a group's
104	owner to list the groups that a group owns.
105
106	=item *
107
108	Set it to uppercase letter C<O> to permit anyone who can access the cell's
109	database server machines to list the groups owned by a machine or group
110	entry.
111
112	=back
113
114	=item *
115
116	The third flag determines who can use the B<pts membership> command to
117	list the groups to which a user or machine belongs, or the users and
118	machines that belong to a group.
119
120	=over 4
121
122	=item *
123
124	Set it to the hyphen (C<->) to permit the members of the
125	system:administrators group and a user to list the groups he or she
126	belongs to, to permit the members of the B<system:administrators> group to
127	list the groups a machine belongs to, or to permit the members of the
128	system:administrators group and a group's owner to list the users and
129	machines that belong to it.
130
131	=item *
132
133	Set it to lowercase C<m> to permit members of a group to list the other
134	members. (For user and machine entries, this setting is equivalent to the
135	hyphen.)
136
137	=item *
138
139	Set it to uppercase C<M> to permit anyone who can access the cell's
140	database server machines to list membership information for a user,
141	machine or group.
142
143	=back
144
145	=item *
146
147	The fourth flag determines who can use the B<pts adduser> command to add
148	users and machines as members of a group. This flag has no sensible
149	interpretation for user and machine entries, but must be set nonetheless,
150	preferably to the hyphen.
151
152	=over 4
153
154	=item *
155
156	Set it to the hyphen (C<->) to permit the members of the
157	system:administrators group and the owner of the group to add members.
158
159	=item *
160
161	Set it to lowercase C<a> to permit members of a group to add other
162	members.
163
164	=item *
165
166	Set it to uppercase C<A> to permit anyone who can access the cell's
167	database server machines to add members to a group.
168
169	=back
170
171	=item *
172
173	The fifth flag determines who can use the B<pts removeuser> command to
174	remove users and machines from membership in a group. This flag has no
175	sensible interpretation for user and machine entries, but must be set
176	nonetheless, preferably to the hyphen.
177
178	=over 4
179
180	=item *
181
182	Set it to the hyphen (C<->) to permit the members of the
183	system:administrators group and the owner of the group to remove members.
184
185	=item *
186
187	Set it to lowercase C<r> to permit members of a group to remove other
188	members.
189
190	=back
191
192	=back
193
194	=item B<-groupquota> <I<group creation quota>>
195
196	Specifies the number of additional groups a user can create (it does not
197	matter how many he or she has created already). Do not include this
198	argument for a group or machine entry.
199
200	=include fragments/pts-common.pod
201
202	=back
203
204	=head1 EXAMPLES
205
206	The following example changes the privacy flags on the group C<operators>,
207	retaining the default values of the first, second and third flags, but
208	setting the fourth and fifth flags to enable the group's members to add
209	and remove other members.
210
211	% pts setfields -nameorid operators -access S-Mar
212
213	The following example changes the privacy flags and sets group quota on
214	the user entry C<admin>. It retains the default values of the first,
215	fourth, and fifth flags, but sets the second and third flags, to enable
216	anyone to list the groups that C<admin> owns and belongs to. Users
217	authenticated as C<admin> can create an additional 50 groups.
218
219	% pts setfields -nameorid admin -access SOM-- -groupquota 50
220
221	=head1 PRIVILEGE REQUIRED
222
223	To edit group entries or set the privacy flags on any type of entry, the
224	issuer must own the entry or belong to the system:administrators group. To
225	set group-creation quota on a user entry, the issuer must belong to the
226	system:administrators group.
227
228	=head1 SEE ALSO
229
230	L<pts(1)>,
231	L<pts_adduser(1)>,
232	L<pts_examine(1)>,
233	L<pts_listowned(1)>,
234	L<pts_membership(1)>,
235	L<pts_removeuser(1)>
236
237	=head1 COPYRIGHT
238
239	IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
240
241	This documentation is covered by the IBM Public License Version 1.0. It was
242	converted from HTML to POD by software written by Chas Williams and Russ
243	Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.