Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | pts_setfields - Sets privacy flags or quota for a Protection Database entry | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<pts setfields> S<<< B<-nameorid> <I<user or group name or id>>+ >>> | |
11 | S<<< [B<-access> <I<set privacy flags>>] >>> | |
12 | S<<< [B<-groupquota> <I<set limit on group creation>>] >>> | |
13 | S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] | |
14 | [B<-force>] [B<-help>] [B<-auth>] [B<-encrypt>] | |
15 | S<<< [B<-config> <I<config directory>>] >>> | |
16 | ||
17 | B<pts setf> S<<< B<-na> <I<user or group name or id>>+ >>> | |
18 | S<<< [B<-ac> <I<set privacy flags>>] >>> | |
19 | S<<< [B<-g> <I<set limit on group creation>>] >>> S<<< [B<-c> <I<cell name>>] >>> | |
20 | [B<-no>] [B<-l>] [B<-f>] [B<-h>] [B<-au>] [B<-e>] | |
21 | S<<< [B<-co> <I<config directory>>] >>> | |
22 | ||
23 | =for html | |
24 | </div> | |
25 | ||
26 | =head1 DESCRIPTION | |
27 | ||
28 | The B<pts setfields> command sets the group-creation quota, the privacy | |
29 | flags, or both, associated with each user, machine, or group entry | |
30 | specified by the B<-nameorid> argument. | |
31 | ||
32 | To examine the current quota and privacy flags, use the B<pts examine> | |
33 | command. | |
34 | ||
35 | =head1 CAUTIONS | |
36 | ||
37 | Changing a machine or group's group-creation quota is allowed, but not | |
38 | recommended. The concept is meaningless for machines and groups, because | |
39 | it is impossible to authenticate as a group or machine. | |
40 | ||
41 | Similarly, some privacy flag settings do not have a sensible | |
42 | interpretation. L</OPTIONS> specifies the appropriate settings. | |
43 | ||
44 | =head1 OPTIONS | |
45 | ||
46 | =over 4 | |
47 | ||
48 | =item B<-nameorid> <I<user or group name or id>>+ | |
49 | ||
50 | Specifies the name or AFS UID of each user, the IP address (complete or | |
51 | wildcard-style) of each machine, or the name or AFS GID of each machine | |
52 | for which to set privacy flags or group-creation quota. It is acceptable | |
53 | to mix users, machines, and groups on the same command line, as well as | |
54 | names (IP addresses for machines) and IDs. Precede the GID of each group | |
55 | with a hyphen to indicate that it is negative. | |
56 | ||
57 | =item B<-access> <I<privacy flags>> | |
58 | ||
59 | Specifies the privacy flags to apply to each entry. Provide a string of | |
60 | five characters, one for each of the permissions. If this option is | |
61 | omitted, the current setting remains unchanged. | |
62 | ||
63 | Set each flag to achieve the desired combination of permissions. If the | |
64 | following list does not mention a certain setting, it is not | |
65 | acceptable. For further discussion of the privacy flags, see | |
66 | L<pts_examine(1)>. | |
67 | ||
68 | =over 4 | |
69 | ||
70 | =item * | |
71 | ||
72 | The first flag determines who can use the B<pts examine> command to | |
73 | display information from a user, machine or group's Protection Database | |
74 | entry. | |
75 | ||
76 | =over 4 | |
77 | ||
78 | =item * | |
79 | ||
80 | Set it to lowercase C<s> to permit the members of the | |
81 | system:administrators group to display a user, machine, or group entry, | |
82 | the associated user to display a user entry, and the owner or members of a | |
83 | group to display the group entry. | |
84 | ||
85 | =item * | |
86 | ||
87 | Set it to uppercase C<S> to permit anyone who can access the cell's | |
88 | database server machines to display a user, machine, or group entry. | |
89 | ||
90 | =back | |
91 | ||
92 | =item * | |
93 | ||
94 | The second flag determines who can use the B<pts listowned> command to | |
95 | list the groups that a user or group owns. | |
96 | ||
97 | =over 4 | |
98 | ||
99 | =item * | |
100 | ||
101 | Set it to the hyphen (C<->) to permit the members of the | |
102 | system:administrators group and a user to list the groups he or she owns, | |
103 | or to permit the members of the system:administrators group and a group's | |
104 | owner to list the groups that a group owns. | |
105 | ||
106 | =item * | |
107 | ||
108 | Set it to uppercase letter C<O> to permit anyone who can access the cell's | |
109 | database server machines to list the groups owned by a machine or group | |
110 | entry. | |
111 | ||
112 | =back | |
113 | ||
114 | =item * | |
115 | ||
116 | The third flag determines who can use the B<pts membership> command to | |
117 | list the groups to which a user or machine belongs, or the users and | |
118 | machines that belong to a group. | |
119 | ||
120 | =over 4 | |
121 | ||
122 | =item * | |
123 | ||
124 | Set it to the hyphen (C<->) to permit the members of the | |
125 | system:administrators group and a user to list the groups he or she | |
126 | belongs to, to permit the members of the B<system:administrators> group to | |
127 | list the groups a machine belongs to, or to permit the members of the | |
128 | system:administrators group and a group's owner to list the users and | |
129 | machines that belong to it. | |
130 | ||
131 | =item * | |
132 | ||
133 | Set it to lowercase C<m> to permit members of a group to list the other | |
134 | members. (For user and machine entries, this setting is equivalent to the | |
135 | hyphen.) | |
136 | ||
137 | =item * | |
138 | ||
139 | Set it to uppercase C<M> to permit anyone who can access the cell's | |
140 | database server machines to list membership information for a user, | |
141 | machine or group. | |
142 | ||
143 | =back | |
144 | ||
145 | =item * | |
146 | ||
147 | The fourth flag determines who can use the B<pts adduser> command to add | |
148 | users and machines as members of a group. This flag has no sensible | |
149 | interpretation for user and machine entries, but must be set nonetheless, | |
150 | preferably to the hyphen. | |
151 | ||
152 | =over 4 | |
153 | ||
154 | =item * | |
155 | ||
156 | Set it to the hyphen (C<->) to permit the members of the | |
157 | system:administrators group and the owner of the group to add members. | |
158 | ||
159 | =item * | |
160 | ||
161 | Set it to lowercase C<a> to permit members of a group to add other | |
162 | members. | |
163 | ||
164 | =item * | |
165 | ||
166 | Set it to uppercase C<A> to permit anyone who can access the cell's | |
167 | database server machines to add members to a group. | |
168 | ||
169 | =back | |
170 | ||
171 | =item * | |
172 | ||
173 | The fifth flag determines who can use the B<pts removeuser> command to | |
174 | remove users and machines from membership in a group. This flag has no | |
175 | sensible interpretation for user and machine entries, but must be set | |
176 | nonetheless, preferably to the hyphen. | |
177 | ||
178 | =over 4 | |
179 | ||
180 | =item * | |
181 | ||
182 | Set it to the hyphen (C<->) to permit the members of the | |
183 | system:administrators group and the owner of the group to remove members. | |
184 | ||
185 | =item * | |
186 | ||
187 | Set it to lowercase C<r> to permit members of a group to remove other | |
188 | members. | |
189 | ||
190 | =back | |
191 | ||
192 | =back | |
193 | ||
194 | =item B<-groupquota> <I<group creation quota>> | |
195 | ||
196 | Specifies the number of additional groups a user can create (it does not | |
197 | matter how many he or she has created already). Do not include this | |
198 | argument for a group or machine entry. | |
199 | ||
200 | =include fragments/pts-common.pod | |
201 | ||
202 | =back | |
203 | ||
204 | =head1 EXAMPLES | |
205 | ||
206 | The following example changes the privacy flags on the group C<operators>, | |
207 | retaining the default values of the first, second and third flags, but | |
208 | setting the fourth and fifth flags to enable the group's members to add | |
209 | and remove other members. | |
210 | ||
211 | % pts setfields -nameorid operators -access S-Mar | |
212 | ||
213 | The following example changes the privacy flags and sets group quota on | |
214 | the user entry C<admin>. It retains the default values of the first, | |
215 | fourth, and fifth flags, but sets the second and third flags, to enable | |
216 | anyone to list the groups that C<admin> owns and belongs to. Users | |
217 | authenticated as C<admin> can create an additional 50 groups. | |
218 | ||
219 | % pts setfields -nameorid admin -access SOM-- -groupquota 50 | |
220 | ||
221 | =head1 PRIVILEGE REQUIRED | |
222 | ||
223 | To edit group entries or set the privacy flags on any type of entry, the | |
224 | issuer must own the entry or belong to the system:administrators group. To | |
225 | set group-creation quota on a user entry, the issuer must belong to the | |
226 | system:administrators group. | |
227 | ||
228 | =head1 SEE ALSO | |
229 | ||
230 | L<pts(1)>, | |
231 | L<pts_adduser(1)>, | |
232 | L<pts_examine(1)>, | |
233 | L<pts_listowned(1)>, | |
234 | L<pts_membership(1)>, | |
235 | L<pts_removeuser(1)> | |
236 | ||
237 | =head1 COPYRIGHT | |
238 | ||
239 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
240 | ||
241 | This documentation is covered by the IBM Public License Version 1.0. It was | |
242 | converted from HTML to POD by software written by Chas Williams and Russ | |
243 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |