3 pts_setfields - Sets privacy flags or quota for a Protection Database entry
10 B<pts setfields> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
11 S<<< [B<-access> <I<set privacy flags>>] >>>
12 S<<< [B<-groupquota> <I<set limit on group creation>>] >>>
13 S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>]
14 [B<-force>] [B<-help>] [B<-auth>] [B<-encrypt>]
15 S<<< [B<-config> <I<config directory>>] >>>
17 B<pts setf> S<<< B<-na> <I<user or group name or id>>+ >>>
18 S<<< [B<-ac> <I<set privacy flags>>] >>>
19 S<<< [B<-g> <I<set limit on group creation>>] >>> S<<< [B<-c> <I<cell name>>] >>>
20 [B<-no>] [B<-l>] [B<-f>] [B<-h>] [B<-au>] [B<-e>]
21 S<<< [B<-co> <I<config directory>>] >>>
28 The B<pts setfields> command sets the group-creation quota, the privacy
29 flags, or both, associated with each user, machine, or group entry
30 specified by the B<-nameorid> argument.
32 To examine the current quota and privacy flags, use the B<pts examine>
37 Changing a machine or group's group-creation quota is allowed, but not
38 recommended. The concept is meaningless for machines and groups, because
39 it is impossible to authenticate as a group or machine.
41 Similarly, some privacy flag settings do not have a sensible
42 interpretation. L</OPTIONS> specifies the appropriate settings.
48 =item B<-nameorid> <I<user or group name or id>>+
50 Specifies the name or AFS UID of each user, the IP address (complete or
51 wildcard-style) of each machine, or the name or AFS GID of each machine
52 for which to set privacy flags or group-creation quota. It is acceptable
53 to mix users, machines, and groups on the same command line, as well as
54 names (IP addresses for machines) and IDs. Precede the GID of each group
55 with a hyphen to indicate that it is negative.
57 =item B<-access> <I<privacy flags>>
59 Specifies the privacy flags to apply to each entry. Provide a string of
60 five characters, one for each of the permissions. If this option is
61 omitted, the current setting remains unchanged.
63 Set each flag to achieve the desired combination of permissions. If the
64 following list does not mention a certain setting, it is not
65 acceptable. For further discussion of the privacy flags, see
72 The first flag determines who can use the B<pts examine> command to
73 display information from a user, machine or group's Protection Database
80 Set it to lowercase C<s> to permit the members of the
81 system:administrators group to display a user, machine, or group entry,
82 the associated user to display a user entry, and the owner or members of a
83 group to display the group entry.
87 Set it to uppercase C<S> to permit anyone who can access the cell's
88 database server machines to display a user, machine, or group entry.
94 The second flag determines who can use the B<pts listowned> command to
95 list the groups that a user or group owns.
101 Set it to the hyphen (C<->) to permit the members of the
102 system:administrators group and a user to list the groups he or she owns,
103 or to permit the members of the system:administrators group and a group's
104 owner to list the groups that a group owns.
108 Set it to uppercase letter C<O> to permit anyone who can access the cell's
109 database server machines to list the groups owned by a machine or group
116 The third flag determines who can use the B<pts membership> command to
117 list the groups to which a user or machine belongs, or the users and
118 machines that belong to a group.
124 Set it to the hyphen (C<->) to permit the members of the
125 system:administrators group and a user to list the groups he or she
126 belongs to, to permit the members of the B<system:administrators> group to
127 list the groups a machine belongs to, or to permit the members of the
128 system:administrators group and a group's owner to list the users and
129 machines that belong to it.
133 Set it to lowercase C<m> to permit members of a group to list the other
134 members. (For user and machine entries, this setting is equivalent to the
139 Set it to uppercase C<M> to permit anyone who can access the cell's
140 database server machines to list membership information for a user,
147 The fourth flag determines who can use the B<pts adduser> command to add
148 users and machines as members of a group. This flag has no sensible
149 interpretation for user and machine entries, but must be set nonetheless,
150 preferably to the hyphen.
156 Set it to the hyphen (C<->) to permit the members of the
157 system:administrators group and the owner of the group to add members.
161 Set it to lowercase C<a> to permit members of a group to add other
166 Set it to uppercase C<A> to permit anyone who can access the cell's
167 database server machines to add members to a group.
173 The fifth flag determines who can use the B<pts removeuser> command to
174 remove users and machines from membership in a group. This flag has no
175 sensible interpretation for user and machine entries, but must be set
176 nonetheless, preferably to the hyphen.
182 Set it to the hyphen (C<->) to permit the members of the
183 system:administrators group and the owner of the group to remove members.
187 Set it to lowercase C<r> to permit members of a group to remove other
194 =item B<-groupquota> <I<group creation quota>>
196 Specifies the number of additional groups a user can create (it does not
197 matter how many he or she has created already). Do not include this
198 argument for a group or machine entry.
200 =include fragments/pts-common.pod
206 The following example changes the privacy flags on the group C<operators>,
207 retaining the default values of the first, second and third flags, but
208 setting the fourth and fifth flags to enable the group's members to add
209 and remove other members.
211 % pts setfields -nameorid operators -access S-Mar
213 The following example changes the privacy flags and sets group quota on
214 the user entry C<admin>. It retains the default values of the first,
215 fourth, and fifth flags, but sets the second and third flags, to enable
216 anyone to list the groups that C<admin> owns and belongs to. Users
217 authenticated as C<admin> can create an additional 50 groups.
219 % pts setfields -nameorid admin -access SOM-- -groupquota 50
221 =head1 PRIVILEGE REQUIRED
223 To edit group entries or set the privacy flags on any type of entry, the
224 issuer must own the entry or belong to the system:administrators group. To
225 set group-creation quota on a user entry, the issuer must belong to the
226 system:administrators group.
234 L<pts_membership(1)>,
239 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
241 This documentation is covered by the IBM Public License Version 1.0. It was
242 converted from HTML to POD by software written by Chas Williams and Russ
243 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.