Provided by: openafs-client_1.4.1-2_i386 bug


       pts - Introduction to the pts command suite


       The commands in the pts command suite are the administrative interface
       to the Protection Server, which runs on each database server machine in
       a cell and maintains the Protection Database. The database stores the
       information that AFS uses to augment and refine the standard UNIX
       scheme for controlling access to files and directories.

       Instead of relying only on the mode bits that define access rights for
       individual files, AFS associates an access control list (ACL) with each
       directory. The ACL lists users and groups and specifies which of seven
       possible access permissions they have for the directory and the files
       it contains. (It is still possible to set a directory or file’s mode
       bits, but AFS interprets them in its own way; see the chapter on
       protection in the IBM AFS Administration Guide for details.)

       AFS enables users to define groups in the Protection Database and place
       them on ACLs to extend a set of rights to multiple users
       simultaneously.  Groups simplify administration by making it possible
       to add someone to many ACLs by adding them to a group that already
       exists on those ACLs. Machines can also be members of a group, so that
       users logged into the machine automatically inherit the permissions
       granted to the group.

       There are several categories of commands in the pts command suite:

       ·   Commands to create and remove Protection Database entries: pts
           creategroup, pts createuser, and pts delete.

       ·   Commands to administer and display group membership: pts adduser,
           pts listowned, pts membership, and pts removeuser.

       ·   Commands to administer and display properties of user and group
           entries other than membership: pts chown, pts examine, pts
           listentries, pts rename, and pts setfields.

       ·   Commands to set and examine the counters used when assigning IDs to
           users and groups: pts listmax and pts setmax.

       ·   Commands to obtain help: pts apropos and pts help.


       The following arguments and flags are available on many commands in the
       pts suite. The reference page for each command also lists them, but
       they are described here in greater detail.

       -cell <cell name>
           Names the cell in which to run the command. It is acceptable to
           abbreviate the cell name to the shortest form that distinguishes it
           from the other entries in the /etc/openafs/CellServDB file on the
           local machine. If the -cell argument is omitted, the command
           interpreter determines the name of the local cell by reading the
           following in order:

       ·       The value of the AFSCELL environment variable.

       ·       The local /etc/openafs/ThisCell file.

           Enables the command to continue executing as far as possible when
           errors or other problems occur, rather than halting execution
           immediately.  Without it, the command halts as soon as the first
           error is encountered. In either case, the pts command interpreter
           reports errors at the command shell. This flag is especially useful
           if the issuer provides many values for a command line argument; if
           one of them is invalid, the command interpreter continues on to
           process the remaining arguments.

           Prints a command’s online help message on the standard output
           stream. Do not combine this flag with any of the command’s other
           options; when it is provided, the command interpreter ignores all
           other options, and only prints the help message.

           Establishes an unauthenticated connection to the Protection Server,
           in which the server treats the issuer as the unprivileged user
           anonymous. It is useful only when authorization checking is
           disabled on the server machine (during the installation of a file
           server machine or when the bos setauth command has been used during
           other unusual circumstances). In normal circumstances, the
           Protection Server allows only privileged users to issue commands
           that change the Protection Database, and refuses to perform such an
           action even if the -noauth flag is provided.


       Members of the system:administrators group can issue all pts commands
       on any entry in the Protection Database.

       Users who do not belong to the system:administrators group can list
       information about their own entry and any group entries they own. The
       privacy flags set with the pts setfields command control access to
       entries owned by other users.


       the pts_adduser(1) manpage, the pts_apropos(1) manpage, the
       pts_chown(1) manpage, the pts_creategroup(1) manpage, the
       pts_createuser(1) manpage, the pts_delete(1) manpage, the
       pts_examine(1) manpage, the pts_help(1) manpage, the pts_listentries(1)
       manpage, the pts_listmax(1) manpage, the pts_listowned(1) manpage, the
       pts_membership(1) manpage, the pts_removeuser(1) manpage, the
       pts_rename(1) manpage, the pts_setfields(1) manpage, the pts_setmax(1)


       IBM Corporation 2000. <> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.
       It was converted from HTML to POD by software written by Chas Williams
       and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.