Provided by: openafs-client_1.6.15-1ubuntu1.1_amd64 
NAME
pts_setfields - Sets privacy flags or quota for a Protection Database entry
SYNOPSIS
pts setfields -nameorid <user or group name or id>+
[-access <set privacy flags>]
[-groupquota <set limit on group creation>]
[-cell <cell name>] [-noauth] [-localauth]
[-force] [-help]
pts setf -na <user or group name or id>+
[-a <set privacy flags>]
[-g <set limit on group creation>] [-c <cell name>]
[-no] [-l] [-f] [-h]
DESCRIPTION
The pts setfields command sets the group-creation quota, the privacy flags, or both,
associated with each user, machine, or group entry specified by the -nameorid argument.
To examine the current quota and privacy flags, use the pts examine command.
CAUTIONS
Changing a machine or group's group-creation quota is allowed, but not recommended. The
concept is meaningless for machines and groups, because it is impossible to authenticate
as a group or machine.
Similarly, some privacy flag settings do not have a sensible interpretation. OPTIONS
specifies the appropriate settings.
OPTIONS
-nameorid <user or group name or id>+
Specifies the name or AFS UID of each user, the IP address (complete or wildcard-
style) of each machine, or the name or AFS GID of each machine for which to set
privacy flags or group-creation quota. It is acceptable to mix users, machines, and
groups on the same command line, as well as names (IP addresses for machines) and IDs.
Precede the GID of each group with a hyphen to indicate that it is negative.
-access <privacy flags>
Specifies the privacy flags to apply to each entry. Provide a string of five
characters, one for each of the permissions. If this option is omitted, the current
setting remains unchanged.
Set each flag to achieve the desired combination of permissions. If the following list
does not mention a certain setting, it is not acceptable. For further discussion of
the privacy flags, see pts_examine(1).
• The first flag determines who can use the pts examine command to display
information from a user, machine or group's Protection Database entry.
• Set it to lowercase "s" to permit the members of the system:administrators
group to display a user, machine, or group entry, the associated user to
display a user entry, and the owner or members of a group to display the group
entry.
• Set it to uppercase "S" to permit anyone who can access the cell's database
server machines to display a user, machine, or group entry.
• The second flag determines who can use the pts listowned command to list the
groups that a user or group owns.
• Set it to the hyphen ("-") to permit the members of the system:administrators
group and a user to list the groups he or she owns, or to permit the members
of the system:administrators group and a group's owner to list the groups that
a group owns.
• Set it to uppercase letter "O" to permit anyone who can access the cell's
database server machines to list the groups owned by a machine or group entry.
• The third flag determines who can use the pts membership command to list the
groups to which a user or machine belongs, or the users and machines that belong
to a group.
• Set it to the hyphen ("-") to permit the members of the system:administrators
group and a user to list the groups he or she belongs to, to permit the
members of the system:administrators group to list the groups a machine
belongs to, or to permit the members of the system:administrators group and a
group's owner to list the users and machines that belong to it.
• Set it to lowercase "m" to permit members of a group to list the other
members. (For user and machine entries, this setting is equivalent to the
hyphen.)
• Set it to uppercase "M" to permit anyone who can access the cell's database
server machines to list membership information for a user, machine or group.
• The fourth flag determines who can use the pts adduser command to add users and
machines as members of a group. This flag has no sensible interpretation for user
and machine entries, but must be set nonetheless, preferably to the hyphen.
• Set it to the hyphen ("-") to permit the members of the system:administrators
group and the owner of the group to add members.
• Set it to lowercase "a" to permit members of a group to add other members.
• Set it to uppercase "A" to permit anyone who can access the cell's database
server machines to add members to a group.
• The fifth flag determines who can use the pts removeuser command to remove users
and machines from membership in a group. This flag has no sensible interpretation
for user and machine entries, but must be set nonetheless, preferably to the
hyphen.
• Set it to the hyphen ("-") to permit the members of the system:administrators
group and the owner of the group to remove members.
• Set it to lowercase "r" to permit members of a group to remove other members.
-groupquota <group creation quota>
Specifies the number of additional groups a user can create (it does not matter how
many he or she has created already). Do not include this argument for a group or
machine entry.
-cell <cell name>
Names the cell in which to run the command. For more details, see pts(1).
-force
Enables the command to continue executing as far as possible when errors or other
problems occur, rather than halting execution at the first error.
-help
Prints the online help for this command. All other valid options are ignored.
-localauth
Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile
file. Do not combine this flag with the -cell or -noauth options. For more details,
see pts(1).
-noauth
Assigns the unprivileged identity anonymous to the issuer. For more details, see
pts(1).
EXAMPLES
The following example changes the privacy flags on the group "operators", retaining the
default values of the first, second and third flags, but setting the fourth and fifth
flags to enable the group's members to add and remove other members.
% pts setfields -nameorid operators -access S-Mar
The following example changes the privacy flags and sets group quota on the user entry
"admin". It retains the default values of the first, fourth, and fifth flags, but sets the
second and third flags, to enable anyone to list the groups that "admin" owns and belongs
to. Users authenticated as "admin" can create an additional 50 groups.
% pts setfields -nameorid admin -access SOM-- -groupquota 50
PRIVILEGE REQUIRED
To edit group entries or set the privacy flags on any type of entry, the issuer must own
the entry or belong to the system:administrators group. To set group-creation quota on a
user entry, the issuer must belong to the system:administrators group.
SEE ALSO
pts(1), pts_adduser(1), pts_examine(1), pts_listowned(1), pts_membership(1),
pts_removeuser(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted
from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
Alf Wachsmann and Elizabeth Cassell.