NAME

pts_creategroup - Creates an (empty) Protection Service group entry

SYNOPSIS

pts creategroup -name <group name>+ [-owner <owner of the group>] [-id <id (negated) for the group>+] [-cell <cell name>] [-noauth] [-localauth] [-force] [-help] [-auth] [-encrypt [<yes|no>]] [-config <configuration file>]

DESCRIPTION

The pts creategroup command (alias pts cg creates a Protection Service entry for each group specified by the -name argument. The entry records the issuer of the command as the group's creator, and as the group's owner unless the -owner argument names an alternate user or group as the owner.

There are two types of groups:

Creating a group lowers the issuer's group-creation quota by one. This is true even if the -owner argument is used to assign ownership to an alternate user or group. To display a user's group-creation quota, use the pts_examine(1) command; to set it, use the pts_setfields(1) command.

Auristor Group Numbers (AGNs) are negative integers and by default the Protection Service assigns an AGN that is one less (more negative) than the current value of the max group id counter, decrementing the counter by one for each group. Members of the system:administrators group can use the -id argument to assign specific AGNs. If any of the specified AGNs is lower (more negative) than the current value of the max group id counter, the counter is reset to that value. It is acceptable to specify an AGN greater (less negative) than the current value of the counter, but the creation operation fails if an existing group is already assigned that value. To display the value of the max group id counter, use the pts_listmax(1) command. To set the value of the max group id counter, use the pts_setmax(1) command.

CAUTIONS

The Protection Server reserves the following AGN values:

-101

GID -101 is reserved for system:anyuser

-102

GID -102 is reserved for system:authuser

-203

GID -203 is reserved for system:viewer

-204

GID -204 is reserved for system:administrators

-205

GID -205 is reserved for system:backup

The value 0 (zero) is not valid as either a AUN or a AGN.

OUTPUT

The command generates the following string to confirm creation of each group:

   group <name> has id <AGN>

CAUTIONS

While designating a machine as a group's owner does not cause an error, it is not recommended. The Protection Server does not extend the usual privileges of group ownership to users logged onto the machine.

OPTIONS

-name <group name>

Specifies the name of each group to create. Provide a string of up to 63 characters, which can include lowercase (but not uppercase) letters, numbers, and punctuation marks. A regular name includes a single colon (:) to separate the two parts of the name; the colon cannot appear in a prefix-less group name.

A regular group's name must have the following format:

   I<owner_name>:I<group_name>

and the <owner_name> field must reflect the actual owner of the group, as follows:

-owner <owner of the group>

Specifies a user or group as the owner for each group, rather than the issuer of the command. Provide either a username or the name of a regular or prefix-less group. An owning group must already have at least one member. This requirement prevents assignment of self-ownership to a group during its creation; use the pts_chown(1) command after issuing this command, if desired.

-id <id for the group>

Specifies an AGN number (a negative integer) for each group, rather than allowing the Protection Service to assign it. Precede the integer with a hyphen (-) to indicate that it is negative.

If this argument is used and the -name argument names multiple new groups, it is best to provide an equivalent number of AGNs. The first AGN is assigned to the first group, the second to the second group, and so on. If there are fewer AGNs than groups, the Protection Service assigns AGNs to the unmatched groups based on the max group id counter. If there are more AGNs than groups, the excess AGNs are ignored. If any of the AGNs are lower (more negative) than the current value of the max group id counter, the counter is reset to that value.

-auth

Use the calling user's tokens to communicate with the Protection Server. For more details, see pts(1).

-cell <cell name>

Names the cell in which to run the command. For more details, see pts(1).

-config <configuration file>

Sets the location of the configuration file to be used. The default file is /etc/yfs/yfs-client.conf. For more details, see pts(1).

-encrypt [<yes|no>]

Enables or disables encryption for any communication with the Protection Server. For more details, see pts(1).

-force

Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.

-help

Prints the online help for this command. All other valid options are ignored.

-localauth

Constructs a server ticket using a key from the local /etc/yfs/server/KeyFileExt file. Do not combine this flag with the -cell or -noauth options. For more details, see pts(1).

-noauth

Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).

EXAMPLES

In the following example, the user pat creates groups called pat:friends and pat:colleagues.

   % pts creategroup -name pat:friends pat:colleagues

The following example shows a member of the system:administrators group creating the prefix-less group staff and assigning its ownership to the system:administrators group rather than to herself.

   % pts creategroup -name staff -owner system:administrators

In the following example, the user pat creates a group called smith:team-members, which is allowed because the -owner argument specifies the required value (smith).

   % pts creategroup -name smith:team-members -owner smith

PRIVILEGE REQUIRED

The issuer must belong to the system:administrators group to create prefix-less groups or include the -id argument.

To create a regular group, the issuer must

SEE ALSO

pts(1), pts_examine(1), pts_listmax(1), pts_setaccess(1), pts_setfields(1), pts_setmax(1)

COPYRIGHT

IBM Corporation 2000. http://www.ibm.com/ All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

ACKNOWLEDGEMENTS

"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)

"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)

The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).

"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).

"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.