pts_getcps - Displays the Current Protection Set for one or more entries
pts getcps -nameorid <user or group name or id>+ [-cell <cell name>] [-noauth] [-localauth] [-force] [-auth] [-help] [-encrypt [<yes|no>]] [-config <configuration file>]
The pts getcps command displays the current protection set (CPS) for user, machine, network or group entries specified by the -nameorid argument.
Specifies the name or AFS UID of each user, the name or AFS GID of each group, or the IP address (complete or wildcard-style) or AFS UID of each machine. It is acceptable to mix users, machines, and groups on the same command line, as well as names (IP addresses for machines) and IDs. Precede the GID of each group with a hyphen to indicate that it is negative.
Use the calling user's tokens to communicate with the Protection Server. For more details, see pts(1).
Names the cell in which to run the command. For more details, see pts(1).
Sets the location of the configuration file to be used. The default file is /etc/yfs/yfs-client.conf. For more details, see pts(1).
Enables or disables encryption for any communication with the Protection Server. For more details, see pts(1).
Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.
Prints the online help for this command. All other valid options are ignored.
Constructs a server ticket using a key from the local /etc/yfs/server/KeyFileExt file. Do not combine this flag with the -cell or -noauth options. For more details, see pts(1).
Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).
The output for each entry consists of one line that include the following fields:
The contents of this field depend on the type of entry:
For a user or machine entry, it is the name associated with the entry's UID.
For a network entry, it is either a single IP version 4 address in dotted decimal format, or a wildcard notation that represents a sub-network. See the pts_createuser(1) reference page for an explanation of the wildcard notation.
For a group entry,
it is one of two types of group name.
If the name has a colon between the two parts,
it represents a regular group and the part before the prefix reflects the group's owner.
A prefix-less group does not have the owner field or the colon (:
).
For more details on group names,
see the pts_creategroup(1) reference page.
A unique number that is used to identify users, machines, networks, and groups. Auristor user, machine and network numbers (AUNs) are positive integers. Auristor Group Numbers (AGNs) are negative integers. The AUNs and AGNs managed by the Protection Service function similarly to the AUNs and AGNs used in local file systems, but apply only to /afs access control list (ACL) processing and other cell operations.
This is followed by one line for each of the CPS entries. Each entry consists of a Name and id as described above.
The following example displays the CPS for terry
.
% pts getcps terry Name: terry, id: 1045, cps: system:authuser (-102) system:anyuser (-101) terry (1045) .
The following example displays the entries for the Auristor groups with AGNs -102..
% pts getcps -102 Name: system:authuser, id: -102, cps list: system:authuser (-102) system:anyuser (-101) .
Members of the system:ptsviewers
and system:administrators
groups can always use this command in any of its variations. Additionally, an authenticated user or machine can always list the groups to which they belong, and the owner of a group can always list the members of the group.
Additional privileges may be granted by the setting of the (M
) privacy flag in the Protection Service entry of each user, machine or group indicated by the -nameorid argument (use the pts_examine(1) command to display the flags):
If it is a hyphen, the default permissions described above apply.
If it is lowercase m
and the -nameorid argument specifies a group, then members of that group can also list the other members. A privacy flag of m
only changes the permissions when set for a group. Setting this flag for a user, machine or network has no effect.
If it is uppercase M
, anyone who can access the cell's Protection Servers can list the membership of the group or the groups to which that user, machine, or network belongs.
pts(1), pts_creategroup(1), pts_createuser(1), pts_examine(1), pts_membership(1)
"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)
"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)
The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).
"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).
"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.