Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PTS(1)			     AFS Command Reference			PTS(1)

       pts - Introduction to the pts command suite

       The commands in the pts command suite are the administrative interface
       to the Protection Server, which runs on each database server machine in
       a cell and maintains the	Protection Database. The database stores the
       information that	AFS uses to augment and	refine the standard UNIX
       scheme for controlling access to	files and directories.

       Instead of relying only on the mode bits	that define access rights for
       individual files, AFS associates	an access control list (ACL) with each
       directory. The ACL lists	users and groups and specifies which of	seven
       possible	access permissions they	have for the directory and the files
       it contains. (It	is still possible to set a directory or	file's mode
       bits, but AFS interprets	them in	its own	way; see the chapter on
       protection in the OpenAFS Administration	Guide for details.)

       AFS enables users to define groups in the Protection Database and place
       them on ACLs to extend a	set of rights to multiple users
       simultaneously.	Groups simplify	administration by making it possible
       to add someone to many ACLs by adding them to a group that already
       exists on those ACLs. Machines can also be members of a group, so that
       users logged into the machine automatically inherit the permissions
       granted to the group.

       There are several categories of commands	in the pts command suite:

       o   Commands to create and remove Protection Database entries: pts
	   creategroup,	pts createuser,	and pts	delete.

       o   Commands to administer and display group membership:	pts adduser,
	   pts listowned, pts membership, and pts removeuser.

       o   Commands to administer and display properties of user and group
	   entries other than membership: pts chown, pts examine, pts
	   listentries,	pts rename, and	pts setfields.

       o   Commands to set and examine the counters used when assigning	IDs to
	   users and groups: pts listmax and pts setmax.

       o   Commands to run commands interactively: pts interactive, pts	sleep,
	   and pts quit.

       o   A command to	run commands from a file: pts source.

       o   Commands to obtain help: pts	apropos	and pts	help.

       o   A command to	display	the OpenAFS command suite version: pts

       The following arguments and flags are available on many commands	in the
       pts suite. The reference	page for each command also lists them, but
       they are	described here in greater detail.

       -cell <cell name>
	   Names the cell in which to run the command. It is acceptable	to
	   abbreviate the cell name to the shortest form that distinguishes it
	   from	the other entries in the /usr/local/etc/openafs/CellServDB
	   file	on the local machine. If the -cell argument is omitted,	the
	   command interpreter determines the name of the local	cell by
	   reading the following in order:

	   o   The value of the	AFSCELL	environment variable.

	   o   The local /usr/local/etc/openafs/ThisCell file.

	       Do not combine the -cell	and -localauth options.	A command on
	       which the -localauth flag is included always runs in the	local
	       cell (as	defined	in the server machine's	local
	       /usr/local/etc/openafs/server/ThisCell file), whereas a command
	       on which	the -cell argument is included runs in the specified
	       foreign cell.

	   Enables the command to continue executing as	far as possible	when
	   errors or other problems occur, rather than halting execution
	   immediately.	 Without it, the command halts as soon as the first
	   error is encountered. In either case, the pts command interpreter
	   reports errors at the command shell.	This flag is especially	useful
	   if the issuer provides many values for a command line argument; if
	   one of them is invalid, the command interpreter continues on	to
	   process the remaining arguments.

	   Prints a command's online help message on the standard output
	   stream. Do not combine this flag with any of	the command's other
	   options; when it is provided, the command interpreter ignores all
	   other options, and only prints the help message.

	   Establishes an unauthenticated connection to	the Protection Server,
	   in which the	server treats the issuer as the	unprivileged user
	   "anonymous".	It is useful only when authorization checking is
	   disabled on the server machine (during the installation of a	file
	   server machine or when the bos setauth command has been used	during
	   other unusual circumstances). In normal circumstances, the
	   Protection Server allows only privileged users to issue commands
	   that	change the Protection Database,	and refuses to perform such an
	   action even if the -noauth flag is provided.

	   Establishes an authenticated, encrypted connection to the
	   Protection Server.  It is useful when it is desired to obscure
	   network traffic related to the transactions being done.

	   Constructs a	server ticket using the	server encryption key with the
	   highest key version number in the local
	   /usr/local/etc/openafs/server/KeyFile file. The pts command
	   interpreter presents	the ticket, which never	expires, to the	BOS
	   Server during mutual	authentication.

	   Use this flag only when issuing a command on	a server machine;
	   client machines do not usually have a
	   /usr/local/etc/openafs/server/KeyFile file.	The issuer of a
	   command that	includes this flag must	be logged on to	the server
	   machine as the local	superuser "root". The flag is useful for
	   commands invoked by an unattended application program, such as a
	   process controlled by the UNIX cron utility.	It is also useful if
	   an administrator is unable to authenticate to AFS but is logged in
	   as the local	superuser "root".

	   Do not combine the -cell and	-localauth options. A command on which
	   the -localauth flag is included always runs in the local cell (as
	   defined in the server machine's local
	   /usr/local/etc/openafs/server/ThisCell file), whereas a command on
	   which the -cell argument is included	runs in	the specified foreign
	   cell. Also, do not combine the -localauth and -noauth flags.

       Members of the system:administrators group can issue all	pts commands
       on any entry in the Protection Database.

       Users who do not	belong to the system:administrators group can list
       information about their own entry and any group entries they own. The
       privacy flags set with the pts setfields	command	control	access to
       entries owned by	other users.

       pts_adduser(1), pts_apropos(1), pts_chown(1), pts_creategroup(1),
       pts_createuser(1), pts_delete(1), pts_examine(1), pts_help(1),
       pts_interactive(1), pts_listentries(1), pts_listmax(1),
       pts_listowned(1), pts_membership(1), pts_quit(1), pts_removeuser(1),
       pts_rename(1), pts_setfields(1),	pts_setmax(1), pts_sleep(1),

       The OpenAFS Administration Guide	at

       IBM Corporation 2000. <> All Rights Reserved.

       This documentation is covered by	the IBM	Public License Version 1.0.
       It was converted	from HTML to POD by software written by	Chas Williams
       and Russ	Allbery, based on work by Alf Wachsmann	and Elizabeth Cassell.

OpenAFS				  2016-12-14				PTS(1)


Want to link to this manual page? Use this URL:

home | help