Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PTS_CREATEGROUP(1)	     AFS Command Reference	    PTS_CREATEGROUP(1)

NAME
       pts_creategroup - Creates an (empty) Protection Database	group entry

SYNOPSIS
       pts creategroup -name <group name>+
	   [-owner <owner of the group>]
	   [-id	<id (negated) for the group>+] [-cell <cell name>]
	   [-noauth] [-localauth] [-force] [-help]

       pts createg -na <group name>+  [-o <owner of the	group>]
	   [-i <id (negated) for the group>+] [-c <cell	name>]
	   [-no] [-l] [-f] [-h]

       pts cg -na <group name>+	[-o <owner of the group>]
	   [-i <id (negated) for the group>+] [-c <cell	name>]
	   [-no] [-l] [-f] [-h]

DESCRIPTION
       The pts creategroup command creates an entry in the Protection Database
       for each	group specified	by the -name argument. The entry records the
       issuer of the command as	the group's creator, and as the	group's	owner
       unless the -owner argument names	an alternate user or group as the
       owner.

       There are two types of groups:

       o   regular, the	names of which have two	parts separated	by a colon.
	   The part before the colon names the group's owner.  Any user	can
	   create such groups.

       o   prefix-less,	which do not have an owner prefix. Only	members	of the
	   system:administrators group can create prefix-less groups.

       Creating	a group	lowers the issuer's group-creation quota by one. This
       is true even if the -owner argument is used to assign ownership to an
       alternate user or group.	To display a user's group-creation quota, use
       the pts examine command;	to set it, use the pts setfields command.

       AFS group ID (AFS GID) numbers are negative integers and	by default the
       Protection Server assigns a GID that is one less	(more negative)	than
       the current value of the	"max group id" counter in the Protection
       Database, decrementing the counter by one for each group. Members of
       the system:administrators group can use the -id argument	to assign
       specific	AFS GID	numbers. If any	of the specified GIDs is lower (more
       negative) than the current value	of the "max group id" counter, the
       counter is reset	to that	value. It is acceptable	to specify a GID
       greater (less negative) than the	current	value of the counter, but the
       creation	operation fails	if an existing group already has it. To
       display or set the value	of the "max group id" counter, use the pts
       listmax or pts setmax command, respectively.

OUTPUT
       The command generates the following string to confirm creation of each
       group:

	  group	<name> has id <AFS GID>

CAUTIONS
       Although	using the -owner argument to designate a machine entry as a
       group's owner does not generate an error, it is not recommended.	The
       Protection Server does not extend the usual privileges of group
       ownership to users logged onto the machine.

OPTIONS
       -name <group name>
	   Specifies the name of each group to create. Provide a string	of up
	   to 63 characters, which can include lowercase (but not uppercase)
	   letters, numbers, and punctuation marks. A regular name includes a
	   single colon	(":") to separate the two parts	of the name; the colon
	   cannot appear in a prefix-less group	name.

	   A regular group's name must have the	following format:

	      <owner_name>:<group_name>

	   and the <owner_name>	field must reflect the actual owner of the
	   group, as follows:

	   o   If the optional -owner argument is not included,	the field must
	       match the AFS username under which the issuer is	currently
	       authenticated.

	   o   If the -owner argument names an alternate AFS user, the field
	       must match that AFS username.

	   o   If the -owner argument names another regular group, the field
	       must match the owning group's owner field (the part of its name
	       before the colon). If the -owner	argument names a prefix-less
	       group, the field	must match the owning group's complete name.

       -owner <owner of	the group>
	   Specifies a user or group as	the owner for each group, rather than
	   the issuer of the command. Provide either an	AFS username or	the
	   name	of a regular or	prefix-less group. An owning group must
	   already have	at least one member. This requirement prevents
	   assignment of self-ownership	to a group during its creation;	use
	   the pts chown command after issuing this command, if	desired.

       -id <id for the group>
	   Specifies a negative	integer	AFS GID	number for each	group, rather
	   than	allowing the Protection	Server to assign it. Precede the
	   integer with	a hyphen ("-") to indicate that	it is negative.

	   If this argument is used and	the -name argument names multiple new
	   groups, it is best to provide an equivalent number of AFS GIDs. The
	   first GID is	assigned to the	first group, the second	to the second
	   group, and so on. If	there are fewer	GIDs than groups, the
	   Protection Server assigns GIDs to the unmatched groups based	on the
	   "max	group id" counter. If there are	more GIDs than groups, the
	   excess GIDs are ignored. If any of the GIDs is lower	(more
	   negative) than the current value of the "max	group id" counter, the
	   counter is reset to that value.

       -cell <cell name>
	   Names the cell in which to run the command. For more	details, see
	   pts(1).

       -force
	   Enables the command to continue executing as	far as possible	when
	   errors or other problems occur, rather than halting execution at
	   the first error.

       -help
	   Prints the online help for this command. All	other valid options
	   are ignored.

       -localauth
	   Constructs a	server ticket using a key from the local
	   /usr/local/etc/openafs/server/KeyFile file. Do not combine this
	   flag	with the -cell or -noauth options. For more details, see
	   pts(1).

       -noauth
	   Assigns the unprivileged identity anonymous to the issuer. For more
	   details, see	pts(1).

EXAMPLES
       In the following	example, the user pat creates groups called
       "pat:friends" and "pat:colleagues".

	  % pts	creategroup -name pat:friends pat:colleagues

       The following example shows a member of the system:administrators group
       creating	the prefix-less	group "staff" and assigning its	ownership to
       the system:administrators group rather than to herself.

	  % pts	creategroup -name staff	-owner system:administrators

       In the following	example, the user pat creates a	group called
       "smith:team-members", which is allowed because the -owner argument
       specifies the required value ("smith").

	  % pts	creategroup -name smith:team-members -owner smith

PRIVILEGE REQUIRED
       The issuer must belong to the system:administrators group to create
       prefix-less groups or include the -id argument.

       To create a regular group, the issuer must

       o   Be authenticated. The command fails if the -noauth flag is
	   provided.

       o   Have	a group-creation quota greater than zero. The pts examine
	   command displays this quota.

SEE ALSO
       pts(1), pts_examine(1), pts_listmax(1), pts_setfields(1), pts_setmax(1)

COPYRIGHT
       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by	the IBM	Public License Version 1.0.
       It was converted	from HTML to POD by software written by	Chas Williams
       and Russ	Allbery, based on work by Alf Wachsmann	and Elizabeth Cassell.

OpenAFS				  2016-12-15		    PTS_CREATEGROUP(1)

NAME | SYNOPSIS | DESCRIPTION | OUTPUT | CAUTIONS | OPTIONS | EXAMPLES | PRIVILEGE REQUIRED | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pts_creategroup&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help