pod-man-pages-20051015

[openafs.git] / doc / man-pages / pod / pts_adduser.pod

=head1 NAME

pts adduser - Add a user or machine to a Protection Database group

=head1 SYNOPSIS

pts adduser B<-user> I<user> [I<user> ...] B<-group> I<group> [I<group>
...] [B<-cell> I<cell>] [B<-noauth>] [B<-force>] [B<-help>]

pts ad B<-u> I<user> [I<user> ...] B<-g> I<group> [I<group> ...] [B<-c>
I<cell>] [B<-n>] [B<-f>] [B<-h>]

=head1 DESCRIPTION

The C<pts adduser> command adds each user or machine entry named by the
B<-user> argument as a member of each group named by the B<-group>
argument.

To remove members of a group, use the C<pts removeuser> command.  To list
the groups to which a user or machine belongs, or the members of a
specified group, use the C<pts membership> command.

If no explicit B<-user> or B<-group> flags are given, the first argument
to C<pts adduser> is taken to be the user and the second argument is taken
to be the group to which to add that user.  For any more complex
operation, the explicit flags must be provided.

=head1 OPTIONS

=over 4

=item B<-user> I<user> [I<user> ...]

Specifies the name of each user or machine entry to add to each group
named by the B<-group> argument.  The name of a machine entry resembles an
IP address and can use the wildcard notation described on the C<pts
createuser> reference page.  The user or machine entry must already exist
in the Protection Database.

=item B<-group> I<group> [I<group> ...]

Specifies the complete name (including the owner prefix if applicable) of
each group to which to add members.  The group entry must already exist in
the Protection Database.

=item B<-cell> I<cell>

Names the cell in which to run the command.  For more details, see the
introductory L<pts(1)> reference page.

=item B<-noauth>

Assigns the unprivileged identity anonymous to the issuer.  For more
details, see the introductory L<pts(1)> reference page.

=item B<-force>

Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.

=item B<-help>

Prints the online help for this command.  All other valid options are
ignored.

=back

=head1 EXAMPLES

The following example adds user smith to the group system:administrators.

    pts adduser -user smith -group system:administrators

The following example adds users jones, terry, and pat to the
smith:colleagues group.

    pts adduser -user jones terry pat -group smith:colleagues

The following example adds the machine entries in the ABC Corporation
subnet to the group bin-prot.  Because of the IP address range of the ABC
Corporation subnet, the system administrator was able to group the
machines into three machine entries (using the wildcard notation discussed
on the C<pts createuser> reference page).

    pts adduser -user 138.255.0.0 192.12.105.0 -group bin-prot

=head1 PRIVILEGE REQUIRED

The required privilege depends on the setting of the fourth privacy flag
in the Protection Database entry for each group named by the B<-group>
argument (use the C<pts examine> command to display the flags):

=over 4

=item *

If it is the hyphen, only the group's owner and members of the
system:administrators group can add members.

=item *

If it is lowercase a, current members of the group can add new members.

=item *

If it is uppercase A, anyone who can access the cell's database server
machines can add new members.

=back

=head1 CAVEATS

After being added as a group member, a currently authenticated user must
reauthenticate (for example, by issuing the B<klog> command) to obtain
permissions granted to the group on an access control list (ACL).

=head1 SEE ALSO

L<pts(1)>,
L<pts_createuser(1)>,
L<pts_examine(1)>,
L<pts_membership(1)>,
L<pts_removeuser(1)>,
L<pts_setfields(1)>

=cut