windows-issues-20050925

[openafs.git] / doc / html / AdminReference / auarf217.htm

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records  ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID      -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30                -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved    --> 
<BODY bgcolor="ffffff"> 
<!-- End Header Records  ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf216.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf218.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<P>
<H2><A NAME="HDRPTS_EXAMINE" HREF="auarf002.htm#ToC_231">pts examine</A></H2>
<A NAME="IDX5303"></A>
<A NAME="IDX5304"></A>
<A NAME="IDX5305"></A>
<A NAME="IDX5306"></A>
<A NAME="IDX5307"></A>
<A NAME="IDX5308"></A>
<A NAME="IDX5309"></A>
<A NAME="IDX5310"></A>
<A NAME="IDX5311"></A>
<A NAME="IDX5312"></A>
<A NAME="IDX5313"></A>
<A NAME="IDX5314"></A>
<A NAME="IDX5315"></A>
<A NAME="IDX5316"></A>
<A NAME="IDX5317"></A>
<A NAME="IDX5318"></A>
<A NAME="IDX5319"></A>
<A NAME="IDX5320"></A>
<A NAME="IDX5321"></A>
<A NAME="IDX5322"></A>
<A NAME="IDX5323"></A>
<A NAME="IDX5324"></A>
<A NAME="IDX5325"></A>
<A NAME="IDX5326"></A>
<A NAME="IDX5327"></A>
<A NAME="IDX5328"></A>
<A NAME="IDX5329"></A>
<A NAME="IDX5330"></A>
<A NAME="IDX5331"></A>
<A NAME="IDX5332"></A>
<A NAME="IDX5333"></A>
<A NAME="IDX5334"></A>
<A NAME="IDX5335"></A>
<A NAME="IDX5336"></A>
<A NAME="IDX5337"></A>
<A NAME="IDX5338"></A>
<A NAME="IDX5339"></A>
<A NAME="IDX5340"></A>
<P><STRONG>Purpose</STRONG>
<P>Displays a Protection Database entry
<P><STRONG>Synopsis</STRONG>
<PRE><B>pts examine -nameorid</B> &lt;<VAR>user&nbsp;or&nbsp;group&nbsp;name&nbsp;or&nbsp;id</VAR>><SUP>+</SUP>  [<B>-cell</B> &lt;<VAR>cell&nbsp;name</VAR>>]   
            [<B>-noauth</B>]  [<B>-force</B>]  [<B>-help</B>]
    
<B>pts e -na</B> &lt;<VAR>user&nbsp;or&nbsp;group&nbsp;name&nbsp;or&nbsp;id</VAR>><SUP>+</SUP>  [<B>-c</B> &lt;<VAR>cell&nbsp;name</VAR>>]  [<B>-no</B>]  [<B>-f</B>]  [<B>-h</B>]
   
<B>pts check -na</B> &lt;<VAR>user&nbsp;or&nbsp;group&nbsp;name&nbsp;or&nbsp;id</VAR>><SUP>+</SUP>  [<B>-c</B> &lt;<VAR>cell&nbsp;name</VAR>>]  
          [<B>-no</B>]  [<B>-f</B>]  [<B>-h</B>]
   
<B>pts che -na</B> &lt;<VAR>user&nbsp;or&nbsp;group&nbsp;name&nbsp;or&nbsp;id</VAR>><SUP>+</SUP>  [<B>-c</B> &lt;<VAR>cell&nbsp;name</VAR>>]  
        [<B>-no</B>]  [<B>-f</B>]  [<B>-h</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>pts examine</B> command displays information from the Protection
Database entry of each user, machine or group specified by the
<B>-nameorid</B> argument.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-nameorid
</B><DD>Specifies the name or AFS UID of each user, the name or AFS GID of each
group, or the IP address (complete or wildcard-style) or AFS UID of each
machine for which to display the Protection Database entry. It is
acceptable to mix users, machines, and groups on the same command line, as
well as names (IP addresses for machines) and IDs. Precede the GID of
each group with a hyphen to indicate that it is negative.
<P><DT><B>-cell
</B><DD>Names the cell in which to run the command. For more details, see
the introductory <B>pts</B> reference page.
<P><DT><B>-noauth
</B><DD>Assigns the unprivileged identity <B>anonymous</B> to the
issuer. For more details, see the introductory <B>pts</B> reference
page.
<P><DT><B>-force
</B><DD>Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first
error.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Output</STRONG>
<P>The output for each entry consists of two lines that include the following
fields:
<DL>
<P><DT><B><TT>Name</TT>
</B><DD>The contents of this field depend on the type of entry: 
<UL>
<P><LI>For a user entry, it is the username that the user types when
authenticating with AFS.
<P><LI>For a machine entry, it is either the IP address of a single machine in
dotted decimal format, or a wildcard notation that represents a group of
machines on the same network. See the <B>pts createuser</B>
reference page for an explanation of the wildcard notation.
<P><LI>For a group entry, it is one of two types of group name. If the
name has a colon between the two parts, it represents a regular group and the
part before the prefix reflects the group's owner. A prefix-less
group does not have the owner field or the colon. For more details on
group names, see the <B>pts creategroup</B> reference page.
</UL>
<A NAME="IDX5341"></A>
<A NAME="IDX5342"></A>
<A NAME="IDX5343"></A>
<P><DT><B><TT>id</TT>
</B><DD>A unique number that the AFS server processes use to identify AFS users,
machines and groups. AFS UIDs for user and machine entries are positive
integers, and AFS GIDs for group entries are negative integers. AFS
UIDs and GIDs are similar in function to the UIDs and GIDs used in local file
systems such as UFS, but apply only to AFS operations.
<A NAME="IDX5344"></A>
<A NAME="IDX5345"></A>
<P><DT><B><TT>owner</TT>
</B><DD>The user or group that owns the entry and thus can administer it (change
the values in most of the fields displayed in the output of this command), or
delete it entirely. The Protection Server automatically records the
<B>system:administrators</B> group in this field for user and
machine entries at creation time.
<A NAME="IDX5346"></A>
<P><DT><B><TT>creator</TT>
</B><DD>The user who issued the <B>pts createuser</B> or <B>pts
creategroup</B> command to create the entry. This field serves as an
audit trail, and cannot be changed.
<A NAME="IDX5347"></A>
<P><DT><B><TT>membership</TT>
</B><DD>An integer that for users and machines represents the number of groups to
which the user or machine belongs. For groups, it represents the number
of group members.
<P><DT><B><TT>flags</TT>
</B><DD>A string of five characters, referred to as <I>privacy flags</I>,
which indicate who can display or administer certain aspects of the
entry. 
<DL>
<P><DT><B>s
</B><DD>Controls who can issue the <B>pts examine</B> command to display the
entry.
<P><DT><B>o
</B><DD>Controls who can issue the <B>pts listowned</B> command to display the
groups that a user or group owns.
<P><DT><B>m
</B><DD>Controls who can issue the <B>pts membership</B> command to display
the groups a user or machine belongs to, or which users or machines belong to
a group.
<P><DT><B>a
</B><DD>Controls who can issue the <B>pts adduser</B> command to add a user or
machine to a group. It is meaningful only for groups, but a value must
always be set for it even on user and machine entries.
<P><DT><B>r
</B><DD>Controls who can issue the <B>pts removeuser</B> command to remove a
user or machine from a group. It is meaningful only for groups, but a
value must always be set for it even on user and machine entries.
</DL>
<P>
<P>Each flag can take three possible types of values to enable a different set
of users to issue the corresponding command: 
<UL>
<P><LI>A hyphen (<B>-</B>) designates the members of the
<B>system:administrators</B> group and the entry's
owner. For user entries, it designates the user in addition.
<P><LI>The lowercase version of the letter applies meaningfully to groups only,
and designates members of the group in addition to the individuals designated
by the hyphen.
<P><LI>The uppercase version of the letter designates everyone.
</UL>
<P>
<P>For example, the flags <TT>SOmar</TT> on a group entry indicate that
anyone can examine the group's entry and display the groups that it owns,
and that only the group's members can display, add, or remove its
members. 
<P>The default privacy flags for user and machine entries are
<TT>S----</TT>, meaning that anyone can display the entry. The
ability to perform any other functions is restricted to members of the
<B>system:administrators</B> group and the entry's owner (as
well as the user for a user entry). 
<P>The default privacy flags for group entries are <TT>S-M--</TT>, meaning
that all users can display the entry and the members of the group, but only
the entry owner and members of the <B>system:administrators</B>
group can perform other functions.
<P><DT><B><TT>group quota</TT>
</B><DD>The number of additional groups the user is allowed to create. The
<B>pts createuser</B> command sets it to 20 for both users and machines,
but it has no meaningful interpretation for a machine, because it is not
possible to authenticate as a machine. Similarly, it has no meaning in
group entries and the <B>pts creategroup</B> command sets it to 0
(zero); do not change this value.
<A NAME="IDX5348"></A>
<A NAME="IDX5349"></A>
</DL>
<P><STRONG>Examples</STRONG>
<P>The following example displays the user entry for <B>terry</B> and the
machine entry <B>158.12.105.44</B>.
<PRE>   % <B>pts examine terry 158.12.105.44</B>
   Name: terry, id: 1045, owner: system:administrators, creator: admin, 
     membership: 9, flags: S----, group quota: 15.
   Name: 158.12.105.44, id: 5151, owner: system:administrators, 
     creator: byu, membership: 1, flags: S----, group quota: 20.
   
</PRE>
<P>The following example displays the entries for the AFS groups with GIDs
-673 and -674.
<PRE>   % <B>pts examine -673 -674</B>
   Name: terry:friends, id: -673, owner: terry, creator: terry, 
     membership: 5, flags: S-M--, group quota: 0.
   Name: smith:colleagues, id: -674, owner: smith, creator: smith, 
     membership: 14, flags: SOM--, group quota: 0.
   
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>The required privilege depends on the setting of the first privacy flag in
the Protection Database entry of each entry specified by the
<B>-nameorid</B> argument:
<UL>
<P><LI>If it is lowercase <TT>s</TT>, members of the
<B>system:administrators</B> group and the user associated with a
user entry can examine it, and only members of the
<B>system:administrators</B> group can examine a machine or group
entry.
<P><LI>If it is uppercase <TT>S</TT>, anyone who can access the cell's
database server machines can examine the entry.
</UL>
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf210.htm#HDRPTS_INTRO">pts</A>
<P><A HREF="auarf211.htm#HDRPTS_ADDUSER">pts adduser</A>
<P><A HREF="auarf213.htm#HDRPTS_CHOWN">pts chown</A>
<P><A HREF="auarf214.htm#HDRPTS_CREATEGROUP">pts creategroup</A>
<P><A HREF="auarf215.htm#HDRPTS_CREATEUSER">pts createuser</A>
<P><A HREF="auarf221.htm#HDRPTS_LISTOWNED">pts listowned</A>
<P><A HREF="auarf222.htm#HDRPTS_MEMBERSHIP">pts membership</A>
<P><A HREF="auarf223.htm#HDRPTS_REMOVEUSER">pts removeuser</A>
<P><A HREF="auarf224.htm#HDRPTS_RENAME">pts rename</A>
<P><A HREF="auarf225.htm#HDRPTS_SETFIELDS">pts setfields</A>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf216.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf218.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
<!-- Begin Footer Records  ========================================== -->
<P><HR><B> 
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A>  All Rights Reserved 
</B> 
<!-- End Footer Records  ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>