3 pts creategroup - Creates an (empty) Protection Database group entry
7 pts creategroup B<-name> I<group name> [I<group name> ...]
8 [B<-owner> I<owner of the group>]
9 [B<-id> I<id (negated) for the group> [I<id (negated) for the group> ...]]
10 [B<-cell> I<cell name>]
11 [B<-noauth>] [B<-force>] [B<-help>]
13 pts createg B<-na> I<group name> [I<group name> ...]
14 [B<-o> I<owner of the group>]
15 [B<-i> I<id (negated) for the group> [I<id (negated) for the group> ...]]
17 [B<-no>] [B<-f>] [B<-h>]
19 pts cg B<-na> I<group name> [I<group name> ...]
20 [B<-o> I<owner of the group>]
21 [B<-i> I<id (negated) for the group> [I<id (negated) for the group> ...]]
22 [B<-c> I<cell name>] [B<-no>] [B<-f>] [B<-h>]
26 The C<pts creategroup> command creates an entry in the Protection
27 Database for each group specified by the B<-name> argument. The entry
28 records the issuer of the command as the group's creator, and as the
29 group's owner unless the B<-owner> argument names an alternate user or
31 There are two types of groups:
37 regular, the names of which have two parts separated by a colon.
38 The part before the colon names the group's owner. Any user can
43 prefix-less, which do not have an owner prefix. Only members of
44 the system:administrators group can create prefix-less groups.
48 Creating a group lowers the issuer's group-creation quota by one. This
49 is true even if the B<-owner> argument is used to assign ownership to an
50 alternate user or group. To display a user's group-creation quota, use
51 the pts examine command; to set it, use the pts setfields command.
52 AFS group ID (AFS GID) numbers are negative integers and by default
53 the Protection Server assigns a GID that is one less (more negative)
54 than the current value of the max group id counter in the Protection
55 Database, decrementing the counter by one for each group. Members of
56 the system:administrators group can use the B<-id> argument to assign
57 specific AFS GID numbers. If any of the specified GIDs is lower (more
58 negative) than the current value of the max group id counter, the
59 counter is reset to that value. It is acceptable to specify a GID
60 greater (less negative) than the current value of the counter, but the
61 creation operation fails if an existing group already has it. To
62 display or set the value of the max group id counter, use the pts
63 listmax or pts setmax command, respectively.
69 =item B<-name> I<group name> [I<group name> ...]
71 Specifies the name of each group to create. Provide a string of
72 up to 63 characters, which can include lowercase (but not
73 uppercase) letters, numbers, and punctuation marks. A regular
74 name includes a single colon (:) to separate the two parts of
75 the name; the colon cannot appear in a prefix-less group name.
76 A regular group's name must have the following format:
77 owner_name:group_name and the owner_name field must reflect the
78 actual owner of the group, as follows:
84 If the optional B<-owner> argument is not included, the field
85 must match the AFS username under which the issuer is
86 currently authenticated.
90 If the B<-owner> argument names an alternate AFS user, the field
91 must match that AFS username.
95 If the B<-owner> argument names another regular group, the field
96 must match the owning group's owner field (the part of its
97 name before the colon). If the B<-owner> argument names a
98 prefix-less group, the field must match the owning group's
104 =item B<-owner> I<owner of the group>
106 Specifies a user or group as the owner for each group, rather
107 than the issuer of the command. Provide either an AFS username
108 or the name of a regular or prefix-less group. An owning group
109 must already have at least one member. This requirement
110 prevents assignment of self-ownership to a group during its
111 creation; use the C<pts chown> command after issuing this command,
114 =item B<-id> I<id (negated) for the group> [I<id (negated) for the group> ...]
116 Specifies a negative integer AFS GID number for each group,
117 rather than allowing the Protection Server to assign it.
118 Precede the integer with a hyphen (-) to indicate that it is
119 negative. If this argument is used and the B<-name> argument names multiple
120 new groups, it is best to provide an equivalent number of AFS
121 GIDs. The first GID is assigned to the first group, the second
122 to the second group, and so on. If there are fewer GIDs than
123 groups, the Protection Server assigns GIDs to the unmatched
124 groups based on the max group id counter. If there are more
125 GIDs than groups, the excess GIDs are ignored. If any of the
126 GIDs is lower (more negative) than the current value of the max
127 group id counter, the counter is reset to that value.
129 =item B<-cell> I<cell name>
131 Names the cell in which to run the command. For more details,
132 see the introductory L<pts(1)> reference page.
136 Assigns the unprivileged identity anonymous to the issuer. For
137 more details, see the introductory L<pts(1)> reference page.
141 Enables the command to continue executing as far as possible
142 when errors or other problems occur, rather than halting
143 execution at the first error.
147 Prints the online help for this command. All other valid
154 The command generates the following string to confirm creation of each
156 group name has id AFS GID
160 In the following example, the user pat creates groups called
161 pat:friends and pat:colleagues.
163 pts creategroup -name pat:friends pat:colleagues
165 The following example shows a member of the system:administrators
166 group creating the prefix-less group staff and assigning its ownership
167 to the system:administrators group rather than to herself.
169 pts creategroup -name staff -owner system:administrators
171 In the following example, the user pat creates a group called
172 smith:team-members, which is allowed because the -owner argument
173 specifies the required value (smith).
175 pts creategroup -name smith:team-members -owner smith
177 =head1 PRIVILEGE REQUIRED
179 The issuer must belong to the system:administrators group to create
180 prefix-less groups or include the B<-id> argument.
181 To create a regular group, the issuer must
187 Be authenticated. The command fails if the B<-noauth> flag is
192 Have a group-creation quota greater than zero. The C<pts examine>
193 command displays this quota.
199 Although using the -owner argument to designate a machine entry as a
200 group's owner does not generate an error, it is not recommended. The
201 Protection Server does not extend the usual privileges of group
202 ownership to users logged onto the machine.
206 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
208 Converted from html to pod by Alf Wachsmann <alfw@slac.stanford.edu>, 2003,
209 Stanford Linear Accelerator Center, a department of Stanford University.