1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
10 TITLE="AFS User Guide"
11 HREF="book1.html"><LINK
13 TITLE="Protecting Your Directories and Files"
14 HREF="c1444.html"><LINK
16 TITLE="Troubleshooting"
17 HREF="c3402.html"></HEAD
28 SUMMARY="Header navigation table"
37 >AFS User Guide: Version 3.6</TH
74 >Chapter 5. Using Groups</H1
76 >This chapter explains how to create groups and discusses different ways to use them.</P
92 > is a list of specific users that you can place on access control lists (ACLs). Groups
93 make it much easier to maintain ACLs. Instead of creating an ACL entry for every user individually, you create one entry for a
94 group to which the users belong. Similarly, you can grant a user access to many directories at once by adding the user to a
95 group that appears on the relevant ACLs.</P
97 >AFS client machines can also belong to a group. Anyone logged into the machine inherits the permissions granted to the
98 group on an ACL, even if they are not authenticated with AFS. In general, groups of machines are useful only to system
99 administrators, for specialized purposes like complying with licensing agreements your cell has with software vendors. Talk with
100 your system administrator before putting a client machine in a group or using a machine group on an ACL. </P
102 >To learn about AFS file protection and how to add groups to ACLs, see <A
104 >Protecting Your Directories
113 >Suggestions for Using Groups Effectively</A
116 >There are three typical ways to use groups, each suited to a particular purpose: private use, shared use, and group use.
117 The following are only suggestions. You are free to use groups in any way you choose.</P
127 >: you create a group and place it on the ACL of directories you own, without
128 necessarily informing the group's members that they belong to it. Members notice only that they can or cannot access the
129 directory in a certain way. You retain sole administrative control over the group, since you are the owner. </P
131 >The existence of the group and the identity of its members is not necessarily secret. Other users can see the
132 group's name on an ACL when they use the <SPAN
138 > command, and can use the <SPAN
144 > command to display + the groups to which they themselves belong. You can, however,
145 limit who can display the members of the group, as described in <A
146 HREF="c2454.html#HDRWQ74"
147 >Protecting Group-Related
159 >: you inform the group's members that they belong to the group, but you are the
160 group's sole owner and administrator. For example, the manager of a work group can create a group of all the members in
161 the work group, and encourage them to use it on the ACLs of directories that house information they want to share with
162 other members of the group. <DIV
169 >If you place a group owned by someone else on your ACLs, the group's owner can change the group's membership
170 without informing you. Someone new can gain or lose access in a way you did not intend and without your
184 >: you create a group and then use the <SPAN
191 command to assign ownership to a group--either another group or the group itself (the latter type is a
198 > group). You inform the members of the owning group that they all can administer the owned
199 group. For instructions for the <SPAN
206 HREF="c2454.html#HDRWQ73"
211 >The main advantage of designating a group as an owner is that several people share responsibility for administering
212 the group. A single person does not have to perform all administrative tasks, and if the group's original owner leaves the
213 cell, there are still other people who can administer it.</P
215 >However, everyone in the owner group can make changes that affect others negatively: adding or removing people from
216 the group inappropriately or changing the group's ownership to themselves exclusively. These problems can be particularly
217 sensitive in a self-owned group. Using an owner group works best if all the members know and trust each other; it is
218 probably wise to keep the number of people in an owner group small.</P
231 >The groups you create must have names with two parts, in the following format:</P
250 > prefix indicates which user or group owns the group (naming rules appear in
252 HREF="c2454.html#HDRWQ69"
253 >To Create a Group</A
257 > part indicates the group's
258 purpose or its members' common interest. Group names must always be typed in full, so a short
262 > is most practical. However, names like <SPAN
275 > that do not indicate the group's purpose are less useful than names like <SPAN
283 >Groups that do not have the <VAR
286 > prefix possibly appear on some ACLs; they are created
287 by system administrators only. All of the groups you create must have an <VAR
298 >Group-creation Quota</A
301 >By default, you can create 20 groups, but your system administrators can change your <SPAN
308 > if appropriate. When you create a group, your group quota decrements by one. When a group that you created is
309 deleted, your quota increments by one, even if you are no longer the owner. You cannot increase your quota by transferring
310 ownership of a group to someone else, because you are always recorded as the creator.</P
312 >If you exhaust your group-creation quota and need to create more groups, ask your system administrator. For instructions
313 for displaying your group-creation quota, see <A
314 HREF="c2454.html#HDRWQ67"
315 >To Display A Group Entry</A
325 >Displaying Group Information</A
328 >You can use the following commands to display information about groups and the users who belong to them:</P
332 >To display the members of a group, or the groups to which a user belongs, use the <SPAN
343 >To display the groups that a user or group owns, use the <SPAN
354 >To display general information about a user or group, including its name, AFS ID, creator, and owner, use the
384 do not appear in a user's list of group memberships, and the <SPAN
391 display their members. For more information on the system groups, see <A
392 HREF="c1444.html#HDRWQ50"
393 >Using the System Groups on
404 >To Display Group Membership</A
413 > command to display the members of a group, or the groups to
414 which a user belongs.</P
416 CLASS="programlisting"
425 >user or group name or id</VAR
433 >user or group name or id</VAR
434 > specifies the name or AFS UID of each user for which to
435 display group membership, or the name or AFS GID of each group for which to display the members. If identifying a group by its
436 AFS GID, precede the GID with a hyphen (<SPAN
442 >) to indicate that it is a negative number.</P
450 >Example: Displaying the Members of a Group</A
453 >The following example displays the members of the group <SPAN
461 CLASS="programlisting"
466 >pts membership terry:team</B
469 Members of terry:team (id: -286) are:
482 >Example: Displaying the Groups to Which a User Belongs</A
485 >The following example displays the groups to which users <SPAN
499 CLASS="programlisting"
504 >pts membership terry pat</B
507 Groups terry (id: 1022) is a member of:
511 Groups pat (id: 1845) is a member of:
523 >To Display the Groups a User or Group Owns</A
532 > command to display the groups that a user or group owns.</P
534 CLASS="programlisting"
543 >user or group name or id</VAR
551 >user or group name or id</VAR
552 > specifies the name or AFS UID of each user, or the name or AFS
553 GID of each group, for which to display group ownership. If identifying a group by its AFS GID, precede the GID with a hyphen
560 >) to indicate that it is a negative number.</P
568 >Example: Displaying the Groups a Group Owns</A
571 >The following example displays the groups that the group <SPAN
579 CLASS="programlisting"
584 >pts listowned -286</B
587 Groups owned by terry:team (id: -286) are:
598 >Example: Displaying the Groups a User Owns</A
601 >The following example displays the groups that user <SPAN
609 CLASS="programlisting"
614 >pts listowned pat</B
617 Groups owned by pat (id: 1845) are:
629 >To Display A Group Entry</A
638 > command to display general information about a user or group,
639 including its name, AFS ID, creator, and owner.</P
641 CLASS="programlisting"
650 >user or group name or id</VAR
658 >user or group name or id</VAR
659 > specifies the name or AFS UID of each user, or the name or AFS
660 GID of each group, for which to display group-related information. If identifying a group by its AFS GID, precede the GID with
667 >) to indicate that it is a negative number.</P
669 >The output includes information in the following fields:</P
679 CLASS="computeroutput"
686 >For users, this is the character string typed when logging in. For machines, the name is the IP address; a zero in
687 address field acts as a wildcard, matching any value. For most groups, this is a name of the form
701 groups created by your system administrator do not have the <VAR
705 HREF="c2454.html#HDRWQ63"
715 CLASS="computeroutput"
722 >This is a unique identification number that the AFS server processes use internally. It is similar in function to
723 a UNIX UID, but operates in AFS rather than the UNIX file system. Users and machines have positive integer AFS user IDs
724 (UIDs), and groups have negative integer AFS group IDs (GIDs). </P
732 CLASS="computeroutput"
739 >This is the user or group that owns the entry and so can administer it.</P
747 CLASS="computeroutput"
754 >The name of the user who issued the <SPAN
767 > command to create the entry. This field is useful mainly as an audit trail and cannot be
776 CLASS="computeroutput"
783 >For users and machines, this indicates how many groups the user or machine belongs to. For groups, it indicates
784 how many members belong to the group. This number cannot be set explicitly.</P
792 CLASS="computeroutput"
799 >This field indicates who is allowed to list certain information about the entry or change it in certain ways. See
801 HREF="c2454.html#HDRWQ74"
802 >Protecting Group-Related Information</A
811 CLASS="computeroutput"
818 >This field indicates how many more groups a user is allowed to create. It is set to 20 when a user entry is
819 created. The creation quota for machines or groups is meaningless because it not possible to authenticate as a machine
831 >Example: Listing Information about a Group</A
834 >The following example displays information about the group <SPAN
841 includes members of the department that <SPAN
847 > manages. Notice that the group is self-owned,
848 which means that all of its members can administer it.</P
850 CLASS="programlisting"
855 >pts examine pat:accounting</B
858 Name: pat:accounting, id: -673, owner: pat:accounting, creator: pat,
859 membership: 15, flags: S-M--, group quota: 0
868 >Example: Listing Group Information about a User</A
871 >The following example displays group-related information about user <SPAN
878 interesting fields are <SAMP
879 CLASS="computeroutput"
881 >, which shows that <SPAN
888 belongs to 12 groups, and <SAMP
889 CLASS="computeroutput"
891 >, which shows that <SPAN
898 can create another 17 groups.</P
900 CLASS="programlisting"
908 Name: pat, id: 1045, owner: system:administrators, creator: admin,
909 membership: 12, flags: S-M--, group quota: 17
919 >Creating Groups and Adding Members</A
928 > command to create a group and the <SPAN
935 > command to add members to it. Users and machines can belong to groups, but other groups cannot.</P
937 >When you create a group, you normally become its owner automatically. This means you alone can administer it: add and
938 remove members, change the group's name, transfer ownership of the group, or delete the group entirely. If you wish, you can
939 designate another owner when you create the group, by including the <SPAN
952 > command. If you assign ownership to another group, the owning group must
953 already exist and have at least one member. You can also change a group's ownership after creating it by using the <SPAN
959 > command as described in <A
960 HREF="c2454.html#HDRWQ72"
961 >Changing a Group's Owner or Name</A
969 >To Create a Group</A
978 > command to create a group. Your group-creation quota
979 decrements by one for each group.</P
981 CLASS="programlisting"
986 >pts creategroup -name</B
999 >owner of the group</VAR
1005 CLASS="variablelist"
1017 >Is an alias for <SPAN
1030 shortest acceptable abbreviation).</P
1042 >Names each group to create. The name must have the following format:</P
1061 > prefix must accurately indicate the group's owner. By default, you are
1062 recorded as the owner, and the <VAR
1065 > must be your AFS username. You can include the
1072 > argument to designate another AFS user or group as the owner, as long as you
1073 provide the required value in the <VAR
1080 >If the owner is a user, it must be the AFS username.</P
1084 >If the owner is another regular group, it must match the owning group's <VAR
1088 field. For example, if the owner is the group <SPAN
1092 >terry:associates</B
1105 >If the owner is a group without an <VAR
1108 > prefix, it must be the owning group's
1113 >The name can include up to 63 characters including the colon. Use numbers and lowercase letters, but no spaces or
1114 punctuation characters other than the colon.</P
1126 >Is optional and assigns ownership to a user other than yourself, or to a group. If you specify a group, it must
1127 already exist and have at least one member. (This means that to make a group self-owned, you must issue the <SPAN
1133 > command after using this command to create the group, and the <SPAN
1140 > command to add a member. See <A
1141 HREF="c2454.html#HDRWQ72"
1142 >Changing a Group's Owner or Name</A
1145 >Do not name a machine as the owner. Because no one can authenticate as a machine, there is no way to administer a
1146 group owned by a machine.</P
1157 >Example: Creating a Group</A
1162 >In the following example user <SPAN
1168 > creates a group to include all the other users in
1169 his work team, and then examines the new group entry.</P
1171 CLASS="programlisting"
1176 >pts creategroup terry:team</B
1179 group terry:team has id -286
1184 >pts examine terry:team</B
1187 Name: terry:team, id: -286, owner: terry, creator: terry,
1188 membership: 0, flags: S----, group quota: 0.
1197 >To Add Members to a Group</A
1206 > command to add one or more users to one or more groups. You can
1207 always add members to a group you own (either directly or because you belong to the owning group). If you belong to a group,
1208 you can add members if its fourth privacy flag is the lowercase letter <SPAN
1215 HREF="c2454.html#HDRWQ74"
1216 >Protecting Group-Related Information</A
1219 CLASS="programlisting"
1224 >pts adduser -user</B
1245 >You must add yourself to groups that you own, if that is appropriate. You do not belong automatically just because you
1254 >If you already have a token when you are added to a group, you must issue the <SPAN
1261 command to reauthenticate before you can exercise the permissions granted to the group on ACLs.</P
1267 CLASS="variablelist"
1279 >Specifies the username of each user to add to the groups named by the <SPAN
1286 argument. Groups cannot belong to other groups.</P
1298 >Names each group to which to add users.</P
1309 >Example: Adding Members to a Group</A
1312 >In this example, user <SPAN
1318 > adds himself, <SPAN
1337 > to the group he just created, <SPAN
1343 >, and then verifies the new list of members.</P
1345 CLASS="programlisting"
1350 >pts adduser -user terry pat indira smith -group terry:team</B
1357 >pts members terry:team</B
1360 Members of terry:team (id: -286) are:
1374 >Removing Users from a Group and Deleting a Group</A
1377 >You can use the following commands to remove groups and their members:</P
1381 >To remove a user from a group, use the <SPAN
1391 >To delete a group entirely, use the <SPAN
1401 >To remove deleted groups from ACLs, use the <SPAN
1411 >When a group that you created is deleted, your group-creation quota increments by one, even if you no longer own the
1414 >When a group or user is deleted, its AFS ID appears on ACLs in place of its AFS name. You can use the <SPAN
1420 > command to remove these obsolete entries from ACLs on which you have the <SPAN
1439 >To Remove Members from a Group</A
1448 > command to remove one or more members from one or more groups.
1449 You can always remove members from a group that you own (either directly or because you belong to the owning group). If you
1450 belong to a group, you can remove members if its fifth privacy flag is the lowercase letter <SPAN
1457 HREF="c2454.html#HDRWQ74"
1458 >Protecting Group-Related Information</A
1459 >. (To display a group's
1460 owner, use the <SPAN
1466 > command as described in <A
1467 HREF="c2454.html#HDRWQ67"
1472 CLASS="programlisting"
1477 >pts removeuser -user</B
1500 CLASS="variablelist"
1512 >Specifies the username of each user to remove from the groups named by the <SPAN
1531 >Names each group from which to remove users.</P
1542 >Example: Removing Group Members</A
1545 >The following example removes user <SPAN
1551 > from both the <SPAN
1565 CLASS="programlisting"
1570 >pts removeuser pat -group terry:team terry:friends</B
1581 >To Delete a Group</A
1590 > command to delete a group. You can always delete a group that you
1591 own (either directly or because you belong to the owning group). To display a group's owner, use the <SPAN
1598 > command as described in <A
1599 HREF="c2454.html#HDRWQ67"
1600 >To Display A Group Entry</A
1603 CLASS="programlisting"
1612 >user or group name or id</VAR
1620 >user or group name or id</VAR
1621 > specifies the name or AFS UID of each user, or the name or AFS
1622 GID of each group, to delete. If identifying a group by its AFS GID, precede the GID with a hyphen (<SPAN
1628 >) to indicate that it is a negative number.</P
1636 >Example: Deleting a Group</A
1641 >In the following example, the group <SPAN
1649 CLASS="programlisting"
1654 >pts delete terry:team</B
1665 >To Remove Obsolete ACL Entries</A
1674 > command to remove obsolete entries from ACLs after the
1675 corresponding user or group has been deleted.</P
1677 CLASS="programlisting"
1695 > name each directory for which to clean the ACL. If you omit this
1696 argument, the current working directory's ACL is cleaned.</P
1706 >Example: Removing an Obsolete ACL Entry</A
1709 >After the group <SPAN
1715 > is deleted, its AFS GID (-286) appears on ACLs instead of
1716 its name. In this example, user <SPAN
1722 > cleans it from the ACL on the plans directory in his
1725 CLASS="programlisting"
1730 >fs listacl plans</B
1733 Access list for plans is
1742 >fs cleanacl plans</B
1749 >fs listacl plans</B
1752 Access list for plans is
1765 >Changing a Group's Owner or Name</A
1768 >To change a group's owner, use the <SPAN
1774 > command. To change its name, use the
1783 >You can change the owner or name of a group that you own (either directly or because you belong to the owning group). You
1784 can assign group ownership to another user, another group, or the group itself. If you are not already a member of the group and
1785 need to be, use the <SPAN
1791 > command before transferring ownership, following the
1793 HREF="c2454.html#HDRWQ70"
1794 >To Add Members to a Group</A
1803 > command automatically changes a group's
1807 > prefix to indicate the new owner. If the new owner is a group, only its
1811 > prefix is used, not its entire name. However, the change in
1815 > prefix command does not propagate to any groups owned by the group whose owner is
1816 changing. If you want their <VAR
1819 > prefixes to indicate the correct owner, you must use the
1828 >Otherwise, you normally use the <SPAN
1834 > command to change only the
1838 > part of a group name (the part that follows the colon). You can change the
1842 > prefix only to reflect the actual owner.</P
1849 >To Change a Group's Owner</A
1858 > command to change a group's name.</P
1860 CLASS="programlisting"
1878 CLASS="variablelist"
1893 >Specifies the current name of the group to which to assign a new owner.</P
1908 >Names the user or group that is to own the group.</P
1919 >Example: Changing a Group's Owner to Another User</A
1922 >In the following example, user <SPAN
1928 > transfers ownership of the group <SPAN
1940 >. Its name changes automatically to <SPAN
1946 >, as confirmed by the <SPAN
1954 CLASS="programlisting"
1959 >pts chown pat:staff terry</B
1966 >pts examine terry:staff</B
1969 Name: terry:staff, id: -534, owner: terry, creator: pat,
1970 membership: 15, flags: SOm--, group quota: 0.
1979 >Example: Changing a Group's Owner to Itself</A
1982 >In the following example, user <SPAN
1994 > group a self-owned group. Its name does not change because its
1998 > prefix is already <SPAN
2006 CLASS="programlisting"
2011 >pts chown terry:team terry:team</B
2018 >pts examine terry:team</B
2021 Name: terry:team, id: -286, owner: terry:team, creator: terry,
2022 membership: 6, flags: SOm--, group quota: 0.
2031 >Example: Changing a Group's Owner to a Group</A
2034 >In this example, user <SPAN
2040 > transfers ownership of the group <SPAN
2046 > to the group <SPAN
2052 >. Its name changes automatically to
2069 > prefix of the group that now owns it. The <SPAN
2076 command displays the group's status before and after the change.</P
2078 CLASS="programlisting"
2083 >pts examine sam:project</B
2086 Name: sam:project, id: -522, owner: sam, creator: sam,
2087 membership: 33, flags: SOm--, group quota: 0.
2092 >pts chown sam:project smith:cpa</B
2099 >pts examine smith:project</B
2102 Name: smith:project, id: -522, owner: smith:cpa, creator: sam,
2103 membership: 33, flags: SOm--, group quota: 0.
2112 >To Change a Group's Name</A
2121 > command to change a group's name.</P
2123 CLASS="programlisting"
2141 CLASS="variablelist"
2156 >Specifies the group's current name.</P
2171 >Specifies the complete new name to assign to the group. The <VAR
2175 correctly indicate the group's owner.</P
2186 >Example: Changing a Group's <VAR
2192 >The following example changes the name of the <SPAN
2202 >smith:fiscal-closing</B
2207 > prefix remains <SPAN
2213 > because its owner is not changing.</P
2215 CLASS="programlisting"
2220 >pts examine smith:project</B
2223 Name: smith:project, id: -522, owner: smith:cpa, creator: sam,
2224 membership: 33, flags: SOm--, group quota: 0.
2229 >pts rename smith:project smith:fiscal-closing</B
2236 >pts examine smith:fiscal-closing</B
2239 Name: smith:fiscal-closing, id: -522, owner: smith:cpa, creator: sam,
2240 membership: 33, flags: SOm--, group quota: 0.
2249 >Example: Changing a Group's <VAR
2255 >In a previous example, user <SPAN
2261 > transferred ownership of the group <SPAN
2273 >. Its name changed automatically to <SPAN
2279 >. However, a group that <SPAN
2285 > owns is still called
2292 >, because the change to a group's <VAR
2302 > command does not propagate to any groups it owns. In this example, a
2322 > to reflect its actual ownership.</P
2324 CLASS="programlisting"
2329 >pts examine pat:plans</B
2332 Name: pat:plans, id: -535, owner: terry:staff, creator: pat,
2333 membership: 8, flags: SOm--, group quota: 0.
2338 >pts rename pat:plans terry:plans</B
2345 >pts examine terry:plans</B
2348 Name: terry:plans, id: -535, owner: terry:staff, creator: pat,
2349 membership: 8, flags: SOm--, group quota: 0.
2359 >Protecting Group-Related Information</A
2368 > control who can administer it in various ways. The privacy flags appear in
2370 CLASS="computeroutput"
2372 > field of the output from the <SPAN
2380 HREF="c2454.html#HDRWQ67"
2381 >To Display A Group Entry</A
2382 >. To set the privacy flags for a group you own, use the
2389 > command as instructed in <A
2390 HREF="c2454.html#HDRWQ75"
2391 >To Set a Group's Privacy
2399 NAME="HDRPRIVACY-FLAGS"
2400 >Interpreting the Privacy Flags</A
2403 >The five privacy flags always appear, and always must be set, in the following order:</P
2405 CLASS="variablelist"
2417 >Controls who can issue the <SPAN
2423 > command to display the entry.</P
2435 >Controls who can issue the <SPAN
2441 > command to list the groups that a user
2454 >Controls who can issue the <SPAN
2460 > command to list the groups a user or
2461 machine belongs to, or which users or machines belong to a group.</P
2473 >Controls who can issue the <SPAN
2479 > command to add a user or machine to a
2492 >Controls who can issue the <SPAN
2498 > command to remove a user or machine
2504 >Each flag can take three possible types of values to enable a different set of users to issue the corresponding
2515 >) means that the group's owner can issue the command, along with the
2516 administrators who belong to the <SPAN
2520 >system:administrators</B
2526 >The lowercase version of the letter means that members of the group can issue the command, along with the users
2527 indicated by the hyphen.</P
2531 >The uppercase version of the letter means that anyone can issue the command.</P
2535 >For example, the flags <SAMP
2536 CLASS="computeroutput"
2538 > on a group entry indicate that anyone can examine the
2539 group's entry and list the groups that it owns, and that only the group's members can list, add, or remove its members.</P
2541 >The default privacy flags for groups are <SAMP
2542 CLASS="computeroutput"
2544 >, meaning that anyone can display the
2545 entry and list the members of the group, but only the group's owner and members of the <SPAN
2549 >system:administrators</B
2551 > group can perform other functions.</P
2559 >To Set a Group's Privacy Flags</A
2568 > command to set the privacy flags on one or more groups.</P
2570 CLASS="programlisting"
2575 >pts setfields -nameorid</B
2579 >user or group name or id</VAR
2591 >set privacy flags</VAR
2597 CLASS="variablelist"
2609 >Specifies the name or AFS GID of each group for which to set the privacy flags. If identifying a group by its AFS
2610 GID, precede the GID with a hyphen (<SPAN
2616 >) to indicate that it is a negative number.</P
2628 >Specifies the privacy flags to set for each group. Observe the following rules:</P
2632 >Provide a value for all five flags in the order <SPAN
2642 >Set the first flag to lowercase <SPAN
2648 > or uppercase <SPAN
2658 >Set the second flag to the hyphen (<SPAN
2664 >) or uppercase <SPAN
2670 > only. For groups, AFS interprets the hyphen as equivalent to lowercase <SPAN
2676 > (that is, members of a group can always list the groups that it owns).</P
2680 >Set the third flag to the hyphen (<SPAN
2692 >, or uppercase <SPAN
2702 >Set the fourth flag to the hyphen (<SPAN
2714 >, or uppercase <SPAN
2720 >. The uppercase <SPAN
2726 > is not a secure choice, because it permits anyone to add members to the group.</P
2730 >Set the fifth flag to the hyphen (<SPAN
2736 >) or lowercase <SPAN
2755 >Example: Setting a Group's Privacy Flags</A
2758 >The following example sets the privacy flags on the <SPAN
2765 indicated pattern of administrative privilege.</P
2767 CLASS="programlisting"
2772 >pts setfields terry:team -access SOm--</B
2780 >Everyone can issue the <SPAN
2786 > command to display general information about it
2797 >Everyone can issue the <SPAN
2803 > command to display the groups it owns
2814 >The members of the group can issue the <SPAN
2820 > command to display the
2821 group's members (lowercase <SPAN
2831 >Only the group's owner, user <SPAN
2837 >, can issue the <SPAN
2844 > command to add members (the hyphen).</P
2848 >Only the group's owner, user <SPAN
2854 >, can issue the <SPAN
2861 > command to remove members (the hyphen).</P
2872 SUMMARY="Footer navigation table"
2911 >Protecting Your Directories and Files</TD
2921 >Troubleshooting</TD