From a792acdadc8fe6e7354be4c23e60c795b3b4f109 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Thu, 15 Jul 2010 17:21:26 -0700 Subject: [PATCH] Add include method for POD documentation Add a preprocessor for POD documentation that handles a custom =include directive. Demonstrate how to use the preprocessor by factoring out all the standard PTS options into a separate POD fragment and including that fragment in all the PTS commands that take the standard options instead of including that documentation in each separate file. Change-Id: If5255efc6d3fc670b38a9898b3d7d3c60af04fcf Reviewed-on: http://gerrit.openafs.org/2440 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- doc/man-pages/check-pod | 2 +- doc/man-pages/merge-pod | 44 +++++ doc/man-pages/pod1/.gitignore | 22 +++ doc/man-pages/pod1/fragments/pts-common.pod | 25 +++ doc/man-pages/pod1/pts_adduser.pod | 141 ------------- doc/man-pages/pod1/pts_adduser.pod.in | 115 +++++++++++ doc/man-pages/pod1/pts_chown.pod | 113 ----------- doc/man-pages/pod1/pts_chown.pod.in | 89 +++++++++ doc/man-pages/pod1/pts_creategroup.pod | 228 ---------------------- doc/man-pages/pod1/pts_creategroup.pod.in | 204 +++++++++++++++++++ doc/man-pages/pod1/pts_createuser.pod | 195 ------------------ doc/man-pages/pod1/pts_createuser.pod.in | 171 ++++++++++++++++ doc/man-pages/pod1/pts_delete.pod | 122 ------------ doc/man-pages/pod1/pts_delete.pod.in | 98 ++++++++++ doc/man-pages/pod1/pts_examine.pod | 293 ---------------------------- doc/man-pages/pod1/pts_examine.pod.in | 269 +++++++++++++++++++++++++ doc/man-pages/pod1/pts_interactive.pod | 132 ------------- doc/man-pages/pod1/pts_interactive.pod.in | 111 +++++++++++ doc/man-pages/pod1/pts_listentries.pod | 133 ------------- doc/man-pages/pod1/pts_listentries.pod.in | 109 +++++++++++ doc/man-pages/pod1/pts_listmax.pod | 94 --------- doc/man-pages/pod1/pts_listmax.pod.in | 70 +++++++ doc/man-pages/pod1/pts_listowned.pod | 145 -------------- doc/man-pages/pod1/pts_listowned.pod.in | 121 ++++++++++++ doc/man-pages/pod1/pts_membership.pod | 247 ----------------------- doc/man-pages/pod1/pts_membership.pod.in | 223 +++++++++++++++++++++ doc/man-pages/pod1/pts_quit.pod | 84 -------- doc/man-pages/pod1/pts_quit.pod.in | 65 ++++++ doc/man-pages/pod1/pts_removeuser.pod | 127 ------------ doc/man-pages/pod1/pts_removeuser.pod.in | 103 ++++++++++ doc/man-pages/pod1/pts_rename.pod | 125 ------------ doc/man-pages/pod1/pts_rename.pod.in | 101 ++++++++++ doc/man-pages/pod1/pts_setfields.pod | 265 ------------------------- doc/man-pages/pod1/pts_setfields.pod.in | 241 +++++++++++++++++++++++ doc/man-pages/pod1/pts_setmax.pod | 101 ---------- doc/man-pages/pod1/pts_setmax.pod.in | 77 ++++++++ doc/man-pages/pod1/pts_sleep.pod | 88 --------- doc/man-pages/pod1/pts_sleep.pod.in | 69 +++++++ doc/man-pages/pod1/pts_source.pod | 97 --------- doc/man-pages/pod1/pts_source.pod.in | 72 +++++++ regen.sh | 1 + 41 files changed, 2401 insertions(+), 2731 deletions(-) create mode 100755 doc/man-pages/merge-pod create mode 100644 doc/man-pages/pod1/.gitignore create mode 100644 doc/man-pages/pod1/fragments/pts-common.pod delete mode 100644 doc/man-pages/pod1/pts_adduser.pod create mode 100644 doc/man-pages/pod1/pts_adduser.pod.in delete mode 100644 doc/man-pages/pod1/pts_chown.pod create mode 100644 doc/man-pages/pod1/pts_chown.pod.in delete mode 100644 doc/man-pages/pod1/pts_creategroup.pod create mode 100644 doc/man-pages/pod1/pts_creategroup.pod.in delete mode 100644 doc/man-pages/pod1/pts_createuser.pod create mode 100644 doc/man-pages/pod1/pts_createuser.pod.in delete mode 100644 doc/man-pages/pod1/pts_delete.pod create mode 100644 doc/man-pages/pod1/pts_delete.pod.in delete mode 100644 doc/man-pages/pod1/pts_examine.pod create mode 100644 doc/man-pages/pod1/pts_examine.pod.in delete mode 100644 doc/man-pages/pod1/pts_interactive.pod create mode 100644 doc/man-pages/pod1/pts_interactive.pod.in delete mode 100644 doc/man-pages/pod1/pts_listentries.pod create mode 100644 doc/man-pages/pod1/pts_listentries.pod.in delete mode 100644 doc/man-pages/pod1/pts_listmax.pod create mode 100644 doc/man-pages/pod1/pts_listmax.pod.in delete mode 100644 doc/man-pages/pod1/pts_listowned.pod create mode 100644 doc/man-pages/pod1/pts_listowned.pod.in delete mode 100644 doc/man-pages/pod1/pts_membership.pod create mode 100644 doc/man-pages/pod1/pts_membership.pod.in delete mode 100644 doc/man-pages/pod1/pts_quit.pod create mode 100644 doc/man-pages/pod1/pts_quit.pod.in delete mode 100644 doc/man-pages/pod1/pts_removeuser.pod create mode 100644 doc/man-pages/pod1/pts_removeuser.pod.in delete mode 100644 doc/man-pages/pod1/pts_rename.pod create mode 100644 doc/man-pages/pod1/pts_rename.pod.in delete mode 100644 doc/man-pages/pod1/pts_setfields.pod create mode 100644 doc/man-pages/pod1/pts_setfields.pod.in delete mode 100644 doc/man-pages/pod1/pts_setmax.pod create mode 100644 doc/man-pages/pod1/pts_setmax.pod.in delete mode 100644 doc/man-pages/pod1/pts_sleep.pod create mode 100644 doc/man-pages/pod1/pts_sleep.pod.in delete mode 100644 doc/man-pages/pod1/pts_source.pod create mode 100644 doc/man-pages/pod1/pts_source.pod.in diff --git a/doc/man-pages/check-pod b/doc/man-pages/check-pod index 418f81d..0afaf7b 100755 --- a/doc/man-pages/check-pod +++ b/doc/man-pages/check-pod @@ -28,7 +28,7 @@ for ( @ARGV ? @ARGV : @poddirs ) { if ( -f ) { push @list, $_ } elsif ( -d ) { - push @list, all_pod_files( $_ ) + push @list, grep { !m,fragments/, } all_pod_files( $_ ) } } diff --git a/doc/man-pages/merge-pod b/doc/man-pages/merge-pod new file mode 100755 index 0000000..b1e0da3 --- /dev/null +++ b/doc/man-pages/merge-pod @@ -0,0 +1,44 @@ +#!/usr/bin/perl -w +# +# POD currently doesn't support any sort of =include directive. This +# processor works around that limitation. It takes a list of files ending in +# *.in as its argument and processes any POD directives of the form =include +# in that file, generating a file with the *.in suffix removed. All +# paths are taken to be relative to the directory containing the file being +# processed. +# +# Currently, only single include nesting is supported. The included file is +# not processed for additional =include statements. + +require 5.006; + +use Cwd qw(getcwd); +use File::Basename qw(dirname basename); + +my $start = getcwd; +for my $file (@ARGV) { + chdir $start or die "cannot chdir to $start: $!\n"; + my $dir = dirname ($file); + my $out = $file; + unless ($out =~ s/\.in\z//) { + die "input file $file does not end in .in\n"; + } + open (FILE, '<', $file) or die "cannot open $file: $!\n"; + open (OUT, '>', $out) or die "cannot open $out: $!\n"; + chdir $dir or die "cannot chdir to $dir: $!\n"; + local $/ = ''; + local $_; + while () { + if (/^=include\s+(\S+)/) { + open (INCLUDE, '<', $1) or die "cannot open $1: $!\n"; + local $/; + print OUT or die "cannot read/write from $1: $!\n"; + close INCLUDE or die "cannot read from $1: $!\n"; + print OUT "\n" or die "cannot write to $out: $!\n"; + } else { + print OUT $_ or die "cannot write to $out: $!\n"; + } + } + close OUT or die "cannot write to $out: $!\n"; + close FILE or die "cannot read from $file\n"; +} diff --git a/doc/man-pages/pod1/.gitignore b/doc/man-pages/pod1/.gitignore new file mode 100644 index 0000000..b794ac3 --- /dev/null +++ b/doc/man-pages/pod1/.gitignore @@ -0,0 +1,22 @@ +# After changing this file, please run +# git ls-files -i --exclude-standard +# to check that you haven't inadvertently ignored any tracked files. + +/pts_adduser.pod +/pts_chown.pod +/pts_creategroup.pod +/pts_createuser.pod +/pts_delete.pod +/pts_examine.pod +/pts_interactive.pod +/pts_listentries.pod +/pts_listmax.pod +/pts_listowned.pod +/pts_membership.pod +/pts_quit.pod +/pts_removeuser.pod +/pts_rename.pod +/pts_setfields.pod +/pts_setmax.pod +/pts_sleep.pod +/pts_source.pod diff --git a/doc/man-pages/pod1/fragments/pts-common.pod b/doc/man-pages/pod1/fragments/pts-common.pod new file mode 100644 index 0000000..055262d --- /dev/null +++ b/doc/man-pages/pod1/fragments/pts-common.pod @@ -0,0 +1,25 @@ +=item B<-cell> > + +Names the cell in which to run the command. For more details, see +L. + +=item B<-force> + +Enables the command to continue executing as far as possible when errors +or other problems occur, rather than halting execution at the first error. + +=item B<-help> + +Prints the online help for this command. All other valid options are +ignored. + +=item B<-localauth> + +Constructs a server ticket using a key from the local +F file. Do not combine this flag with the B<-cell> +or B<-noauth> options. For more details, see L. + +=item B<-noauth> + +Assigns the unprivileged identity anonymous to the issuer. For more +details, see L. diff --git a/doc/man-pages/pod1/pts_adduser.pod b/doc/man-pages/pod1/pts_adduser.pod deleted file mode 100644 index cefc970..0000000 --- a/doc/man-pages/pod1/pts_adduser.pod +++ /dev/null @@ -1,141 +0,0 @@ -=head1 NAME - -pts_adduser - Adds a user or machine to a Protection Database group - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-user> >+ >>> S<<< B<-group> >+ >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] - -B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>> - S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command adds each user or machine entry named by the -B<-user> argument as a member of each group named by the B<-group> -argument. - -To remove members of a group, use the B command. To list -the groups to which a user or machine belongs, or the members of a -specified group, use the B command. - -=head1 CAUTIONS - -After being added as a group member, a currently authenticated user must -reauthenticate (for example, by issuing the B command) to obtain -permissions granted to the group on an access control list (ACL). - -=head1 OPTIONS - -=over 4 - -=item B<-user> >+ - -Specifies the name of each user or machine entry to add to each group -named by the B<-group> argument. The name of a machine entry resembles an -IP address and can use the wildcard notation described on the B reference page. The user or machine entry must already exist -in the Protection Database. - -=item B<-group> >+ - -Specifies the complete name (including the owner prefix if applicable) of -each group to which to add members. The group entry must already exist in -the Protection Database. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. The B command interpreter presents the -ticket to the Protection Server during mutual authentication. Do not combine -this flag with the B<-cell> or B<-noauth> options. For more details, see -L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following example adds user smith to the group system:administrators. - - % pts adduser -user smith -group system:administrators - -The following example adds users C, C, and B to the -smith:colleagues group. - - % pts adduser -user jones terry pat -group smith:colleagues - -The following example adds the machine entries in the ABC Corporation -subnet to the group C. Because of the IP address range of the -ABC Corporation subnet, the system administrator was able to group the -machines into three machine entries (using the wildcard notation discussed -on the B reference page). - - % pts adduser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot - -=head1 PRIVILEGE REQUIRED - -The required privilege depends on the setting of the fourth privacy flag -in the Protection Database entry for each group named by the B<-group> -argument (use the B command to display the flags): - -=over 4 - -=item * - -If it is the hyphen, only the group's owner and members of the -system:administrators group can add members. - -=item * - -If it is lowercase C, current members of the group can add new members. - -=item * - -If it is uppercase C, anyone who can access the cell's database server -machines can add new members. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_adduser.pod.in b/doc/man-pages/pod1/pts_adduser.pod.in new file mode 100644 index 0000000..0dfb3e2 --- /dev/null +++ b/doc/man-pages/pod1/pts_adduser.pod.in @@ -0,0 +1,115 @@ +=head1 NAME + +pts_adduser - Adds a user or machine to a Protection Database group + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-user> >+ >>> S<<< B<-group> >+ >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] + +B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>> + S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command adds each user or machine entry named by the +B<-user> argument as a member of each group named by the B<-group> +argument. + +To remove members of a group, use the B command. To list +the groups to which a user or machine belongs, or the members of a +specified group, use the B command. + +=head1 CAUTIONS + +After being added as a group member, a currently authenticated user must +reauthenticate (for example, by issuing the B command) to obtain +permissions granted to the group on an access control list (ACL). + +=head1 OPTIONS + +=over 4 + +=item B<-user> >+ + +Specifies the name of each user or machine entry to add to each group +named by the B<-group> argument. The name of a machine entry resembles an +IP address and can use the wildcard notation described on the B reference page. The user or machine entry must already exist +in the Protection Database. + +=item B<-group> >+ + +Specifies the complete name (including the owner prefix if applicable) of +each group to which to add members. The group entry must already exist in +the Protection Database. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following example adds user smith to the group system:administrators. + + % pts adduser -user smith -group system:administrators + +The following example adds users C, C, and B to the +smith:colleagues group. + + % pts adduser -user jones terry pat -group smith:colleagues + +The following example adds the machine entries in the ABC Corporation +subnet to the group C. Because of the IP address range of the +ABC Corporation subnet, the system administrator was able to group the +machines into three machine entries (using the wildcard notation discussed +on the B reference page). + + % pts adduser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot + +=head1 PRIVILEGE REQUIRED + +The required privilege depends on the setting of the fourth privacy flag +in the Protection Database entry for each group named by the B<-group> +argument (use the B command to display the flags): + +=over 4 + +=item * + +If it is the hyphen, only the group's owner and members of the +system:administrators group can add members. + +=item * + +If it is lowercase C, current members of the group can add new members. + +=item * + +If it is uppercase C, anyone who can access the cell's database server +machines can add new members. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_chown.pod b/doc/man-pages/pod1/pts_chown.pod deleted file mode 100644 index c3de2c3..0000000 --- a/doc/man-pages/pod1/pts_chown.pod +++ /dev/null @@ -1,113 +0,0 @@ -=head1 NAME - -pts_chown - Changes the owner of a Protection Database entry - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-name> > >>> S<<< B<-owner> > >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] - -B S<<< B<-na> > >>> S<<< B<-o> > >>> - S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command designates the user or group named by the -B<-owner> argument as the owner of the group named by the B<-name> -argument, and records the new owner in the owner field of the group's -Protection Database entry. - -In the case of regular groups, this command automatically changes the -group name's owner prefix (the part of the group name before the colon) to -match the new owner. If the new owner is itself a group, then only its -owner prefix, not its complete name, becomes the owner prefix in the new -name. The change to the owner prefix does not propagate to any groups -owned by the group, however. To make the owner prefix of such group-owned -groups reflect the new owning group, use the B command. - -It is not possible to change a user or machine entry's owner from the -default set at creation time, the system:administrators group. - -=head1 CAUTIONS - -While designating a machine as a group's owner does not cause an error, it -is not recommended. The Protection Server does not extend the usual -privileges of group ownership to users logged onto the machine. - -=head1 OPTIONS - -=over 4 - -=item B<-name> > - -Specifies the current name of the group to which to assign a new owner. - -=item B<-owner> > - -Names the user or group to become the group's owner. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the B<-cell> -or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following example changes the owner of the group C from -the user C to the user C. A side effect is that the group name -changes to C. - - % pts chown -name terry:friends -owner pat - -The following example changes the owner of the group C from -the user C to the group C. A side effect is that the -group name changes to C. - - % pts chown -name terry:friends -owner pat:buddies - -=head1 PRIVILEGE REQUIRED - -The issuer must belong to the system:administrators group or currently own -the group. - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_chown.pod.in b/doc/man-pages/pod1/pts_chown.pod.in new file mode 100644 index 0000000..498b85f --- /dev/null +++ b/doc/man-pages/pod1/pts_chown.pod.in @@ -0,0 +1,89 @@ +=head1 NAME + +pts_chown - Changes the owner of a Protection Database entry + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-name> > >>> S<<< B<-owner> > >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] + +B S<<< B<-na> > >>> S<<< B<-o> > >>> + S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command designates the user or group named by the +B<-owner> argument as the owner of the group named by the B<-name> +argument, and records the new owner in the owner field of the group's +Protection Database entry. + +In the case of regular groups, this command automatically changes the +group name's owner prefix (the part of the group name before the colon) to +match the new owner. If the new owner is itself a group, then only its +owner prefix, not its complete name, becomes the owner prefix in the new +name. The change to the owner prefix does not propagate to any groups +owned by the group, however. To make the owner prefix of such group-owned +groups reflect the new owning group, use the B command. + +It is not possible to change a user or machine entry's owner from the +default set at creation time, the system:administrators group. + +=head1 CAUTIONS + +While designating a machine as a group's owner does not cause an error, it +is not recommended. The Protection Server does not extend the usual +privileges of group ownership to users logged onto the machine. + +=head1 OPTIONS + +=over 4 + +=item B<-name> > + +Specifies the current name of the group to which to assign a new owner. + +=item B<-owner> > + +Names the user or group to become the group's owner. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following example changes the owner of the group C from +the user C to the user C. A side effect is that the group name +changes to C. + + % pts chown -name terry:friends -owner pat + +The following example changes the owner of the group C from +the user C to the group C. A side effect is that the +group name changes to C. + + % pts chown -name terry:friends -owner pat:buddies + +=head1 PRIVILEGE REQUIRED + +The issuer must belong to the system:administrators group or currently own +the group. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_creategroup.pod b/doc/man-pages/pod1/pts_creategroup.pod deleted file mode 100644 index ed78053..0000000 --- a/doc/man-pages/pod1/pts_creategroup.pod +++ /dev/null @@ -1,228 +0,0 @@ -=head1 NAME - -pts_creategroup - Creates an (empty) Protection Database group entry - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-name> >+ >>> - S<<< [B<-owner> >] >>> - S<<< [B<-id> >+] >>> S<<< [B<-cell> >] >>> - [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] - -B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>> - S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>> - S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command creates an entry in the Protection Database -for each group specified by the B<-name> argument. The entry records the -issuer of the command as the group's creator, and as the group's owner -unless the B<-owner> argument names an alternate user or group as the -owner. - -There are two types of groups: - -=over 4 - -=item * - -I, the names of which have two parts separated by a colon. The -part before the colon names the group's owner. Any user can create such -groups. - -=item * - -I, which do not have an owner prefix. Only members of the -system:administrators group can create prefix-less groups. - -=back - -Creating a group lowers the issuer's group-creation quota by one. This is -true even if the B<-owner> argument is used to assign ownership to an -alternate user or group. To display a user's group-creation quota, use the -B command; to set it, use the B command. - -AFS group ID (AFS GID) numbers are negative integers and by default the -Protection Server assigns a GID that is one less (more negative) than the -current value of the C counter in the Protection Database, -decrementing the counter by one for each group. Members of the -system:administrators group can use the B<-id> argument to assign specific -AFS GID numbers. If any of the specified GIDs is lower (more negative) -than the current value of the C counter, the counter is -reset to that value. It is acceptable to specify a GID greater (less -negative) than the current value of the counter, but the creation -operation fails if an existing group already has it. To display or set the -value of the C counter, use the B or B command, respectively. - -=head1 OUTPUT - -The command generates the following string to confirm creation of each -group: - - group has id - -=head1 CAUTIONS - -Although using the B<-owner> argument to designate a machine entry as a -group's owner does not generate an error, it is not recommended. The -Protection Server does not extend the usual privileges of group ownership -to users logged onto the machine. - -=head1 OPTIONS - -=over 4 - -=item B<-name> > - -Specifies the name of each group to create. Provide a string of up to 63 -characters, which can include lowercase (but not uppercase) letters, -numbers, and punctuation marks. A regular name includes a single colon -(C<:>) to separate the two parts of the name; the colon cannot appear in a -prefix-less group name. - -A regular group's name must have the following format: - - : - -and the field must reflect the actual owner of the group, as -follows: - -=over 4 - -=item * - -If the optional B<-owner> argument is not included, the field must match -the AFS username under which the issuer is currently authenticated. - -=item * - -If the B<-owner> argument names an alternate AFS user, the field must -match that AFS username. - -=item * - -If the B<-owner> argument names another regular group, the field must -match the owning group's owner field (the part of its name before the -colon). If the B<-owner> argument names a prefix-less group, the field -must match the owning group's complete name. - -=back - -=item B<-owner> > - -Specifies a user or group as the owner for each group, rather than the -issuer of the command. Provide either an AFS username or the name of a -regular or prefix-less group. An owning group must already have at least -one member. This requirement prevents assignment of self-ownership to a -group during its creation; use the B command after issuing this -command, if desired. - -=item B<-id> > - -Specifies a negative integer AFS GID number for each group, rather than -allowing the Protection Server to assign it. Precede the integer with a -hyphen (C<->) to indicate that it is negative. - -If this argument is used and the B<-name> argument names multiple new -groups, it is best to provide an equivalent number of AFS GIDs. The first -GID is assigned to the first group, the second to the second group, and so -on. If there are fewer GIDs than groups, the Protection Server assigns -GIDs to the unmatched groups based on the C counter. If -there are more GIDs than groups, the excess GIDs are ignored. If any of -the GIDs is lower (more negative) than the current value of the C counter, the counter is reset to that value. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -In the following example, the user pat creates groups called -C and C. - - % pts creategroup -name pat:friends pat:colleagues - -The following example shows a member of the system:administrators group -creating the prefix-less group C and assigning its ownership to the -system:administrators group rather than to herself. - - % pts creategroup -name staff -owner system:administrators - -In the following example, the user pat creates a group called -C, which is allowed because the B<-owner> argument -specifies the required value (C). - - % pts creategroup -name smith:team-members -owner smith - -=head1 PRIVILEGE REQUIRED - -The issuer must belong to the system:administrators group to create -prefix-less groups or include the B<-id> argument. - -To create a regular group, the issuer must - -=over 4 - -=item * - -Be authenticated. The command fails if the B<-noauth> flag is provided. - -=item * - -Have a group-creation quota greater than zero. The B command -displays this quota. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_creategroup.pod.in b/doc/man-pages/pod1/pts_creategroup.pod.in new file mode 100644 index 0000000..e399f27 --- /dev/null +++ b/doc/man-pages/pod1/pts_creategroup.pod.in @@ -0,0 +1,204 @@ +=head1 NAME + +pts_creategroup - Creates an (empty) Protection Database group entry + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-name> >+ >>> + S<<< [B<-owner> >] >>> + S<<< [B<-id> >+] >>> S<<< [B<-cell> >] >>> + [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] + +B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>> + S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +B S<<< B<-na> >+ >>> S<<< [B<-o> >] >>> + S<<< [B<-i> >+] >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command creates an entry in the Protection Database +for each group specified by the B<-name> argument. The entry records the +issuer of the command as the group's creator, and as the group's owner +unless the B<-owner> argument names an alternate user or group as the +owner. + +There are two types of groups: + +=over 4 + +=item * + +I, the names of which have two parts separated by a colon. The +part before the colon names the group's owner. Any user can create such +groups. + +=item * + +I, which do not have an owner prefix. Only members of the +system:administrators group can create prefix-less groups. + +=back + +Creating a group lowers the issuer's group-creation quota by one. This is +true even if the B<-owner> argument is used to assign ownership to an +alternate user or group. To display a user's group-creation quota, use the +B command; to set it, use the B command. + +AFS group ID (AFS GID) numbers are negative integers and by default the +Protection Server assigns a GID that is one less (more negative) than the +current value of the C counter in the Protection Database, +decrementing the counter by one for each group. Members of the +system:administrators group can use the B<-id> argument to assign specific +AFS GID numbers. If any of the specified GIDs is lower (more negative) +than the current value of the C counter, the counter is +reset to that value. It is acceptable to specify a GID greater (less +negative) than the current value of the counter, but the creation +operation fails if an existing group already has it. To display or set the +value of the C counter, use the B or B command, respectively. + +=head1 OUTPUT + +The command generates the following string to confirm creation of each +group: + + group has id + +=head1 CAUTIONS + +Although using the B<-owner> argument to designate a machine entry as a +group's owner does not generate an error, it is not recommended. The +Protection Server does not extend the usual privileges of group ownership +to users logged onto the machine. + +=head1 OPTIONS + +=over 4 + +=item B<-name> > + +Specifies the name of each group to create. Provide a string of up to 63 +characters, which can include lowercase (but not uppercase) letters, +numbers, and punctuation marks. A regular name includes a single colon +(C<:>) to separate the two parts of the name; the colon cannot appear in a +prefix-less group name. + +A regular group's name must have the following format: + + : + +and the field must reflect the actual owner of the group, as +follows: + +=over 4 + +=item * + +If the optional B<-owner> argument is not included, the field must match +the AFS username under which the issuer is currently authenticated. + +=item * + +If the B<-owner> argument names an alternate AFS user, the field must +match that AFS username. + +=item * + +If the B<-owner> argument names another regular group, the field must +match the owning group's owner field (the part of its name before the +colon). If the B<-owner> argument names a prefix-less group, the field +must match the owning group's complete name. + +=back + +=item B<-owner> > + +Specifies a user or group as the owner for each group, rather than the +issuer of the command. Provide either an AFS username or the name of a +regular or prefix-less group. An owning group must already have at least +one member. This requirement prevents assignment of self-ownership to a +group during its creation; use the B command after issuing this +command, if desired. + +=item B<-id> > + +Specifies a negative integer AFS GID number for each group, rather than +allowing the Protection Server to assign it. Precede the integer with a +hyphen (C<->) to indicate that it is negative. + +If this argument is used and the B<-name> argument names multiple new +groups, it is best to provide an equivalent number of AFS GIDs. The first +GID is assigned to the first group, the second to the second group, and so +on. If there are fewer GIDs than groups, the Protection Server assigns +GIDs to the unmatched groups based on the C counter. If +there are more GIDs than groups, the excess GIDs are ignored. If any of +the GIDs is lower (more negative) than the current value of the C counter, the counter is reset to that value. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +In the following example, the user pat creates groups called +C and C. + + % pts creategroup -name pat:friends pat:colleagues + +The following example shows a member of the system:administrators group +creating the prefix-less group C and assigning its ownership to the +system:administrators group rather than to herself. + + % pts creategroup -name staff -owner system:administrators + +In the following example, the user pat creates a group called +C, which is allowed because the B<-owner> argument +specifies the required value (C). + + % pts creategroup -name smith:team-members -owner smith + +=head1 PRIVILEGE REQUIRED + +The issuer must belong to the system:administrators group to create +prefix-less groups or include the B<-id> argument. + +To create a regular group, the issuer must + +=over 4 + +=item * + +Be authenticated. The command fails if the B<-noauth> flag is provided. + +=item * + +Have a group-creation quota greater than zero. The B command +displays this quota. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_createuser.pod b/doc/man-pages/pod1/pts_createuser.pod deleted file mode 100644 index 75c8bff..0000000 --- a/doc/man-pages/pod1/pts_createuser.pod +++ /dev/null @@ -1,195 +0,0 @@ -=head1 NAME - -pts_createuser - Creates a user or machine entry in the Protection Database - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-name> >+ >>> S<<< [B<-id> >+] >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] - [B<-help>] - -B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>> - S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>> - S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command creates an entry in the Protection Database -for each user or machine specified by the B<-name> argument. A user entry -name becomes the user's AFS username (the one to provide when -authenticating with the AFS Authentication Server). A machine entry's -name is the machine's IP address or a wildcard notation that represents a -range of consecutive IP addresses (a group of machines on the same -network). It is not possible to authenticate as a machine, but a group to -which a machine entry belongs can appear on a directory's access control -list (ACL), thereby granting the indicated permissions to any user logged -on to the machine. - -AFS user IDs (AFS UIDs) are positive integers and by default the -Protection Server assigns an AFS UID that is one greater than the current -value of the C counter in the Protection Database, -incrementing the counter by one for each user. To assign a specific AFS -UID, use the B<-id> argument. If any of the specified AFS UIDs is greater -than the current value of the C counter, the counter is reset -to that value. It is acceptable to specify an AFS UID smaller than the -current value of the counter, but the creation operation fails if an -existing user or machine entry already has it. To display or set the value -of the C counter, use the B or B -command, respectively. - -The issuer of the B command is recorded as the entry's -creator and the group system:administrators as its owner. - -=head1 CAUTIONS - -The Protection Server reserves AFS UID 0 (zero) and returns an error if -the B<-id> argument has that value. - -=head1 OPTIONS - -=over 4 - -=item B<-name> >+ - -Specifies either a username for a user entry, or an IP address (complete -or wildcarded) for a machine entry: - -=over 4 - -=item * - -A username can include up to 63 numbers and lowercase letters, but it is -best to make it shorter than eight characters, because many application -programs cannot handle longer names. Also, it is best not to include shell -metacharacters or other punctuation marks. In particular, the colon (C<:>) -and at-sign (C<@>) characters are not acceptable. The period is generally -used only in special administrative names, to separate the username and an -I, as in the example C. - -=item * - -A machine identifier is its IP address in dotted decimal notation (for -example, 192.12.108.240), or a wildcard notation that represents a set of -IP addresses (a group of machines on the same network). The following are -acceptable wildcard formats. The letters C, C, C and C each -represent an actual number from the range 1 through 255. - -=over 4 - -=item * - -W.X.Y.Z represents a single machine, for example C<192.12.108.240>. - -=item * - -W.X.Y.0 matches all machines whose IP addresses start with the first three -numbers. For example, C<192.12.108.0> matches both C<192.12.108.119> and -C<192.12.108.120>, but does not match C<192.12.105.144>. - -=item * - -W.X.0.0 matches all machines whose IP addresses start with the first two -numbers. For example, the address C<192.12.0.0> matches both -C<192.12.106.23> and C<192.12.108.120>, but does not match C<192.5.30.95>. - -=item * - -W.0.0.0 matches all machines whose IP addresses start with the first -number in the specified address. For example, the address C<192.0.0.0> -matches both C<192.5.30.95> and C<192.12.108.120>, but does not match -C<138.255.63.52>. - -=back - -Do not define a machine entry with the name C<0.0.0.0> to match every -machine. The system:anyuser group is equivalent. - -=back - -=item B<-id> >+ - -Specifies an AFS UID for each user or machine entry, rather than allowing -the Protection Server to assign it. Provide a positive integer. - -If this argument is used and the B<-name> argument names multiple new -entries, it is best to provide an equivalent number of AFS UIDs. The -first UID is assigned to the first entry, the second to the second entry, -and so on. If there are fewer UIDs than entries, the Protection Server -assigns UIDs to the unmatched entries based on the C -counter. If there are more UIDs than entries, the excess UIDs are -ignored. If any of the UIDs is greater than the current value of the C counter, the counter is reset to that value. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 OUTPUT - -The command generates the following string to confirm creation of each -user: - - User has id - -=head1 EXAMPLES - -The following example creates a Protection Database entry for the user -C. - - % pts createuser -name johnson - -The following example creates three wildcarded machine entries in the ABC -Corporation cell. The three entries encompass all of the machines on the -company's networks without including machines on other networks: - - % pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0 - -=head1 PRIVILEGE REQUIRED - -The issuer must belong to the system:administrators group. - -=head1 SEE ALSO - -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_createuser.pod.in b/doc/man-pages/pod1/pts_createuser.pod.in new file mode 100644 index 0000000..135af82 --- /dev/null +++ b/doc/man-pages/pod1/pts_createuser.pod.in @@ -0,0 +1,171 @@ +=head1 NAME + +pts_createuser - Creates a user or machine entry in the Protection Database + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-name> >+ >>> S<<< [B<-id> >+] >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] + [B<-help>] + +B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>> + S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +B S<<< B<-na> >+ >>> S<<< [B<-i> >+] >>> + S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command creates an entry in the Protection Database +for each user or machine specified by the B<-name> argument. A user entry +name becomes the user's AFS username (the one to provide when +authenticating with the AFS Authentication Server). A machine entry's +name is the machine's IP address or a wildcard notation that represents a +range of consecutive IP addresses (a group of machines on the same +network). It is not possible to authenticate as a machine, but a group to +which a machine entry belongs can appear on a directory's access control +list (ACL), thereby granting the indicated permissions to any user logged +on to the machine. + +AFS user IDs (AFS UIDs) are positive integers and by default the +Protection Server assigns an AFS UID that is one greater than the current +value of the C counter in the Protection Database, +incrementing the counter by one for each user. To assign a specific AFS +UID, use the B<-id> argument. If any of the specified AFS UIDs is greater +than the current value of the C counter, the counter is reset +to that value. It is acceptable to specify an AFS UID smaller than the +current value of the counter, but the creation operation fails if an +existing user or machine entry already has it. To display or set the value +of the C counter, use the B or B +command, respectively. + +The issuer of the B command is recorded as the entry's +creator and the group system:administrators as its owner. + +=head1 CAUTIONS + +The Protection Server reserves AFS UID 0 (zero) and returns an error if +the B<-id> argument has that value. + +=head1 OPTIONS + +=over 4 + +=item B<-name> >+ + +Specifies either a username for a user entry, or an IP address (complete +or wildcarded) for a machine entry: + +=over 4 + +=item * + +A username can include up to 63 numbers and lowercase letters, but it is +best to make it shorter than eight characters, because many application +programs cannot handle longer names. Also, it is best not to include shell +metacharacters or other punctuation marks. In particular, the colon (C<:>) +and at-sign (C<@>) characters are not acceptable. The period is generally +used only in special administrative names, to separate the username and an +I, as in the example C. + +=item * + +A machine identifier is its IP address in dotted decimal notation (for +example, 192.12.108.240), or a wildcard notation that represents a set of +IP addresses (a group of machines on the same network). The following are +acceptable wildcard formats. The letters C, C, C and C each +represent an actual number from the range 1 through 255. + +=over 4 + +=item * + +W.X.Y.Z represents a single machine, for example C<192.12.108.240>. + +=item * + +W.X.Y.0 matches all machines whose IP addresses start with the first three +numbers. For example, C<192.12.108.0> matches both C<192.12.108.119> and +C<192.12.108.120>, but does not match C<192.12.105.144>. + +=item * + +W.X.0.0 matches all machines whose IP addresses start with the first two +numbers. For example, the address C<192.12.0.0> matches both +C<192.12.106.23> and C<192.12.108.120>, but does not match C<192.5.30.95>. + +=item * + +W.0.0.0 matches all machines whose IP addresses start with the first +number in the specified address. For example, the address C<192.0.0.0> +matches both C<192.5.30.95> and C<192.12.108.120>, but does not match +C<138.255.63.52>. + +=back + +Do not define a machine entry with the name C<0.0.0.0> to match every +machine. The system:anyuser group is equivalent. + +=back + +=item B<-id> >+ + +Specifies an AFS UID for each user or machine entry, rather than allowing +the Protection Server to assign it. Provide a positive integer. + +If this argument is used and the B<-name> argument names multiple new +entries, it is best to provide an equivalent number of AFS UIDs. The +first UID is assigned to the first entry, the second to the second entry, +and so on. If there are fewer UIDs than entries, the Protection Server +assigns UIDs to the unmatched entries based on the C +counter. If there are more UIDs than entries, the excess UIDs are +ignored. If any of the UIDs is greater than the current value of the C counter, the counter is reset to that value. + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +The command generates the following string to confirm creation of each +user: + + User has id + +=head1 EXAMPLES + +The following example creates a Protection Database entry for the user +C. + + % pts createuser -name johnson + +The following example creates three wildcarded machine entries in the ABC +Corporation cell. The three entries encompass all of the machines on the +company's networks without including machines on other networks: + + % pts createuser -name 138.255.0.0 192.12.105.0 192.12.106.0 + +=head1 PRIVILEGE REQUIRED + +The issuer must belong to the system:administrators group. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_delete.pod b/doc/man-pages/pod1/pts_delete.pod deleted file mode 100644 index b06b35b..0000000 --- a/doc/man-pages/pod1/pts_delete.pod +++ /dev/null @@ -1,122 +0,0 @@ -=head1 NAME - -pts_delete - Deletes a Protection Database entry - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-nameorid> >+ >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] - [B<-force>] [B<-help>] - -B S<<< B<-na> >+ >>> - S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [-h] - -=for html -
- -=head1 DESCRIPTION - -The B command removes each entry specified by the B<-nameorid> -argument from the Protection Database. Deleting entries affects other -parts of the system in various ways: - -=over 4 - -=item * - -Deleted users and groups still appear on access control lists (ACLs), but -are listed by AFS UID or GID rather than by name, because there is no -longer an associated name to which to translate the ID. To remove these -obsolete entries from ACLs, use the B command. - -=item * - -Deleting a user or machine's entry removes it from the membership list of -any group to which it belonged. - -=item * - -Deleting a group entry removes it from the membership list of any user or -machine entry that belonged to the group, and also increments the -group-creation quota of the group's creator by one, even if the creator no -longer owns the group. - -=back - -To remove a user or machine from a group without actually deleting the -entry, use the B command. - -=head1 OPTIONS - -=over 4 - -=item B<-nameorid> >+ - -Specifies the name or AFS UID of each user, the name or AFS GID of each -group, or the IP address (complete or wildcard-style) or AFS UID of each -machine entry to delete. It is acceptable to mix users, machines, and -groups on the same command line, as well as names (IP addresses for -machines) and IDs. Precede the GID of each group with a hyphen to indicate -that it is negative. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following example deletes the user entries C and C: - - % pts delete pat terry - -The following example deletes the Protection Database entry of the group -with AFS GID -215. - - % pts delete -215 - -=head1 PRIVILEGE REQUIRED - -The issuer must belong to the system:administrators group to delete user -and machine entries. To delete group entries, the issuer must either own -the group or belong to the system:administrators group. - -=head1 SEE ALSO - -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_delete.pod.in b/doc/man-pages/pod1/pts_delete.pod.in new file mode 100644 index 0000000..7932fec --- /dev/null +++ b/doc/man-pages/pod1/pts_delete.pod.in @@ -0,0 +1,98 @@ +=head1 NAME + +pts_delete - Deletes a Protection Database entry + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-nameorid> >+ >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-force>] [B<-help>] + +B S<<< B<-na> >+ >>> + S<<< [B<-c> >] >>> [B<-no>] [B<-l>] [B<-f>] [-h] + +=for html +
+ +=head1 DESCRIPTION + +The B command removes each entry specified by the B<-nameorid> +argument from the Protection Database. Deleting entries affects other +parts of the system in various ways: + +=over 4 + +=item * + +Deleted users and groups still appear on access control lists (ACLs), but +are listed by AFS UID or GID rather than by name, because there is no +longer an associated name to which to translate the ID. To remove these +obsolete entries from ACLs, use the B command. + +=item * + +Deleting a user or machine's entry removes it from the membership list of +any group to which it belonged. + +=item * + +Deleting a group entry removes it from the membership list of any user or +machine entry that belonged to the group, and also increments the +group-creation quota of the group's creator by one, even if the creator no +longer owns the group. + +=back + +To remove a user or machine from a group without actually deleting the +entry, use the B command. + +=head1 OPTIONS + +=over 4 + +=item B<-nameorid> >+ + +Specifies the name or AFS UID of each user, the name or AFS GID of each +group, or the IP address (complete or wildcard-style) or AFS UID of each +machine entry to delete. It is acceptable to mix users, machines, and +groups on the same command line, as well as names (IP addresses for +machines) and IDs. Precede the GID of each group with a hyphen to indicate +that it is negative. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following example deletes the user entries C and C: + + % pts delete pat terry + +The following example deletes the Protection Database entry of the group +with AFS GID -215. + + % pts delete -215 + +=head1 PRIVILEGE REQUIRED + +The issuer must belong to the system:administrators group to delete user +and machine entries. To delete group entries, the issuer must either own +the group or belong to the system:administrators group. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_examine.pod b/doc/man-pages/pod1/pts_examine.pod deleted file mode 100644 index 7118fa8..0000000 --- a/doc/man-pages/pod1/pts_examine.pod +++ /dev/null @@ -1,293 +0,0 @@ -=head1 NAME - -pts_examine - Displays a Protection Database entry - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-nameorid> >+ >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] - [B<-force>] [B<-auth>] [B<-help>] - -B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] - -B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] - -B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command displays information from the Protection -Database entry of each user, machine or group specified by the -B<-nameorid> argument. - -=head1 OPTIONS - -=over 4 - -=item -nameorid >+ - -Specifies the name or AFS UID of each user, the name or AFS GID of each -group, or the IP address (complete or wildcard-style) or AFS UID of each -machine for which to display the Protection Database entry. It is -acceptable to mix users, machines, and groups on the same command line, as -well as names (IP addresses for machines) and IDs. Precede the GID of each -group with a hyphen to indicate that it is negative. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-auth> - -Run using the user's current authentication. This is the default unless -the B<-noauth> or B<-localauth> options are used. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 OUTPUT - -The output for each entry consists of two lines that include the following -fields: - -=over 4 - -=item Name - -The contents of this field depend on the type of entry: - -=over 4 - -=item * - -For a user entry, it is the username that the user types when -authenticating with AFS. - -=item * - -For a machine entry, it is either the IP address of a single machine in -dotted decimal format, or a wildcard notation that represents a group of -machines on the same network. See the B reference page for -an explanation of the wildcard notation. - -=item * - -For a group entry, it is one of two types of group name. If the name has a -colon between the two parts, it represents a regular group and the part -before the prefix reflects the group's owner. A prefix-less group does not -have the owner field or the colon. For more details on group names, see -the B reference page. - -=back - -=item id - -A unique number that the AFS server processes use to identify AFS users, -machines and groups. AFS UIDs for user and machine entries are positive -integers, and AFS GIDs for group entries are negative integers. AFS UIDs -and GIDs are similar in function to the UIDs and GIDs used in local file -systems such as UFS, but apply only to AFS operations. - -=item owner - -The user or group that owns the entry and thus can administer it (change -the values in most of the fields displayed in the output of this command), -or delete it entirely. The Protection Server automatically records the -system:administrators group in this field for user and machine entries at -creation time. - -=item creator - -The user who issued the B or B command to -create the entry. This field serves as an audit trail, and cannot be -changed. - -=item membership - -An integer that for users and machines represents the number of groups to -which the user or machine belongs. For groups, it represents the number of -group members. - -=item flags - -A string of five characters, referred to as I, which -indicate who can display or administer certain aspects of the entry. - -=over 4 - -=item s - -Controls who can issue the B command to display the entry. - -=item o - -Controls who can issue the B command to display the groups -that a user or group owns. - -=item m - -Controls who can issue the B command to display the groups -a user or machine belongs to, or which users or machines belong to a -group. - -=item a - -Controls who can issue the B command to add a user or machine -to a group. It is meaningful only for groups, but a value must always be -set for it even on user and machine entries. - -=item r - -Controls who can issue the B command to remove a user or -machine from a group. It is meaningful only for groups, but a value must -always be set for it even on user and machine entries. - -=back - -Each flag can take three possible types of values to enable a different -set of users to issue the corresponding command: - -=over 4 - -=item * - -A hyphen (-) designates the members of the system:administrators group and -the entry's owner. For user entries, it designates the user in addition. - -=item * - -The lowercase version of the letter applies meaningfully to groups only, -and designates members of the group in addition to the individuals -designated by the hyphen. - -=item * - -The uppercase version of the letter designates everyone. - -=back - -For example, the flags C on a group entry indicate that anyone can -examine the group's entry and display the groups that it owns, and that -only the group's members can display, add, or remove its members. - -The default privacy flags for user and machine entries are C, -meaning that anyone can display the entry. The ability to perform any -other functions is restricted to members of the system:administrators -group and the entry's owner (as well as the user for a user entry). - -The default privacy flags for group entries are C, meaning that all -users can display the entry and the members of the group, but only the -entry owner and members of the system:administrators group can perform -other functions. The defaults for the privacy flags may be changed by -running B with the B<-default_access> option. See L -for more discussion of the B<-default_access> option. - -=item group quota - -The number of additional groups the user is allowed to create. The B command sets it to 20 for both users and machines, but it has -no meaningful interpretation for a machine, because it is not possible to -authenticate as a machine. Similarly, it has no meaning in group entries -that only deal with the local cell and the B command sets -it to 0 (zero); do not change this value. - -When using cross-realm authentication, a special group of the form -system:authuser@FOREIGN.REALM is created by an administrator and used. If -the group quota for this special group is greater than zero, then aklog -will automatically register foreign users in the local PTS database, add -the foreign user to the system:authuser@FOREIGN.REALM, and decrement the -group quota by one. - -=back - -=head1 EXAMPLES - -The following example displays the user entry for C and the machine -entry C<158.12.105.44>. - - % pts examine terry 158.12.105.44 - Name: terry, id: 1045, owner: system:administrators, creator: admin, - membership: 9, flags: S----, group quota: 15. - Name: 158.12.105.44, id: 5151, owner: system:administrators, - creator: byu, membership: 1, flags: S----, group quota: 20. - -The following example displays the entries for the AFS groups with GIDs --673 and -674. - - % pts examine -673 -674 - Name: terry:friends, id: -673, owner: terry, creator: terry, - membership: 5, flags: S-M--, group quota: 0. - Name: smith:colleagues, id: -674, owner: smith, creator: smith, - membership: 14, flags: SOM--, group quota: 0. - -=head1 PRIVILEGE REQUIRED - -The required privilege depends on the setting of the first privacy flag in -the Protection Database entry of each entry specified by the B<-nameorid> -argument: - -=over 4 - -=item * - -If it is lowercase C, members of the system:administrators group and -the user associated with a user entry can examine it, and only members of -the system:administrators group can examine a machine or group entry. - -=item * - -If it is uppercase C, anyone who can access the cell's database server -machines can examine the entry. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_examine.pod.in b/doc/man-pages/pod1/pts_examine.pod.in new file mode 100644 index 0000000..154ff78 --- /dev/null +++ b/doc/man-pages/pod1/pts_examine.pod.in @@ -0,0 +1,269 @@ +=head1 NAME + +pts_examine - Displays a Protection Database entry + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-nameorid> >+ >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-force>] [B<-auth>] [B<-help>] + +B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] + +B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] + +B S<<< B<-na> >+ >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-a>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command displays information from the Protection +Database entry of each user, machine or group specified by the +B<-nameorid> argument. + +=head1 OPTIONS + +=over 4 + +=item -nameorid >+ + +Specifies the name or AFS UID of each user, the name or AFS GID of each +group, or the IP address (complete or wildcard-style) or AFS UID of each +machine for which to display the Protection Database entry. It is +acceptable to mix users, machines, and groups on the same command line, as +well as names (IP addresses for machines) and IDs. Precede the GID of each +group with a hyphen to indicate that it is negative. + +=item B<-auth> + +Run using the user's current authentication. This is the default unless +the B<-noauth> or B<-localauth> options are used. + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +The output for each entry consists of two lines that include the following +fields: + +=over 4 + +=item Name + +The contents of this field depend on the type of entry: + +=over 4 + +=item * + +For a user entry, it is the username that the user types when +authenticating with AFS. + +=item * + +For a machine entry, it is either the IP address of a single machine in +dotted decimal format, or a wildcard notation that represents a group of +machines on the same network. See the B reference page for +an explanation of the wildcard notation. + +=item * + +For a group entry, it is one of two types of group name. If the name has a +colon between the two parts, it represents a regular group and the part +before the prefix reflects the group's owner. A prefix-less group does not +have the owner field or the colon. For more details on group names, see +the B reference page. + +=back + +=item id + +A unique number that the AFS server processes use to identify AFS users, +machines and groups. AFS UIDs for user and machine entries are positive +integers, and AFS GIDs for group entries are negative integers. AFS UIDs +and GIDs are similar in function to the UIDs and GIDs used in local file +systems such as UFS, but apply only to AFS operations. + +=item owner + +The user or group that owns the entry and thus can administer it (change +the values in most of the fields displayed in the output of this command), +or delete it entirely. The Protection Server automatically records the +system:administrators group in this field for user and machine entries at +creation time. + +=item creator + +The user who issued the B or B command to +create the entry. This field serves as an audit trail, and cannot be +changed. + +=item membership + +An integer that for users and machines represents the number of groups to +which the user or machine belongs. For groups, it represents the number of +group members. + +=item flags + +A string of five characters, referred to as I, which +indicate who can display or administer certain aspects of the entry. + +=over 4 + +=item s + +Controls who can issue the B command to display the entry. + +=item o + +Controls who can issue the B command to display the groups +that a user or group owns. + +=item m + +Controls who can issue the B command to display the groups +a user or machine belongs to, or which users or machines belong to a +group. + +=item a + +Controls who can issue the B command to add a user or machine +to a group. It is meaningful only for groups, but a value must always be +set for it even on user and machine entries. + +=item r + +Controls who can issue the B command to remove a user or +machine from a group. It is meaningful only for groups, but a value must +always be set for it even on user and machine entries. + +=back + +Each flag can take three possible types of values to enable a different +set of users to issue the corresponding command: + +=over 4 + +=item * + +A hyphen (-) designates the members of the system:administrators group and +the entry's owner. For user entries, it designates the user in addition. + +=item * + +The lowercase version of the letter applies meaningfully to groups only, +and designates members of the group in addition to the individuals +designated by the hyphen. + +=item * + +The uppercase version of the letter designates everyone. + +=back + +For example, the flags C on a group entry indicate that anyone can +examine the group's entry and display the groups that it owns, and that +only the group's members can display, add, or remove its members. + +The default privacy flags for user and machine entries are C, +meaning that anyone can display the entry. The ability to perform any +other functions is restricted to members of the system:administrators +group and the entry's owner (as well as the user for a user entry). + +The default privacy flags for group entries are C, meaning that all +users can display the entry and the members of the group, but only the +entry owner and members of the system:administrators group can perform +other functions. The defaults for the privacy flags may be changed by +running B with the B<-default_access> option. See L +for more discussion of the B<-default_access> option. + +=item group quota + +The number of additional groups the user is allowed to create. The B command sets it to 20 for both users and machines, but it has +no meaningful interpretation for a machine, because it is not possible to +authenticate as a machine. Similarly, it has no meaning in group entries +that only deal with the local cell and the B command sets +it to 0 (zero); do not change this value. + +When using cross-realm authentication, a special group of the form +system:authuser@FOREIGN.REALM is created by an administrator and used. If +the group quota for this special group is greater than zero, then aklog +will automatically register foreign users in the local PTS database, add +the foreign user to the system:authuser@FOREIGN.REALM, and decrement the +group quota by one. + +=back + +=head1 EXAMPLES + +The following example displays the user entry for C and the machine +entry C<158.12.105.44>. + + % pts examine terry 158.12.105.44 + Name: terry, id: 1045, owner: system:administrators, creator: admin, + membership: 9, flags: S----, group quota: 15. + Name: 158.12.105.44, id: 5151, owner: system:administrators, + creator: byu, membership: 1, flags: S----, group quota: 20. + +The following example displays the entries for the AFS groups with GIDs +-673 and -674. + + % pts examine -673 -674 + Name: terry:friends, id: -673, owner: terry, creator: terry, + membership: 5, flags: S-M--, group quota: 0. + Name: smith:colleagues, id: -674, owner: smith, creator: smith, + membership: 14, flags: SOM--, group quota: 0. + +=head1 PRIVILEGE REQUIRED + +The required privilege depends on the setting of the first privacy flag in +the Protection Database entry of each entry specified by the B<-nameorid> +argument: + +=over 4 + +=item * + +If it is lowercase C, members of the system:administrators group and +the user associated with a user entry can examine it, and only members of +the system:administrators group can examine a machine or group entry. + +=item * + +If it is uppercase C, anyone who can access the cell's database server +machines can examine the entry. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_interactive.pod b/doc/man-pages/pod1/pts_interactive.pod deleted file mode 100644 index 6c8a641..0000000 --- a/doc/man-pages/pod1/pts_interactive.pod +++ /dev/null @@ -1,132 +0,0 @@ -=head1 NAME - -pts_interactive - Enters interactive mode - -=head1 SYNOPSIS - -=for html -
- -B S<<< [B<-cell>] > >>> [B<-noauth>] - [B<-auth>] [B<-localauth>] [B<-force>] - -B S<<< [B<-c>] > >>> [B<-n>] [B<-f>] - -=for html -
- -=head1 DESCRIPTION - -The B command allows the user to enter an interactive -mode, useful for running bulk commands like creating new users or groups. - -B uses the authentication state supplied on its command -line to run all bulk commands. However, if a bulk command is supplied -with authentication options such as B<-cell>, B<-localauth>, B<-auth> -or B<-noauth> then it, and all subsequent bulk commands, will be run with -those options. - -=head1 CAUTIONS - -Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command -was only available on Unix or Linux and when OpenAFS was compiled with the -supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, -it is always available. - -Running bulk B commands may degrade the performance of the Protection -Server while they are run and server resources may not be released -immediately after commands are run. The B command can be used -in interactive mode or with B to give the Protection Server a -change to catch up. - -=head1 OPTIONS - -B only takes the standard B options. - -=over 4 - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. -This is useful for bulk operations where you would like to continue even -if one of many operations fails. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=back - -=head1 OUTPUT - -The output is the same as if each individual command were run from the -command line. - -=head1 EXAMPLES - -Here is an example of a B session: - - % pts interactive - pts> examine admin - Name: admin, id: 1, owner: system:administrators, creator: anonymous, - membership: 2, flags: S----, group quota: 20. - pts> help - pts: Commands are: - adduser add a user to a group - apropos search by help text - chown change ownership of a group - creategroup create a new group - createuser create a new user - delete delete a user or group from database - examine examine an entry - help get help on commands - interactive enter interactive mode - listentries list users/groups in the protection database - listmax list max id - listowned list groups owned by an entry or zero id gets orphaned groups - membership list membership of a user or group - quit exit program - removeuser remove a user from a group - rename rename user or group - setfields set fields for an entry - setmax set max id - sleep pause for a bit - source read commands from file - pts> quit - % - -=head1 PRIVILEGE REQUIRED - -The same privilege is required to run the command in interactive mode as -is required to run the command by itself on the command line. Some -commands such as B require that the user belong to the -system:administrators group, while others do not. - -=head1 SEE ALSO - -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2007 Jason Edgecombe - -This documentation is covered by the BSD License as written in the -doc/LICENSE file. This man page was written by Jason Edgecombe for -OpenAFS. diff --git a/doc/man-pages/pod1/pts_interactive.pod.in b/doc/man-pages/pod1/pts_interactive.pod.in new file mode 100644 index 0000000..c1aa51a --- /dev/null +++ b/doc/man-pages/pod1/pts_interactive.pod.in @@ -0,0 +1,111 @@ +=head1 NAME + +pts_interactive - Enters interactive mode + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-cell>] > >>> [B<-noauth>] + [B<-auth>] [B<-localauth>] [B<-force>] + +B S<<< [B<-c>] > >>> [B<-n>] [B<-f>] + +=for html +
+ +=head1 DESCRIPTION + +The B command allows the user to enter an interactive +mode, useful for running bulk commands like creating new users or groups. + +B uses the authentication state supplied on its command +line to run all bulk commands. However, if a bulk command is supplied +with authentication options such as B<-cell>, B<-localauth>, B<-auth> +or B<-noauth> then it, and all subsequent bulk commands, will be run with +those options. + +=head1 CAUTIONS + +Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command +was only available on Unix or Linux and when OpenAFS was compiled with the +supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, +it is always available. + +Running bulk B commands may degrade the performance of the Protection +Server while they are run and server resources may not be released +immediately after commands are run. The B command can be used +in interactive mode or with B to give the Protection Server a +change to catch up. + +=head1 OPTIONS + +B only takes the standard B options. + +=over 4 + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +The output is the same as if each individual command were run from the +command line. + +=head1 EXAMPLES + +Here is an example of a B session: + + % pts interactive + pts> examine admin + Name: admin, id: 1, owner: system:administrators, creator: anonymous, + membership: 2, flags: S----, group quota: 20. + pts> help + pts: Commands are: + adduser add a user to a group + apropos search by help text + chown change ownership of a group + creategroup create a new group + createuser create a new user + delete delete a user or group from database + examine examine an entry + help get help on commands + interactive enter interactive mode + listentries list users/groups in the protection database + listmax list max id + listowned list groups owned by an entry or zero id gets orphaned groups + membership list membership of a user or group + quit exit program + removeuser remove a user from a group + rename rename user or group + setfields set fields for an entry + setmax set max id + sleep pause for a bit + source read commands from file + pts> quit + % + +=head1 PRIVILEGE REQUIRED + +The same privilege is required to run the command in interactive mode as +is required to run the command by itself on the command line. Some +commands such as B require that the user belong to the +system:administrators group, while others do not. + +=head1 SEE ALSO + +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the BSD License as written in the +doc/LICENSE file. This man page was written by Jason Edgecombe for +OpenAFS. diff --git a/doc/man-pages/pod1/pts_listentries.pod b/doc/man-pages/pod1/pts_listentries.pod deleted file mode 100644 index 79d53c1..0000000 --- a/doc/man-pages/pod1/pts_listentries.pod +++ /dev/null @@ -1,133 +0,0 @@ -=head1 NAME - -pts_listentries - Displays all users or groups in the Protection Database - -=head1 SYNOPSIS - -=for html -
- -B [B<-users>] [B<-groups>] S<<< [B<-cell> >] >>> - [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] - -B [B<-u>] [B<-g>] S<<< [B<-c> >] >>> [B<-n>] [B<-l>] - [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command displays the name and AFS ID of all -Protection Database entries of the indicated type. It also displays the -AFS ID of each entry's owner and creator. - -To display all user and machine entries, either include the B<-users> flag -or omit both it and the B<-groups> flag. To display all group entries, -include the B<-groups> flag. To display all entries, provide both flags. - -=head1 OPTIONS - -=over 4 - -=item B<-users> - -Displays user and machine entries. - -=item B<-groups> - -Displays group entries. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 OUTPUT - -The output includes a line for each entry, with information in four -columns that have the following headers: - -=over 4 - -=item Name - -The entry's name. - -=item ID - -The entry's AFS ID (AFS UID for a user or machine, negative AFS GID for a -group). - -=item Owner - -The AFS ID of the user or group that owns the entry. - -=item Creator - -The AFS ID of the user who created the entry (the system:administrators -group is listed as the creator of the entry for C and the -system groups, but it is not otherwise possible for a group to create -groups). - -=back - -In general, the entries appear in the order in which they were created. - -=head1 EXAMPLES - -The following example displays both user and group entries. - - % pts listentries -users -groups - Name ID Owner Creator - system:administrators -204 -204 -204 - system:anyuser -101 -204 -204 - system:authuser -102 -204 -204 - anonymous 32766 -204 -204 - admin 1 -204 32766 - pat 100 -204 1 - smith 101 -204 1 - pat:friends -206 100 100 - staff -207 -204 1 - -=head1 PRIVILEGE REQUIRED - -The issuer must belong to the system:administrators group. - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_listentries.pod.in b/doc/man-pages/pod1/pts_listentries.pod.in new file mode 100644 index 0000000..e2e663b --- /dev/null +++ b/doc/man-pages/pod1/pts_listentries.pod.in @@ -0,0 +1,109 @@ +=head1 NAME + +pts_listentries - Displays all users or groups in the Protection Database + +=head1 SYNOPSIS + +=for html +
+ +B [B<-users>] [B<-groups>] S<<< [B<-cell> >] >>> + [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] + +B [B<-u>] [B<-g>] S<<< [B<-c> >] >>> [B<-n>] [B<-l>] + [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command displays the name and AFS ID of all +Protection Database entries of the indicated type. It also displays the +AFS ID of each entry's owner and creator. + +To display all user and machine entries, either include the B<-users> flag +or omit both it and the B<-groups> flag. To display all group entries, +include the B<-groups> flag. To display all entries, provide both flags. + +=head1 OPTIONS + +=over 4 + +=item B<-users> + +Displays user and machine entries. + +=item B<-groups> + +Displays group entries. + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +The output includes a line for each entry, with information in four +columns that have the following headers: + +=over 4 + +=item Name + +The entry's name. + +=item ID + +The entry's AFS ID (AFS UID for a user or machine, negative AFS GID for a +group). + +=item Owner + +The AFS ID of the user or group that owns the entry. + +=item Creator + +The AFS ID of the user who created the entry (the system:administrators +group is listed as the creator of the entry for C and the +system groups, but it is not otherwise possible for a group to create +groups). + +=back + +In general, the entries appear in the order in which they were created. + +=head1 EXAMPLES + +The following example displays both user and group entries. + + % pts listentries -users -groups + Name ID Owner Creator + system:administrators -204 -204 -204 + system:anyuser -101 -204 -204 + system:authuser -102 -204 -204 + anonymous 32766 -204 -204 + admin 1 -204 32766 + pat 100 -204 1 + smith 101 -204 1 + pat:friends -206 100 100 + staff -207 -204 1 + +=head1 PRIVILEGE REQUIRED + +The issuer must belong to the system:administrators group. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_listmax.pod b/doc/man-pages/pod1/pts_listmax.pod deleted file mode 100644 index 4fec04e..0000000 --- a/doc/man-pages/pod1/pts_listmax.pod +++ /dev/null @@ -1,94 +0,0 @@ -=head1 NAME - -pts_listmax - Displays the max user id and max group id counters - -=head1 SYNOPSIS - -=for html -
- -B S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] - [B<-force>] [B<-help>] - -B S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command displays the values of the C and -C counters, which the Protection Server uses to track the -AFS user IDs (AFS UIDs) it allocates to new users or machines, and the AFS -group IDs (AFS GIDs) it allocates to new groups, respectively. When an -administrator next issues the B command and does not -include the B<-id> argument, the new user or machine receives an AFS UID -one greater than the C counter, and when a user issues the -B command and does not include the B<-id> argument, the -new group receives an AFS UID one less (more negative) than the C counter. - -To reset one or both counters, members of the system:administrators group -can issue the B command. - -=head1 OPTIONS - -=over 4 - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 OUTPUT - -The command displays the counters in the following format: - - Max user id is and max group id is . - -=head1 EXAMPLES - -The following example displays the output of this command: - - % pts listmax - Max user name is 1271 and max group id is -382. - -=head1 PRIVILEGE REQUIRED - -None - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_listmax.pod.in b/doc/man-pages/pod1/pts_listmax.pod.in new file mode 100644 index 0000000..790face --- /dev/null +++ b/doc/man-pages/pod1/pts_listmax.pod.in @@ -0,0 +1,70 @@ +=head1 NAME + +pts_listmax - Displays the max user id and max group id counters + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-force>] [B<-help>] + +B S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command displays the values of the C and +C counters, which the Protection Server uses to track the +AFS user IDs (AFS UIDs) it allocates to new users or machines, and the AFS +group IDs (AFS GIDs) it allocates to new groups, respectively. When an +administrator next issues the B command and does not +include the B<-id> argument, the new user or machine receives an AFS UID +one greater than the C counter, and when a user issues the +B command and does not include the B<-id> argument, the +new group receives an AFS UID one less (more negative) than the C counter. + +To reset one or both counters, members of the system:administrators group +can issue the B command. + +=head1 OPTIONS + +=over 4 + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +The command displays the counters in the following format: + + Max user id is and max group id is . + +=head1 EXAMPLES + +The following example displays the output of this command: + + % pts listmax + Max user name is 1271 and max group id is -382. + +=head1 PRIVILEGE REQUIRED + +None + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_listowned.pod b/doc/man-pages/pod1/pts_listowned.pod deleted file mode 100644 index 5baf3a6..0000000 --- a/doc/man-pages/pod1/pts_listowned.pod +++ /dev/null @@ -1,145 +0,0 @@ -=head1 NAME - -pts_listowned - Show the Protection Database groups owned by a user or group - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-nameorid> >+ >>> - [-cell >] [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] - -B S<<< B<-na> >+ >>> - [-c >] [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command lists the groups owned by each user or group -specified by the B<-nameorid> argument. - -To list any Is, whose owners have themselves been deleted -from the Protection Database, provide a value of C<0> (zero) for the -B<-nameorid> argument. To change the owner to a user or group that still -exists, use the B command. - -=head1 OPTIONS - -=over 4 - -=item B<-nameorid> >+ - -Specifies the name or AFS UID of each user, or the name or AFS GID of each -group, for which to display the list of owned groups. It is acceptable to -mix users and groups on the same command line, as well as names and -IDs. Precede the GID of each group with a hyphen to indicate that it is -negative. - -A value of 0 (zero) lists group entries for groups whose owners no longer -have entries in the Protection Database. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 OUTPUT - -The first line of the output indicates the name and AFS UID or AFS GID of -each user or group for which ownership information is requested, in the -following format: - - Groups owned by (id: ) are: - -A list of groups follows. The list does not include groups owned by groups -that the user or group owns, or to which the user or group belongs. If the -user or group does not own any groups, only the header line appears. - -The following error message appears if the issuer is not privileged to -view ownership information. By default, for both user and group entries -the second privacy flag is the hyphen, which denies permission to anyone -other than the user (for a user entry) and the members of the -system:administrators group. - - pts: Permission denied so failed to get owner list for (id: ) - -=head1 EXAMPLES - -The following example lists the groups owned by user terry and shows that -the group C does not own any groups: - - % pts listowned terry terry:friends - Groups owned by terry (id: 1045) are: - terry:friends - terry:project1 - terry:project2 - Groups owned by terry:friends (id: -673) are: - -=head1 PRIVILEGE REQUIRED - -The required privilege depends on the setting of the second privacy flag -in the Protection Database entry of each user or group indicated by the -B<-nameorid> argument (use the B command to display the -flags): - -=over 4 - -=item * - -If it is the hyphen and the B<-nameorid> argument specifies a group, only -the members of the system:administrators group and the owner of a group -can list the groups it owns. - -=item * - -If it is the hyphen and the B<-nameorid> argument specifies a user, only -the members of the system:administrators group and the associated user can -list the groups he or she owns. - -=item * - -If it is uppercase letter C, anyone who can access the cell's database -server machines can list the groups owned by this user or group. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_listowned.pod.in b/doc/man-pages/pod1/pts_listowned.pod.in new file mode 100644 index 0000000..c04ddec --- /dev/null +++ b/doc/man-pages/pod1/pts_listowned.pod.in @@ -0,0 +1,121 @@ +=head1 NAME + +pts_listowned - Show the Protection Database groups owned by a user or group + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-nameorid> >+ >>> + [-cell >] [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] + +B S<<< B<-na> >+ >>> + [-c >] [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command lists the groups owned by each user or group +specified by the B<-nameorid> argument. + +To list any Is, whose owners have themselves been deleted +from the Protection Database, provide a value of C<0> (zero) for the +B<-nameorid> argument. To change the owner to a user or group that still +exists, use the B command. + +=head1 OPTIONS + +=over 4 + +=item B<-nameorid> >+ + +Specifies the name or AFS UID of each user, or the name or AFS GID of each +group, for which to display the list of owned groups. It is acceptable to +mix users and groups on the same command line, as well as names and +IDs. Precede the GID of each group with a hyphen to indicate that it is +negative. + +A value of 0 (zero) lists group entries for groups whose owners no longer +have entries in the Protection Database. + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +The first line of the output indicates the name and AFS UID or AFS GID of +each user or group for which ownership information is requested, in the +following format: + + Groups owned by (id: ) are: + +A list of groups follows. The list does not include groups owned by groups +that the user or group owns, or to which the user or group belongs. If the +user or group does not own any groups, only the header line appears. + +The following error message appears if the issuer is not privileged to +view ownership information. By default, for both user and group entries +the second privacy flag is the hyphen, which denies permission to anyone +other than the user (for a user entry) and the members of the +system:administrators group. + + pts: Permission denied so failed to get owner list for (id: ) + +=head1 EXAMPLES + +The following example lists the groups owned by user terry and shows that +the group C does not own any groups: + + % pts listowned terry terry:friends + Groups owned by terry (id: 1045) are: + terry:friends + terry:project1 + terry:project2 + Groups owned by terry:friends (id: -673) are: + +=head1 PRIVILEGE REQUIRED + +The required privilege depends on the setting of the second privacy flag +in the Protection Database entry of each user or group indicated by the +B<-nameorid> argument (use the B command to display the +flags): + +=over 4 + +=item * + +If it is the hyphen and the B<-nameorid> argument specifies a group, only +the members of the system:administrators group and the owner of a group +can list the groups it owns. + +=item * + +If it is the hyphen and the B<-nameorid> argument specifies a user, only +the members of the system:administrators group and the associated user can +list the groups he or she owns. + +=item * + +If it is uppercase letter C, anyone who can access the cell's database +server machines can list the groups owned by this user or group. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_membership.pod b/doc/man-pages/pod1/pts_membership.pod deleted file mode 100644 index 36c1ed3..0000000 --- a/doc/man-pages/pod1/pts_membership.pod +++ /dev/null @@ -1,247 +0,0 @@ -=head1 NAME - -pts_membership - Displays the membership list for a user or group - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-nameorid> >+ >>> - [B<-supergroups>] [B<-expandgroups>] S<<< [B<-cell> >] >>> - [B<-localauth>] [B<-noauth>] [B<-force>] [B<-help>] - -B S<<< B<-na> >+ >>> - [B<-s>] [B<-ex>] S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -B S<<< B<-na> >+ >>> - [B<-s>] [B<-ex>] S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -B S<<< B<-na> >+ >>> - [B<-s>] [B<-ex>] S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command lists the groups to which each user or -machine specified by the B<-nameorid> argument belongs, or lists the users -and machines that belong to each group specified by the B<-nameorid> -argument. - -It is not possible to list the members of the system:anyuser or -system:authuser groups, and they do not appear in the list of groups to -which a user belongs. - -To add users or machine to groups, use the B command; to remove -them, use the B command. - -=head1 OPTIONS - -=over 4 - -=item B<-nameorid> >+ - -Specifies the name or AFS UID of each user entry, the IP address (complete -or wildcard-style) or AFS UID of each machine entry, or the name or AFS -GID of each group, for which to list group membership. It is acceptable to -mix users, machines, and groups on the same command line, as well as names -and IDs. Precede the GID of each group with a hyphen to indicate that it -is negative. - -=item B<-supergroups> - -List the groups to which each group specified by the B<-nameorid> -argument belongs, in addition to user and machine members. Group -membership may be nested when B is compilied with the -SUPERGROUPS option enabled. - -=item B<-expandgroups> - -Instead of listing only the groups in which the user or machine is a direct -member, list every group in which the user or machine belongs, including -membership due to nested groups, for each user or machine specified by -the B<-nameorid> argument. - -Instead of listing groups which are members of a group, list every user and -machine which is a member of a group, including the users and machines which -are members due to nested groups, for each group specified by the B<-nameorid> -argument. - -Group membership may be nested when B is compilied with the -SUPERGROUPS option enabled. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 OUTPUT - -For each user and machine, the output begins with the following header -line, followed by a list of the groups to which the user or machine -belongs: - - Groups (id: ) is a member of: - -For each group, the output begins with the following header line, followed -by a list of the users and machines who belong to the group: - - Members of (id: ) are: - -=head1 EXAMPLES - -The following example lists the groups to which the user C belongs -and the members of the group C. Note that third privacy -flag for the C entry was changed from the default hyphen to enable a -non-administrative user to obtain this listing. - - % pts membership pat smith:friends - Groups pat (id: 1144) is a member of: - smith:friends - staff - johnson:project-team - Members of smith:friends (id: -562) are: - pat - terry - jones - richard - thompson - -The following example shows how to list the groups to which nested groups -belong. In this example the group C is a member of the group -C and the group C is a member of the group C. -The group C is called a supergroup of the group C and the -group C is called a supergroup of the group C. - - % pts membership executives - Members of executives (id: -208) are: - jane - - % pts membership executives -supergroups - Members of executives (id: -208) are: - jane - Groups executives (id: -208) is a member of: - management - - % pts membership management -supergroups - Members of management (id: -207) are: - executives - mary - sarah - carol - Groups management (id: -207) is a member of: - staff - - % pts membership staff -supergroups - Members of staff (id: -206) are: - sales - marketing - engineering - management - Groups staff (id: -206) is a member of: - -The following example shows how to find all the users which belong -to a group, including users of nested groups. In this example, the -user C is listed as an expanded member of the group C -instead of the group C. - - % pts membership management -expandgroups - Expanded Members of management (id: -207) are: - jane - mary - sarah - carol - -The following example shows how to find all the groups a user -is a member of, including membership due to nested groups. In -this example the user C is a direct member of the group -C. The C<-expandgroups> flag shows all the groups -to which C has membership status. - - % pts membership jane - Groups jane (id: 7) is a member of: - executives - - % pts membership jane -expandgroups - Expanded Groups jane (id: 7) is a member of: - staff - management - executives - -=head1 PRIVILEGE REQUIRED - -Members of the system:ptsviewers and system:administrators groups can -always use this command in any of its variations. Additionally, a user -can always list the groups to which they belong, and the owner of a group -can always list the members of the group. - -Additional privileges may be granted by the setting of the third privacy -flag in the Protection Database entry of each user or group indicated by -the B<-nameorid> argument (use the B command to display the -flags): - -=over 4 - -=item * - -If it is a hyphen, the default permissions described above apply. - -=item * - -If it is lowercase C and the B<-nameorid> argument specifies a group, -then members of that group can also list the other members. A privacy -flag of C only changes the permissions when set for a group. Setting -this flag for a user or a machine has no effect. - -=item * - -If it is uppercase C, anyone who can access the cell's database server -machines can list the membership of the group or the groups to which that -user or machine belongs, depending on what type of entry the flag is set -on. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_membership.pod.in b/doc/man-pages/pod1/pts_membership.pod.in new file mode 100644 index 0000000..21241b2 --- /dev/null +++ b/doc/man-pages/pod1/pts_membership.pod.in @@ -0,0 +1,223 @@ +=head1 NAME + +pts_membership - Displays the membership list for a user or group + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-nameorid> >+ >>> + [B<-supergroups>] [B<-expandgroups>] S<<< [B<-cell> >] >>> + [B<-localauth>] [B<-noauth>] [B<-force>] [B<-help>] + +B S<<< B<-na> >+ >>> + [B<-s>] [B<-ex>] S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +B S<<< B<-na> >+ >>> + [B<-s>] [B<-ex>] S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +B S<<< B<-na> >+ >>> + [B<-s>] [B<-ex>] S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command lists the groups to which each user or +machine specified by the B<-nameorid> argument belongs, or lists the users +and machines that belong to each group specified by the B<-nameorid> +argument. + +It is not possible to list the members of the system:anyuser or +system:authuser groups, and they do not appear in the list of groups to +which a user belongs. + +To add users or machine to groups, use the B command; to remove +them, use the B command. + +=head1 OPTIONS + +=over 4 + +=item B<-nameorid> >+ + +Specifies the name or AFS UID of each user entry, the IP address (complete +or wildcard-style) or AFS UID of each machine entry, or the name or AFS +GID of each group, for which to list group membership. It is acceptable to +mix users, machines, and groups on the same command line, as well as names +and IDs. Precede the GID of each group with a hyphen to indicate that it +is negative. + +=item B<-supergroups> + +List the groups to which each group specified by the B<-nameorid> +argument belongs, in addition to user and machine members. Group +membership may be nested when B is compilied with the +SUPERGROUPS option enabled. + +=item B<-expandgroups> + +Instead of listing only the groups in which the user or machine is a direct +member, list every group in which the user or machine belongs, including +membership due to nested groups, for each user or machine specified by +the B<-nameorid> argument. + +Instead of listing groups which are members of a group, list every user and +machine which is a member of a group, including the users and machines which +are members due to nested groups, for each group specified by the B<-nameorid> +argument. + +Group membership may be nested when B is compilied with the +SUPERGROUPS option enabled. + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +For each user and machine, the output begins with the following header +line, followed by a list of the groups to which the user or machine +belongs: + + Groups (id: ) is a member of: + +For each group, the output begins with the following header line, followed +by a list of the users and machines who belong to the group: + + Members of (id: ) are: + +=head1 EXAMPLES + +The following example lists the groups to which the user C belongs +and the members of the group C. Note that third privacy +flag for the C entry was changed from the default hyphen to enable a +non-administrative user to obtain this listing. + + % pts membership pat smith:friends + Groups pat (id: 1144) is a member of: + smith:friends + staff + johnson:project-team + Members of smith:friends (id: -562) are: + pat + terry + jones + richard + thompson + +The following example shows how to list the groups to which nested groups +belong. In this example the group C is a member of the group +C and the group C is a member of the group C. +The group C is called a supergroup of the group C and the +group C is called a supergroup of the group C. + + % pts membership executives + Members of executives (id: -208) are: + jane + + % pts membership executives -supergroups + Members of executives (id: -208) are: + jane + Groups executives (id: -208) is a member of: + management + + % pts membership management -supergroups + Members of management (id: -207) are: + executives + mary + sarah + carol + Groups management (id: -207) is a member of: + staff + + % pts membership staff -supergroups + Members of staff (id: -206) are: + sales + marketing + engineering + management + Groups staff (id: -206) is a member of: + +The following example shows how to find all the users which belong +to a group, including users of nested groups. In this example, the +user C is listed as an expanded member of the group C +instead of the group C. + + % pts membership management -expandgroups + Expanded Members of management (id: -207) are: + jane + mary + sarah + carol + +The following example shows how to find all the groups a user +is a member of, including membership due to nested groups. In +this example the user C is a direct member of the group +C. The C<-expandgroups> flag shows all the groups +to which C has membership status. + + % pts membership jane + Groups jane (id: 7) is a member of: + executives + + % pts membership jane -expandgroups + Expanded Groups jane (id: 7) is a member of: + staff + management + executives + +=head1 PRIVILEGE REQUIRED + +Members of the system:ptsviewers and system:administrators groups can +always use this command in any of its variations. Additionally, a user +can always list the groups to which they belong, and the owner of a group +can always list the members of the group. + +Additional privileges may be granted by the setting of the third privacy +flag in the Protection Database entry of each user or group indicated by +the B<-nameorid> argument (use the B command to display the +flags): + +=over 4 + +=item * + +If it is a hyphen, the default permissions described above apply. + +=item * + +If it is lowercase C and the B<-nameorid> argument specifies a group, +then members of that group can also list the other members. A privacy +flag of C only changes the permissions when set for a group. Setting +this flag for a user or a machine has no effect. + +=item * + +If it is uppercase C, anyone who can access the cell's database server +machines can list the membership of the group or the groups to which that +user or machine belongs, depending on what type of entry the flag is set +on. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_quit.pod b/doc/man-pages/pod1/pts_quit.pod deleted file mode 100644 index a7a2510..0000000 --- a/doc/man-pages/pod1/pts_quit.pod +++ /dev/null @@ -1,84 +0,0 @@ -=head1 NAME - -pts_quit - Exit from pts interactive mode - -=head1 SYNOPSIS - -=for html -
- -B S<<< [B<-cell>] > >>> [B<-noauth>] [B<-localauth>] - [B<-force>] - -B S<<< [B<-c>] > >>> [B<-n>] [B<-l>] [B<-f>] - -=for html -
- -=head1 DESCRIPTION - -The B command exits from B mode. The command -can be run from the command line or interactively, but on the command line -it does nothing and is therefore of questionable utility. - -=head1 CAUTIONS - -Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was -only available on Unix or Linux and when OpenAFS was compiled with the -supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, -it is always available. - -=head1 OPTIONS - -Although they have no effect, B takes the following standard -B options: - -=over 4 - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=back - -=head1 OUTPUT - -This command produces no output. - -=head1 EXAMPLES - -Here is an example of a B session: - - % pts interactive - pts> quit - % - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -Copyright 2007 Jason Edgecombe - -This documentation is covered by the BSD License as written in the -doc/LICENSE file. This man page was written by Jason Edgecombe for -OpenAFS. diff --git a/doc/man-pages/pod1/pts_quit.pod.in b/doc/man-pages/pod1/pts_quit.pod.in new file mode 100644 index 0000000..d742ec9 --- /dev/null +++ b/doc/man-pages/pod1/pts_quit.pod.in @@ -0,0 +1,65 @@ +=head1 NAME + +pts_quit - Exit from pts interactive mode + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-cell>] > >>> [B<-noauth>] [B<-localauth>] + [B<-force>] + +B S<<< [B<-c>] > >>> [B<-n>] [B<-l>] [B<-f>] + +=for html +
+ +=head1 DESCRIPTION + +The B command exits from B mode. The command +can be run from the command line or interactively, but on the command line +it does nothing and is therefore of questionable utility. + +=head1 CAUTIONS + +Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was +only available on Unix or Linux and when OpenAFS was compiled with the +supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, +it is always available. + +=head1 OPTIONS + +Although they have no effect, B takes the following standard +B options: + +=over 4 + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +This command produces no output. + +=head1 EXAMPLES + +Here is an example of a B session: + + % pts interactive + pts> quit + % + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the BSD License as written in the +doc/LICENSE file. This man page was written by Jason Edgecombe for +OpenAFS. diff --git a/doc/man-pages/pod1/pts_removeuser.pod b/doc/man-pages/pod1/pts_removeuser.pod deleted file mode 100644 index f60a664..0000000 --- a/doc/man-pages/pod1/pts_removeuser.pod +++ /dev/null @@ -1,127 +0,0 @@ -=head1 NAME - -pts_removeuser - Removes a user from a Protection Database group - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-user> >+ >>> S<<< B<-group> >+ >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] - [B<-help>] - -B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>> - S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command removes each user or machine named by the -B<-user> argument from each group named by the B<-group> argument. - -To add users to a group, use the B command. To list group -membership, use the B command. To remove users from a -group and delete the group's entry completely in a single step, use the -B command. - -=head1 CAUTIONS - -AFS compiles each user's group membership as he or she authenticates. Any -users who have valid tokens when they are removed from a group retain the -privileges extended to that group's members until they discard their -tokens or reauthenticate. - -=head1 OPTIONS - -=over 4 - -=item B<-name> >+ - -Specifies the name of each user entry or the IP address (complete or -wildcard-style) of each machine entry to remove. - -=item B<-group> >+ - -Names each group from which to remove members. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following example removes user smith from the groups C and -C. Note that no switch names are necessary because only a -single instance is provided for the first argument (the username). - - % pts removeuser smith staff staff:finance - -The following example removes three machine entries, which represent all -machines in the ABC Corporation network, from the group C: - - % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot - -=head1 PRIVILEGE REQUIRED - -The required privilege depends on the setting of the fifth privacy flag in -the Protection Database for the group named by the B<-group> argument (use -the B command to display the flags): - -=over 4 - -=item * - -If it is the hyphen, only the group's owner and members of the -system:administrators group can remove members. - -=item * - -If it is lowercase C, members of the group can also remove other -members. - -=back - -(It is not possible to set the fifth flag to uppercase C.) - -=head1 SEE ALSO - -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_removeuser.pod.in b/doc/man-pages/pod1/pts_removeuser.pod.in new file mode 100644 index 0000000..c2c4017 --- /dev/null +++ b/doc/man-pages/pod1/pts_removeuser.pod.in @@ -0,0 +1,103 @@ +=head1 NAME + +pts_removeuser - Removes a user from a Protection Database group + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-user> >+ >>> S<<< B<-group> >+ >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] + [B<-help>] + +B S<<< B<-u> >+ >>> S<<< B<-g> >+ >>> + S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command removes each user or machine named by the +B<-user> argument from each group named by the B<-group> argument. + +To add users to a group, use the B command. To list group +membership, use the B command. To remove users from a +group and delete the group's entry completely in a single step, use the +B command. + +=head1 CAUTIONS + +AFS compiles each user's group membership as he or she authenticates. Any +users who have valid tokens when they are removed from a group retain the +privileges extended to that group's members until they discard their +tokens or reauthenticate. + +=head1 OPTIONS + +=over 4 + +=item B<-name> >+ + +Specifies the name of each user entry or the IP address (complete or +wildcard-style) of each machine entry to remove. + +=item B<-group> >+ + +Names each group from which to remove members. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following example removes user smith from the groups C and +C. Note that no switch names are necessary because only a +single instance is provided for the first argument (the username). + + % pts removeuser smith staff staff:finance + +The following example removes three machine entries, which represent all +machines in the ABC Corporation network, from the group C: + + % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot + +=head1 PRIVILEGE REQUIRED + +The required privilege depends on the setting of the fifth privacy flag in +the Protection Database for the group named by the B<-group> argument (use +the B command to display the flags): + +=over 4 + +=item * + +If it is the hyphen, only the group's owner and members of the +system:administrators group can remove members. + +=item * + +If it is lowercase C, members of the group can also remove other +members. + +=back + +(It is not possible to set the fifth flag to uppercase C.) + +=head1 SEE ALSO + +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_rename.pod b/doc/man-pages/pod1/pts_rename.pod deleted file mode 100644 index 83ed4b7..0000000 --- a/doc/man-pages/pod1/pts_rename.pod +++ /dev/null @@ -1,125 +0,0 @@ -=head1 NAME - -pts_rename - Changes the name of a Protection Database entry - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-oldname> > >>> S<<< B<-newname> > >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] - [B<-force>] [B<-help>] - -B S<<< B<-o> > >>> S<<< B<-ne> > >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command changes the name of the user, machine, or group -entry specified by the B<-oldname> argument to the name specified by the -B<-newname> argument. It is not possible to change a user or machine -entry's name to look like a regular group entry's name (have a colon in -it). - -Members of the system:administrators group can change a regular group name -into a prefix-less name and vice versa. When changing a prefix-less group -name into a regular group name or a regular group name to another regular -group name, the owner field of the new name (the part before the colon) -must correctly reflect the group's owner. - -Changing a regular group's owner with the B command -automatically changes the owner field (the part before the colon) of the -group's name, but does not change the owner field of any groups owned by -the group. Use this command to rename those groups to a form that -accurately reflects their ownership. - -=head1 CAUTIONS - -By convention, many aspects of an AFS user account have the same name as -the user's Protection Database entry, including the Authentication -Database entry, volume, and mount point. When using this command to change -a user name, also change the names of all related entities to maintain -consistency. For instructions, see the chapter on user accounts in the -I. - -=head1 OPTIONS - -=over 4 - -=item B<-oldname> > - -Specifies the current full name of the entry. - -=item B<-newname> > - -Specifies the new full name for the entry. For regular groups, the owner -field (the part before the colon) of the new name must reflect the actual -ownership of the group. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following example changes the name of the group staff, owned by the -privileged user C, to C: - - % pts rename -oldname staff -newname admin:staff - -The following example changes the name of the group C to -the group C. The issuer must belong to the system:administrators -group. - - % pts rename -oldname admin:finance -newname finance - -=head1 PRIVILEGE REQUIRED - -To change a regular group name to a prefix-less name or vice versa, or to -change a user or machine entry's name, the issuer must belong to the -system:administrators group. - -To change a group name to a new name of the same type (regular or -prefix-less), the issuer must own the group or belong to the -system:administrators group. - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_rename.pod.in b/doc/man-pages/pod1/pts_rename.pod.in new file mode 100644 index 0000000..775feec --- /dev/null +++ b/doc/man-pages/pod1/pts_rename.pod.in @@ -0,0 +1,101 @@ +=head1 NAME + +pts_rename - Changes the name of a Protection Database entry + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-oldname> > >>> S<<< B<-newname> > >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-force>] [B<-help>] + +B S<<< B<-o> > >>> S<<< B<-ne> > >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command changes the name of the user, machine, or group +entry specified by the B<-oldname> argument to the name specified by the +B<-newname> argument. It is not possible to change a user or machine +entry's name to look like a regular group entry's name (have a colon in +it). + +Members of the system:administrators group can change a regular group name +into a prefix-less name and vice versa. When changing a prefix-less group +name into a regular group name or a regular group name to another regular +group name, the owner field of the new name (the part before the colon) +must correctly reflect the group's owner. + +Changing a regular group's owner with the B command +automatically changes the owner field (the part before the colon) of the +group's name, but does not change the owner field of any groups owned by +the group. Use this command to rename those groups to a form that +accurately reflects their ownership. + +=head1 CAUTIONS + +By convention, many aspects of an AFS user account have the same name as +the user's Protection Database entry, including the Authentication +Database entry, volume, and mount point. When using this command to change +a user name, also change the names of all related entities to maintain +consistency. For instructions, see the chapter on user accounts in the +I. + +=head1 OPTIONS + +=over 4 + +=item B<-oldname> > + +Specifies the current full name of the entry. + +=item B<-newname> > + +Specifies the new full name for the entry. For regular groups, the owner +field (the part before the colon) of the new name must reflect the actual +ownership of the group. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following example changes the name of the group staff, owned by the +privileged user C, to C: + + % pts rename -oldname staff -newname admin:staff + +The following example changes the name of the group C to +the group C. The issuer must belong to the system:administrators +group. + + % pts rename -oldname admin:finance -newname finance + +=head1 PRIVILEGE REQUIRED + +To change a regular group name to a prefix-less name or vice versa, or to +change a user or machine entry's name, the issuer must belong to the +system:administrators group. + +To change a group name to a new name of the same type (regular or +prefix-less), the issuer must own the group or belong to the +system:administrators group. + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_setfields.pod b/doc/man-pages/pod1/pts_setfields.pod deleted file mode 100644 index ab17697..0000000 --- a/doc/man-pages/pod1/pts_setfields.pod +++ /dev/null @@ -1,265 +0,0 @@ -=head1 NAME - -pts_setfields - Sets privacy flags or quota for a Protection Database entry - -=head1 SYNOPSIS - -=for html -
- -B S<<< B<-nameorid> >+ >>> - S<<< [B<-access> >] >>> - S<<< [B<-groupquota> >] >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] - [B<-force>] [B<-help>] - -B S<<< B<-na> >+ >>> - S<<< [B<-a> >] >>> - S<<< [B<-g> >] >>> S<<< [B<-c> >] >>> - [B<-no>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command sets the group-creation quota, the privacy -flags, or both, associated with each user, machine, or group entry -specified by the B<-nameorid> argument. - -To examine the current quota and privacy flags, use the B -command. - -=head1 CAUTIONS - -Changing a machine or group's group-creation quota is allowed, but not -recommended. The concept is meaningless for machines and groups, because -it is impossible to authenticate as a group or machine. - -Similarly, some privacy flag settings do not have a sensible -interpretation. L specifies the appropriate settings. - -=head1 OPTIONS - -=over 4 - -=item B<-nameorid> >+ - -Specifies the name or AFS UID of each user, the IP address (complete or -wildcard-style) of each machine, or the name or AFS GID of each machine -for which to set privacy flags or group-creation quota. It is acceptable -to mix users, machines, and groups on the same command line, as well as -names (IP addresses for machines) and IDs. Precede the GID of each group -with a hyphen to indicate that it is negative. - -=item B<-access> > - -Specifies the privacy flags to apply to each entry. Provide a string of -five characters, one for each of the permissions. If this option is -omitted, the current setting remains unchanged. - -Set each flag to achieve the desired combination of permissions. If the -following list does not mention a certain setting, it is not -acceptable. For further discussion of the privacy flags, see -L. - -=over 4 - -=item * - -The first flag determines who can use the B command to -display information from a user, machine or group's Protection Database -entry. - -=over 4 - -=item * - -Set it to lowercase C to permit the members of the -system:administrators group to display a user, machine, or group entry, -the associated user to display a user entry, and the owner or members of a -group to display the group entry. - -=item * - -Set it to uppercase C to permit anyone who can access the cell's -database server machines to display a user, machine, or group entry. - -=back - -=item * - -The second flag determines who can use the B command to -list the groups that a user or group owns. - -=over 4 - -=item * - -Set it to the hyphen (C<->) to permit the members of the -system:administrators group and a user to list the groups he or she owns, -or to permit the members of the system:administrators group and a group's -owner to list the groups that a group owns. - -=item * - -Set it to uppercase letter C to permit anyone who can access the cell's -database server machines to list the groups owned by a machine or group -entry. - -=back - -=item * - -The third flag determines who can use the B command to -list the groups to which a user or machine belongs, or the users and -machines that belong to a group. - -=over 4 - -=item * - -Set it to the hyphen (C<->) to permit the members of the -system:administrators group and a user to list the groups he or she -belongs to, to permit the members of the B group to -list the groups a machine belongs to, or to permit the members of the -system:administrators group and a group's owner to list the users and -machines that belong to it. - -=item * - -Set it to lowercase C to permit members of a group to list the other -members. (For user and machine entries, this setting is equivalent to the -hyphen.) - -=item * - -Set it to uppercase C to permit anyone who can access the cell's -database server machines to list membership information for a user, -machine or group. - -=back - -=item * - -The fourth flag determines who can use the B command to add -users and machines as members of a group. This flag has no sensible -interpretation for user and machine entries, but must be set nonetheless, -preferably to the hyphen. - -=over 4 - -=item * - -Set it to the hyphen (C<->) to permit the members of the -system:administrators group and the owner of the group to add members. - -=item * - -Set it to lowercase C to permit members of a group to add other -members. - -=item * - -Set it to uppercase C to permit anyone who can access the cell's -database server machines to add members to a group. - -=back - -=item * - -The fifth flag determines who can use the B command to -remove users and machines from membership in a group. This flag has no -sensible interpretation for user and machine entries, but must be set -nonetheless, preferably to the hyphen. - -=over 4 - -=item * - -Set it to the hyphen (C<->) to permit the members of the -system:administrators group and the owner of the group to remove members. - -=item * - -Set it to lowercase C to permit members of a group to remove other -members. - -=back - -=back - -=item B<-groupquota> > - -Specifies the number of additional groups a user can create (it does not -matter how many he or she has created already). Do not include this -argument for a group or machine entry. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following example changes the privacy flags on the group C, -retaining the default values of the first, second and third flags, but -setting the fourth and fifth flags to enable the group's members to add -and remove other members. - - % pts setfields -nameorid operators -access S-Mar - -The following example changes the privacy flags and sets group quota on -the user entry C. It retains the default values of the first, -fourth, and fifth flags, but sets the second and third flags, to enable -anyone to list the groups that C owns and belongs to. Users -authenticated as C can create an additional 50 groups. - - % pts setfields -nameorid admin -access SOM-- -groupquota 50 - -=head1 PRIVILEGE REQUIRED - -To edit group entries or set the privacy flags on any type of entry, the -issuer must own the entry or belong to the system:administrators group. To -set group-creation quota on a user entry, the issuer must belong to the -system:administrators group. - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_setfields.pod.in b/doc/man-pages/pod1/pts_setfields.pod.in new file mode 100644 index 0000000..398c40b --- /dev/null +++ b/doc/man-pages/pod1/pts_setfields.pod.in @@ -0,0 +1,241 @@ +=head1 NAME + +pts_setfields - Sets privacy flags or quota for a Protection Database entry + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-nameorid> >+ >>> + S<<< [B<-access> >] >>> + S<<< [B<-groupquota> >] >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] + [B<-force>] [B<-help>] + +B S<<< B<-na> >+ >>> + S<<< [B<-a> >] >>> + S<<< [B<-g> >] >>> S<<< [B<-c> >] >>> + [B<-no>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command sets the group-creation quota, the privacy +flags, or both, associated with each user, machine, or group entry +specified by the B<-nameorid> argument. + +To examine the current quota and privacy flags, use the B +command. + +=head1 CAUTIONS + +Changing a machine or group's group-creation quota is allowed, but not +recommended. The concept is meaningless for machines and groups, because +it is impossible to authenticate as a group or machine. + +Similarly, some privacy flag settings do not have a sensible +interpretation. L specifies the appropriate settings. + +=head1 OPTIONS + +=over 4 + +=item B<-nameorid> >+ + +Specifies the name or AFS UID of each user, the IP address (complete or +wildcard-style) of each machine, or the name or AFS GID of each machine +for which to set privacy flags or group-creation quota. It is acceptable +to mix users, machines, and groups on the same command line, as well as +names (IP addresses for machines) and IDs. Precede the GID of each group +with a hyphen to indicate that it is negative. + +=item B<-access> > + +Specifies the privacy flags to apply to each entry. Provide a string of +five characters, one for each of the permissions. If this option is +omitted, the current setting remains unchanged. + +Set each flag to achieve the desired combination of permissions. If the +following list does not mention a certain setting, it is not +acceptable. For further discussion of the privacy flags, see +L. + +=over 4 + +=item * + +The first flag determines who can use the B command to +display information from a user, machine or group's Protection Database +entry. + +=over 4 + +=item * + +Set it to lowercase C to permit the members of the +system:administrators group to display a user, machine, or group entry, +the associated user to display a user entry, and the owner or members of a +group to display the group entry. + +=item * + +Set it to uppercase C to permit anyone who can access the cell's +database server machines to display a user, machine, or group entry. + +=back + +=item * + +The second flag determines who can use the B command to +list the groups that a user or group owns. + +=over 4 + +=item * + +Set it to the hyphen (C<->) to permit the members of the +system:administrators group and a user to list the groups he or she owns, +or to permit the members of the system:administrators group and a group's +owner to list the groups that a group owns. + +=item * + +Set it to uppercase letter C to permit anyone who can access the cell's +database server machines to list the groups owned by a machine or group +entry. + +=back + +=item * + +The third flag determines who can use the B command to +list the groups to which a user or machine belongs, or the users and +machines that belong to a group. + +=over 4 + +=item * + +Set it to the hyphen (C<->) to permit the members of the +system:administrators group and a user to list the groups he or she +belongs to, to permit the members of the B group to +list the groups a machine belongs to, or to permit the members of the +system:administrators group and a group's owner to list the users and +machines that belong to it. + +=item * + +Set it to lowercase C to permit members of a group to list the other +members. (For user and machine entries, this setting is equivalent to the +hyphen.) + +=item * + +Set it to uppercase C to permit anyone who can access the cell's +database server machines to list membership information for a user, +machine or group. + +=back + +=item * + +The fourth flag determines who can use the B command to add +users and machines as members of a group. This flag has no sensible +interpretation for user and machine entries, but must be set nonetheless, +preferably to the hyphen. + +=over 4 + +=item * + +Set it to the hyphen (C<->) to permit the members of the +system:administrators group and the owner of the group to add members. + +=item * + +Set it to lowercase C to permit members of a group to add other +members. + +=item * + +Set it to uppercase C to permit anyone who can access the cell's +database server machines to add members to a group. + +=back + +=item * + +The fifth flag determines who can use the B command to +remove users and machines from membership in a group. This flag has no +sensible interpretation for user and machine entries, but must be set +nonetheless, preferably to the hyphen. + +=over 4 + +=item * + +Set it to the hyphen (C<->) to permit the members of the +system:administrators group and the owner of the group to remove members. + +=item * + +Set it to lowercase C to permit members of a group to remove other +members. + +=back + +=back + +=item B<-groupquota> > + +Specifies the number of additional groups a user can create (it does not +matter how many he or she has created already). Do not include this +argument for a group or machine entry. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following example changes the privacy flags on the group C, +retaining the default values of the first, second and third flags, but +setting the fourth and fifth flags to enable the group's members to add +and remove other members. + + % pts setfields -nameorid operators -access S-Mar + +The following example changes the privacy flags and sets group quota on +the user entry C. It retains the default values of the first, +fourth, and fifth flags, but sets the second and third flags, to enable +anyone to list the groups that C owns and belongs to. Users +authenticated as C can create an additional 50 groups. + + % pts setfields -nameorid admin -access SOM-- -groupquota 50 + +=head1 PRIVILEGE REQUIRED + +To edit group entries or set the privacy flags on any type of entry, the +issuer must own the entry or belong to the system:administrators group. To +set group-creation quota on a user entry, the issuer must belong to the +system:administrators group. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_setmax.pod b/doc/man-pages/pod1/pts_setmax.pod deleted file mode 100644 index 9749848..0000000 --- a/doc/man-pages/pod1/pts_setmax.pod +++ /dev/null @@ -1,101 +0,0 @@ -=head1 NAME - -pts_setmax - Sets the value of the max group id or max user id counter - -=head1 SYNOPSIS - -=for html -
- -B S<<< [B<-group> >] >>> S<<< [B<-user> >] >>> - S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] - -B [B<-g> I>] S<<< [B<-u> >] >>> - S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] - -=for html -
- -=head1 DESCRIPTION - -The B command sets the value of one or both counters that -track the IDs the Protection Server allocates to new users, machines, or -groups: the C counter for the AFS user IDs (AFS UIDs) -assigned to users and machines, and the C counter for the -AFS group IDs (AFS GIDs) assigned to groups. - -Use the B command to display the current value of both -counters. - -=head1 OPTIONS - -=over 4 - -=item B<-group> > - -Sets the C counter. Precede the value with a hyphen to -indicate that it is negative. When an administrator next uses the B command to create a group entry and does not include that -command's B<-id> argument, the Protection Server assigns the group an AFS -GID one less (more negative) than this value. - -=item B<-user> > - -Sets the C counter. When an administrator next uses the B command to create a user or machine entry and does not include -that command's B<-id> argument, the Protection Server assigns the group an -AFS UID one greater than this value. - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-help> - -Prints the online help for this command. All other valid options are -ignored. - -=back - -=head1 EXAMPLES - -The following command sets the C counter to -500 and the -C counter to 1000. - - % pts setmax -group -500 -user 1000 - -=head1 PRIVILEGE REQUIRED - -The issuer must belong to the system:administrators group. - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 COPYRIGHT - -IBM Corporation 2000. All Rights Reserved. - -This documentation is covered by the IBM Public License Version 1.0. It was -converted from HTML to POD by software written by Chas Williams and Russ -Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_setmax.pod.in b/doc/man-pages/pod1/pts_setmax.pod.in new file mode 100644 index 0000000..1bfca5e --- /dev/null +++ b/doc/man-pages/pod1/pts_setmax.pod.in @@ -0,0 +1,77 @@ +=head1 NAME + +pts_setmax - Sets the value of the max group id or max user id counter + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-group> >] >>> S<<< [B<-user> >] >>> + S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-force>] [B<-help>] + +B [B<-g> I>] S<<< [B<-u> >] >>> + S<<< [B<-c> >] >>> [B<-n>] [B<-l>] [B<-f>] [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +The B command sets the value of one or both counters that +track the IDs the Protection Server allocates to new users, machines, or +groups: the C counter for the AFS user IDs (AFS UIDs) +assigned to users and machines, and the C counter for the +AFS group IDs (AFS GIDs) assigned to groups. + +Use the B command to display the current value of both +counters. + +=head1 OPTIONS + +=over 4 + +=item B<-group> > + +Sets the C counter. Precede the value with a hyphen to +indicate that it is negative. When an administrator next uses the B command to create a group entry and does not include that +command's B<-id> argument, the Protection Server assigns the group an AFS +GID one less (more negative) than this value. + +=item B<-user> > + +Sets the C counter. When an administrator next uses the B command to create a user or machine entry and does not include +that command's B<-id> argument, the Protection Server assigns the group an +AFS UID one greater than this value. + +=include fragments/pts-common.pod + +=back + +=head1 EXAMPLES + +The following command sets the C counter to -500 and the +C counter to 1000. + + % pts setmax -group -500 -user 1000 + +=head1 PRIVILEGE REQUIRED + +The issuer must belong to the system:administrators group. + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +IBM Corporation 2000. All Rights Reserved. + +This documentation is covered by the IBM Public License Version 1.0. It was +converted from HTML to POD by software written by Chas Williams and Russ +Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. diff --git a/doc/man-pages/pod1/pts_sleep.pod b/doc/man-pages/pod1/pts_sleep.pod deleted file mode 100644 index 4c00908..0000000 --- a/doc/man-pages/pod1/pts_sleep.pod +++ /dev/null @@ -1,88 +0,0 @@ -=head1 NAME - -pts_sleep - Pauses for a few seconds - -=head1 SYNOPSIS - -=for html -
- -B S<<< [B<-delay>] > >>> - S<<< [B<-cell>] > >>> [B<-noauth>] [B<-localauth>] [B<-force>] - -B S<<< [B<-d>] > >>> S<<< [B<-c>] > >>> - [B<-n>] [B<-l>] [B<-f>] - -=for html -
- -=head1 DESCRIPTION - -The B pauses for a specified number of seconds. The command can -be run from the command line or interactively, although from the command -line it's essentially equivalent to the B command. It is intended -for use in interactive mode to pause for a few seconds between batch -commands to allow the Protection Server to catch up. - -=head1 CAUTIONS - -Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was -only available on Unix or Linux and when OpenAFS was compiled with the -supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, -it is always available. - -=head1 OPTIONS - -Although they have no effect, B takes the following standard -B options: - -=over 4 - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=back - -=head1 OUTPUT - -This command produces no output. - -=head1 EXAMPLES - -Here is an example of a B session: - - % pts interactive - pts> sleep 5 - pts> quit - % - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -Copyright 2007 Jason Edgecombe - -This documentation is covered by the BSD License as written in the -doc/LICENSE file. This man page was written by Jason Edgecombe for -OpenAFS. diff --git a/doc/man-pages/pod1/pts_sleep.pod.in b/doc/man-pages/pod1/pts_sleep.pod.in new file mode 100644 index 0000000..f59d271 --- /dev/null +++ b/doc/man-pages/pod1/pts_sleep.pod.in @@ -0,0 +1,69 @@ +=head1 NAME + +pts_sleep - Pauses for a few seconds + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-delay>] > >>> + S<<< [B<-cell>] > >>> [B<-noauth>] [B<-localauth>] [B<-force>] + +B S<<< [B<-d>] > >>> S<<< [B<-c>] > >>> + [B<-n>] [B<-l>] [B<-f>] + +=for html +
+ +=head1 DESCRIPTION + +The B pauses for a specified number of seconds. The command can +be run from the command line or interactively, although from the command +line it's essentially equivalent to the B command. It is intended +for use in interactive mode to pause for a few seconds between batch +commands to allow the Protection Server to catch up. + +=head1 CAUTIONS + +Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was +only available on Unix or Linux and when OpenAFS was compiled with the +supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, +it is always available. + +=head1 OPTIONS + +Although they have no effect, B takes the following standard +B options: + +=over 4 + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +This command produces no output. + +=head1 EXAMPLES + +Here is an example of a B session: + + % pts interactive + pts> sleep 5 + pts> quit + % + +=head1 SEE ALSO + +L, +L + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the BSD License as written in the +doc/LICENSE file. This man page was written by Jason Edgecombe for +OpenAFS. diff --git a/doc/man-pages/pod1/pts_source.pod b/doc/man-pages/pod1/pts_source.pod deleted file mode 100644 index 3ad91e8..0000000 --- a/doc/man-pages/pod1/pts_source.pod +++ /dev/null @@ -1,97 +0,0 @@ -=head1 NAME - -pts_source - Read pts commands from a file - -=head1 SYNOPSIS - -=for html -
- -B S<<< [B<-file>] > >>> S<<< [B<-cell>] > >>> - [B<-noauth>] [B<-localauth>] [B<-force>] - -B S<<< [B<-f>] > >>> S<<< [B<-c>] > >>> - [B<-n>] [B<-l>] [B<-f>] - -=for html -
- -=head1 DESCRIPTION - -The B runs commands from a file as if they were typed in B mode. The command can be run from the command line or -interactively. - -=head1 CAUTIONS - -Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was -only available on Unix or Linux and when OpenAFS was compiled with the -supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, -it is always available. - -=head1 OPTIONS - -B takes the following options: - -=over 4 - -=item B<-cell> > - -Names the cell in which to run the command. For more details, see -L. - -=item B<-file> > - -Specifies the filename from which to read commands. - -=item B<-force> - -Enables the command to continue executing as far as possible when errors -or other problems occur, rather than halting execution at the first error. -This is useful for bulk operations where you would like to continue even -if one of many operations fails. - -=item B<-noauth> - -Assigns the unprivileged identity anonymous to the issuer. For more -details, see L. - -=item B<-localauth> - -Constructs a server ticket using a key from the local -F file. Do not combine this flag with the -B<-cell> or B<-noauth> options. For more details, see L. - -=back - -=head1 OUTPUT - -This command shows the output of each command in the file as if it were -run normally. - -=head1 EXAMPLES - -Here is an example of using B in a B session: - - % echo examine admin > /tmp/commands.txt - % pts interactive - pts> source /tmp/commands.txt - Name: admin, id: 1, owner: system:administrators, creator: anonymous, - membership: 2, flags: S----, group quota: 20. - pts> quit - % - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2007 Jason Edgecombe - -This documentation is covered by the BSD License as written in the -doc/LICENSE file. This man page was written by Jason Edgecombe for -OpenAFS. diff --git a/doc/man-pages/pod1/pts_source.pod.in b/doc/man-pages/pod1/pts_source.pod.in new file mode 100644 index 0000000..3179815 --- /dev/null +++ b/doc/man-pages/pod1/pts_source.pod.in @@ -0,0 +1,72 @@ +=head1 NAME + +pts_source - Read pts commands from a file + +=head1 SYNOPSIS + +=for html +
+ +B S<<< [B<-file>] > >>> S<<< [B<-cell>] > >>> + [B<-noauth>] [B<-localauth>] [B<-force>] + +B S<<< [B<-f>] > >>> S<<< [B<-c>] > >>> + [B<-n>] [B<-l>] [B<-f>] + +=for html +
+ +=head1 DESCRIPTION + +The B runs commands from a file as if they were typed in B mode. The command can be run from the command line or +interactively. + +=head1 CAUTIONS + +Prior to OpenAFS 1.4.5 and OpenAFS 1.5.23, the B command was +only available on Unix or Linux and when OpenAFS was compiled with the +supergroups option (disabled by default). As of OpenAFS 1.4.5 and 1.5.23, +it is always available. + +=head1 OPTIONS + +B takes the following options: + +=over 4 + +=include fragments/pts-common.pod + +=back + +=head1 OUTPUT + +This command shows the output of each command in the file as if it were +run normally. + +=head1 EXAMPLES + +Here is an example of using B in a B session: + + % echo examine admin > /tmp/commands.txt + % pts interactive + pts> source /tmp/commands.txt + Name: admin, id: 1, owner: system:administrators, creator: anonymous, + membership: 2, flags: S----, group quota: 20. + pts> quit + % + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2007 Jason Edgecombe + +This documentation is covered by the BSD License as written in the +doc/LICENSE file. This man page was written by Jason Edgecombe for +OpenAFS. diff --git a/regen.sh b/regen.sh index 8ef4349..7121a83 100755 --- a/regen.sh +++ b/regen.sh @@ -45,6 +45,7 @@ else # pod2man available. if test -d doc/man-pages ; then echo "Building man pages" + perl doc/man-pages/merge-pod doc/man-pages/pod1/*.in (cd doc/man-pages && ./generate-man) fi fi -- 1.9.4