jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-22 17:00:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d781450cf3
openafs/doc/man-pages/pod1/pts_membership.pod
Russ Allbery d781450cf3 man-page-pts-membership-privilege-20090118 
FIXES 124151
LICENSE BSD

Add system:ptsviewers to the privilege documentation of pts membership and
try to clarify the privilege required by being less verbose and hopefully
more direct.
2009-01-19 03:09:52 +00:00

162 lines
4.7 KiB
Plaintext
Raw Blame History

=head1 NAME
pts_membership - Displays the membership list for a user or group
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<pts membership> S<<< B<-nameorid> <I<user or group name or id>>+ >>>
S<<< [B<-cell> <I<cell name>>] >>> [B<-localauth>] [B<-noauth>]
[B<-force>] [B<-help>]
B<pts m> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
[B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts groups> S<<< B<-na> <I<user or group name or id>>+ >>> [-c <I<cell name>>]
[B<-no>] [B<-l>] [B<-f>] [B<-h>]
B<pts g> S<<< B<-na> <I<user or group name or id>>+ >>> S<<< [B<-c> <I<cell name>>] >>>
[B<-no>] [B<-l>] [B<-f>] [B<-h>]
=for html
</div>
=head1 DESCRIPTION
The B<pts membership> command lists the groups to which each user or
machine specified by the B<-nameorid> argument belongs, or lists the users
and machines that belong to each group specified by the B<-nameorid>
argument.
It is not possible to list the members of the system:anyuser or
system:authuser groups, and they do not appear in the list of groups to
which a user belongs.
To add users or machine to groups, use the B<pts adduser> command; to remove
them, use the B<pts removeuser> command.
=head1 OPTIONS
=over 4
=item B<-nameorid> <I<user or group name or id>>+
Specifies the name or AFS UID of each user entry, the IP address (complete
or wildcard-style) or AFS UID of each machine entry, or the name or AFS
GID of each group, for which to list group membership. It is acceptable to
mix users, machines, and groups on the same command line, as well as names
and IDs. Precede the GID of each group with a hyphen to indicate that it
is negative.
=item B<-cell> <I<cell name>>
Names the cell in which to run the command. For more details, see
L<pts(1)>.
=item B<-noauth>
Assigns the unprivileged identity anonymous to the issuer. For more
details, see L<pts(1)>.
=item B<-localauth>
Constructs a server ticket using a key from the local
F</usr/afs/etc/KeyFile> file. Do not combine this flag with the
B<-cell> or B<-noauth> options. For more details, see L<pts(1)>.
=item B<-force>
Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first error.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 OUTPUT
For each user and machine, the output begins with the following header
line, followed by a list of the groups to which the user or machine
belongs:
Groups <name> (id: <AFS UID>) is a member of:
For each group, the output begins with the following header line, followed
by a list of the users and machines who belong to the group:
Members of <group_name> (id: <AFS GID>) are:
=head1 EXAMPLES
The following example lists the groups to which the user C<pat> belongs
and the members of the group C<smith:friends>. Note that third privacy
flag for the C<pat> entry was changed from the default hyphen to enable a
non-administrative user to obtain this listing.
% pts membership pat smith:friends
Groups pat (id: 1144) is a member of:
smith:friends
staff
johnson:project-team
Members of smith:friends (id: -562) are:
pat
terry
jones
richard
thompson
=head1 PRIVILEGE REQUIRED
Members of the groups system:ptsviewers and system:administrators can
always use this command in any of its variations. Additionally, a user
can always list the groups to which they belong, and the owner of a group
can always list the members of the group.
Additional privileges may be granted by the setting of the third privacy
flag in the Protection Database entry of each user or group indicated by
the B<-nameorid> argument (use the B<pts examine> command to display the
flags):
=over 4
=item *
If it is a hypen, the default permissions described above apply.
=item *
If it is lowercase C<m> and the B<-nameorid> argument specifies a group,
members of that group can also list the other members. A privacy flag of
C<m> only changes the permissions when set for a group. Setting this flag
for a user or a machine has no effect.
=item *
If it is uppercase C<M>, anyone who can access the cell's database server
machines can list the membership of the group or the groups to which that
user or machine belongs, depending on what type of entry the flag is set
on.
=back
=head1 SEE ALSO
L<pts(1)>,
L<pts_adduser(1)>,
L<pts_examine(1)>,
L<pts_removeuser(1)>,
L<pts_setfields(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink