When you use the pts createuser command to create a user or machine entry in the
Protection Database, the Protection Server by default automatically allocates an AFS user ID (AFS UID) for it; similarly, it
allocates an AFS group ID (AFS GID) for each group entry you create with the pts creategroup
command. It tracks the next available AFS UID (which is a positive integer) and AFS GID (which is a negative integer) with the
max user id and
max group id counters, respectively.
Members of the system:administrators group can include the -id argument to either pts creation command to assign a specific ID to a new user, machine, or group. It often makes sense to assign AFS UIDs explicitly when creating AFS accounts for users with existing UNIX accounts, as discussed in Assigning AFS and UNIX UIDs that Match. It is also useful if you want to establish ranges of IDs that correspond to departmental affiliations (for example, assigning AFS UIDs from 300 to 399 to members of one department, AFS UIDs from 400 to 499 to another department, and so on).
To display the current value of the counters, use the pts listmax command. When you next
create a user or machine entry and do not specify its AFS UID, the Protection Server increments the
id counter by one and assigns that number to the new entry. When you create a new group and do not specify its
AFS GID, the Protection Server decrements the
max group id counter by one (makes it more
negative), and assigns that number to the new group.
You can change the value of either counter, or both, in one of two ways:
Directly, using the pts setmax command.
Indirectly, by using the -id argument to the pts
createuser command to assign an AFS UID that is larger than the
max user id
counter, or by using the -id to the pts creategroup
command to assign an AFS GID that is less (more negative) than the max group id counter. In either case, the Protection
Server changes the counter to the value of the -id argument. The Protection Server does not
use the IDs between the previous value of the counter and the new one when allocating IDs automatically, unless you use the
pts setmax command to move the counter back to its old value.
If the value you specify with the -id argument is less than the
user id counter or greater (less negative) than the
max group id counter,
then the counter does not change.
Issue the pts listmax command to display the counters.
% pts listmax
where listm is an acceptable abbreviation of listmax.
The following example illustrates the output's format. In this case, the next automatically assigned AFS UID is 5439 and AFS GID is -469.
% pts listmax Max user id is 5438 and max group id is -468.
Verify that you belong to the system:administrators group. If necessary, issue the pts membership command, which is fully described in To display the members of the system:administrators group.
% pts membership system:administrators
Issue the pts setmax command to set the
id counter, the
max group id counter, or both.
% pts setmax [-group <
group max>] [-user <
Is the shortest acceptable abbreviation of setmax.
Specifies an integer one greater (less negative) than the AFS GID that the Protection Server is to assign to the next group entry. Because the value is a negative integer, precede it with a hyphen (-).
Specifies an integer one less than the AFS UID that the Protection Server is to assign to the next user or machine entry.