| Administering the system:administrators Group | ||
|---|---|---|
 | Chapter 15. Managing Administrative Privilege |  |
| Administering the system:administrators Group | ||
|---|---|---|
| | Chapter 15. Managing Administrative Privilege | |
The first type of AFS administrative privilege is membership . Members of the system:administrators group in the Protection Database have the following privileges:
Permission to issue all pts commands, which are used to administer the Protection Database. See Administering the Protection Database.
Permission to issue the fs setvol and fs setquota commands, which set the space quota on volumes as described in Setting and Displaying Volume Quota and Current Size.
Implicit a (administer) and by default l (lookup) permissions on the access control list (ACL) on every directory in the cell's AFS filespace. Members of the group can use the fs setacl command to grant themselves any other permissions they require, as described in Setting ACL Entries.
You can change the ACL permissions that the File Server on a given file server machine implicitly grants to the members of the system:administrators group for the data in volumes that it houses. When you issue the bos create command to create and start the fs process on the machine, include the -implicit argument to the fileserver initialization command. For syntax details, see the fileserver reference page in the OpenAFS Administration Reference. You can grant additional permissions, or remove the l permission. However, the File Server always implicitly grants the a permission to members of the group, even if you set the value of the -implicit argument to none.
Issue the pts membership command to display the system:administrators group's list of members. Any user can issue this command as long as the first
privacy flag on the system:administrators group's Protection Database entry is not
changed from the default value of uppercase S.
% pts membership system:administrators
where m is the shortest acceptable abbreviation of membership.
Verify that you belong to the system:administrators group. If necessary, issue the pts membership command, which is fully described in To display the members of the system:administrators group.
% pts membership system:administrators
Issue the pts adduser group to add one or more users.
% pts adduser -user <user name>+ -group system:administrators
where
Is the shortest acceptable abbreviation of adduser.
Names each user to add to the system:administrators group.
Verify that you belong to the system:administrators group. If necessary, issue the pts membership command, which is fully described in To display the members of the system:administrators group.
% pts membership system:administrators
Issue the pts removeuser command to remove one or more users.
% pts removeuser -user <user name>+ -group system:administrators
where
Is the shortest acceptable abbreviation of removeuser.
Names each user to remove from the system:administrators group.
| |  | |
| An Overview of Administrative Privilege |  | Granting Privilege for kas Commands: the ADMIN Flag |