Creating Groups and Adding Members

Use the pts creategroup command to create a group and the pts adduser command to add members to it. Users and machines can belong to groups, but other groups cannot.

When you create a group, you normally become its owner automatically. This means you alone can administer it: add and remove members, change the group's name, transfer ownership of the group, or delete the group entirely. If you wish, you can designate another owner when you create the group, by including the -owner argument to the pts creategroup command. If you assign ownership to another group, the owning group must already exist and have at least one member. You can also change a group's ownership after creating it by using the pts chown command as described in Changing a Group's Owner or Name.

To Create a Group

Issue the pts creategroup command to create a group. Your group-creation quota decrements by one for each group.

   % pts creategroup -name <group name>+ [-owner <owner of the group>]

where

cg

Is an alias for creategroup (and createg is the shortest acceptable abbreviation).

-name

Names each group to create. The name must have the following format:

owner_name:group_name

The owner_name prefix must accurately indicate the group's owner. By default, you are recorded as the owner, and the owner_name must be your AFS username. You can include the -owner argument to designate another AFS user or group as the owner, as long as you provide the required value in the owner_name field:

  • If the owner is a user, it must be the AFS username.

  • If the owner is another regular group, it must match the owning group's owner_name field. For example, if the owner is the group terry:associates, the owner field must be terry.

  • If the owner is a group without an owner_name prefix, it must be the owning group's name.

The name can include up to 63 characters including the colon. Use numbers and lowercase letters, but no spaces or punctuation characters other than the colon.

-owner

Is optional and assigns ownership to a user other than yourself, or to a group. If you specify a group, it must already exist and have at least one member. (This means that to make a group self-owned, you must issue the pts chown command after using this command to create the group, and the pts adduser command to add a member. See Changing a Group's Owner or Name.)

Do not name a machine as the owner. Because no one can authenticate as a machine, there is no way to administer a group owned by a machine.

Example: Creating a Group

In the following example user terry creates a group to include all the other users in his work team, and then examines the new group entry.

   % pts creategroup terry:team
   group terry:team has id -286
   % pts examine terry:team
   Name: terry:team, id: -286, owner: terry, creator: terry,
     membership: 0, flags: S----, group quota: 0.

To Add Members to a Group

Issue the pts adduser command to add one or more users to one or more groups. You can always add members to a group you own (either directly or because you belong to the owning group). If you belong to a group, you can add members if its fourth privacy flag is the lowercase letter a; see Protecting Group-Related Information.

   % pts adduser -user <user name>+ -group <group name>+

You must add yourself to groups that you own, if that is appropriate. You do not belong automatically just because you own the group.

Note

If you already have a token when you are added to a group, you must issue the aklog command to reauthenticate before you can exercise the permissions granted to the group on ACLs.

where

-user

Specifies the username of each user to add to the groups named by the -group argument. Groups cannot belong to other groups.

-group

Names each group to which to add users.

Example: Adding Members to a Group

In this example, user terry adds himself, pat, indira, and smith to the group he just created, terry:team, and then verifies the new list of members.

   % pts adduser -user terry pat indira smith -group terry:team
   % pts members terry:team
   Members of terry:team (id: -286) are:
     terry
     pat
     indira
     smith