|
|
||
|
AFS- Protection Groups
What are Protection Groups?
Protection groups are the Andrew File System (AFS) groups that you can create to make controlling access to your directories (and the files contained therein) easier. A protection group is an association between a name and a list of users, allowing you to refer to a collection of users by a single name. You can control access to your directories by granting or denying access rights, specified in the directory's access control list (ACL). For information on access rights and ACLs, read the brief guides AFS-Directory and File Protections and AFS-Using ACLs.
Commands Covered in this Brief Guide
Create a group
$ pts creategroup username:groupname
Delete a group
$ pts delete username:groupname
List groups for user
$ pts listowned username
Show group limit
$ pts examine username
Add users to group
$ pts adduser user username:groupname
Remove user from group
$ pts removeuser user username:name
List members of group
$ pts membership username:groupname
Note that help for each of the commands can be obtained with the -h option. To get usage help from the adduser command, enter:
$ pts adduser -h
Creating a Protection Group
You can create a protection group with the following command:
$ pts creategroup username:groupname
So, if your username is bjbo1, and you wanted to create a group called pals, you would enter:
$ pts creategroup bjbo1:pals
group bjbo1:pals has id -987Adding Users to Protection Groups
Protection groups are useful because you can control who is a member of your groups. To add new pals, whose usernames are justin, jon9, and ed7 to your new group, you would enter:
$ pts adduser -user justin jon9 ed7 -group bjbo1:pals
The example above shows how to add multiple users. For adding a single user to a protection group, use:
$ pts adduser joe bjbo1:pals
Listing Members of a Protection Group
After a group is created, you can get a membership list of that group with:
$ pts membership username:groupname
If you wanted to see the list of current members of your new group, bjbo1:pals, you would enter:
$ pts membership bjbo1:pals
Members of bjbo1:pals (id: -987) are:
justin
jon9
ed7
joe
Removing Users from Protection Groups
Sometimes it is necessary to remove a user from a group. If you and ed7 aren't pals anymore, you can remove ed7 as follows:$ pts removeuser ed7 bjbo1:pals
Using Protection Groups
Once the group is created, you can use it to permit or deny access to a directory by creating an ACL, or Access Control List on that directory. To allow read access to the directory /afs/sfsu.edu/usr/bjbo1/fun for your pals, you would do the following:
fs setacl /afs/sfsu.edu/usr/bjbo1/fun bjbo1:pals rl
Listing Protection Groups
If you need to figure out what groups you already own, the command is:$ pts listowned username
So you would enter the following (if your username is bjbo1):$ pts listowned bjbo1
Groups owned by bjbo1 (id: 99) are:
bjbo1:allies
bjbo1:pals
Deleting Protection Groups
You may decide that you no longer have any allies, so you want to get rid of that group. You would simply do this:$ pts delete bjbo1:allies
Note that groups can be deleted even if they have members.Checking Limits to Protection Group Creation
You can only create a limited number of protection groups. You can figure out what that limit is with the command:$ pts examine username
If you wanted to know your group creation limit, you'd put your username in the command for username. The output from the command is listed below, using username bjbo1.$ pts examine bjbo1
Name:bjbo1, id:99, owner: system:admininstrator, creator:cap, membership: 0, flags: S--, group quota: 25
Notice that bjbo1's group quota is 25. The default number of groups that you can create is 20. To learn more about this topic, consult the following references:Brief guides:
- AFS-Using ACLs,
- AFS-Directory and File Protections
Man pages: pts(1), fs(1) (NOTE: This document was adapted from University of Pittsburgh's help sheets.)[TOP OF PAGE and HOME links can be removed, if necessary]
HOME
Site Home | What We Do | Help Desk | Account Services | Software | Hardware | Network
Telephone Services | Training | Computer Labs | Web Publishing | Policies | Sitemap | Contact Us
Last Modified: 12 Dec 2001
doit@sfsu.edu