[2193] in SIPB-AFS-requests
Some misconceptions about PTS groups
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Dec 6 18:33:31 1995
Date: Wed, 6 Dec 1995 18:32:58 -0500
From: Greg Hudson <ghudson@MIT.EDU>
To: sipb-afsreq@MIT.EDU
Cc: webmaster@MIT.EDU
Apparently, several people made decisions today based on an incomplete
knowledge of the capabilities of AFS PTS groups. It's important that
people involved in administering AFS understand what AFS is capble of.
Here are the rules (which are explained very clearly in the Transarc
documentation):
There are two kinds of AFS groups, prefixed ("foo:bar") and
non-prefixed ("bar"). If a group is prefixed and has the
prefix "foo", its owner must be either "foo" or another group
with prefix foo. Users can only create prefixed groups, and
the prefix must be the PTS id of the user. People on
system:administrators can create groups of any name, but must
still obey the ownership requirements.
Some examples:
To create a self-owned, non-prefixed group A (assuming you are
on system:administrators):
pts creategroup foobar -c sipb
pts chown foobar -owner foobar -c sipb
To create a group A administered by a smaller group B, where B
is in turn administered by system:administrators:
pts creategroup A -owner system:administrators -c sipb
pts creategroup A:B -owner A -c sipb
To create a self-owned group if you're not in
system:administrators and your username is "myname":
pts creategroup myname:A -c sipb
pts adduser myname -group myname:A -c sipb
pts chown myname:A -group myname:A
There are lots of other possibilities, of course. A username prefix
("myname:") only indicates the original creator; it doesn't mandate
that the owner be "myname" (even indirectly). If you don't like
username prefixes on groups, come up with a description for who should
own the group and get someone on system:administrators to create a
non-prefixed group with that name.
