Part IV. Managing Users and Groups

Table of Contents

11. Creating and Deleting User Accounts with the uss Command Suite
Summary of Instructions
Overview of the uss Command Suite
The Components of an AFS User Account
Privilege Requirements for the uss Commands
Avoiding and Recovering from Errors and Interrupted Operations
Creating Local Password File Entries with uss
Assigning AFS and UNIX UIDs that Match
Specifying Passwords in the Local Password File
Creating a Common Source Password File
Converting Existing UNIX Accounts with uss
Making UNIX and AFS UIDs Match
Setting the Password Field Appropriately
Moving Local Files into AFS
Constructing a uss Template File
Creating the Three Types of User Accounts
Using Constants and Variables in the Template File
Where to Place Template Files
Some General Rules for Constructing a Template
About Creating Local Disk Directories and Files
Example uss Templates
Evenly Distributing User Home Directories with the G Instruction
Creating a Volume with the V Instruction
Creating a Directory with the D Instruction
Creating a File from a Prototype with the F Instruction
Creating One-Line Files with the E Instruction
Creating Links with the L and S Instructions
Increasing Account Security with the A Instruction
Executing Commands with the X Instruction
Creating Individual Accounts with the uss add Command
To create an AFS account with the uss add command
Deleting Individual Accounts with the uss delete Command
To delete an AFS account
Creating and Deleting Multiple Accounts with the uss bulk Command
Constructing a Bulk Input File
Example Bulk Input File Instructions
To create and delete multiple AFS user accounts
12. Administering User Accounts
Summary of Instructions
The Components of an AFS User Account
Creating Local Password File Entries
Assigning AFS and UNIX UIDs that Match
Specifying Passwords in the Local Password File
Converting Existing UNIX Accounts
Making UNIX and AFS UIDs Match
Setting the Password Field Appropriately
Moving Local Files into AFS
Creating AFS User Accounts
To create one user account with individual commands
Improving Password and Authentication Security
To limit the number of consecutive failed authentication attempts
To unlock a locked user account
To set password lifetime
To prohibit reuse of passwords
Changing AFS Passwords
To change an AFS password
Displaying and Setting the Quota on User Volumes
Changing Usernames
To change a username
Removing a User Account
To remove a user account
13. Administering the Protection Database
Summary of Instructions
About the Protection Database
The System Groups
Displaying Information from the Protection Database
To display a Protection Database entry
To display group membership
To list the groups that a user or group owns
To display all Protection Database entries
Creating User and Machine Entries
To create machine entries in the Protection Database
Creating Groups
Using Groups Effectively
To create groups
To create a self-owned group
Using Prefix-Less Groups
Adding and Removing Group Members
To add users and machines to groups
To remove users and machines from groups
Deleting Protection Database Entries
To delete Protection Database entries
Changing a Group's Owner
To change a group's owner
Changing a Protection Database Entry's Name
To change the name of a machine or group entry
Setting Group-Creation Quota
To set group-creation quota
Setting the Privacy Flags on Database Entries
To set a Protection Database entry's privacy flags
Displaying and Setting the AFS UID and GID Counters
To display the AFS ID counters
To set the AFS ID counters
14. Managing Access Control Lists
Summary of Instructions
Protecting Data in AFS
Differences Between UFS and AFS Data Protection
The AFS ACL Permissions
Using Normal and Negative Permissions
Using Groups on ACLs
Displaying ACLs
To display an ACL
Setting ACL Entries
To add, remove, or edit normal ACL permissions
To add, remove, or edit negative ACL permissions
Completely Replacing an ACL
To replace an ACL completely
Copying ACLs Between Directories
To copy an ACL between directories
Removing Obsolete AFS IDs from ACLs
To clean obsolete AFS IDs from an ACL
How AFS Interprets the UNIX Mode Bits
15. Managing Administrative Privilege
Summary of Instructions
An Overview of Administrative Privilege
The Reason for Separate Privileges
Administering the system:administrators Group
To display the members of the system:administrators group
To add users to the system:administrators group
To remove users from the system:administrators group
Granting Privilege for kas Commands: the ADMIN Flag
To check if the ADMIN flag is set
To set or remove the ADMIN flag
Administering the UserList File
To display the users in the UserList file
To add users to the UserList file
To remove users from the UserList file