Displaying Group Information

Displaying Group Information
	Chapter 5. Using Groups

You can use the following commands to display information about groups and the users who belong to them:

To display the members of a group, or the groups to which a user belongs, use the pts membership command.
To display the groups that a user or group owns, use the pts listowned command.
To display general information about a user or group, including its name, AFS ID, creator, and owner, use the pts examine command.

Note

The system:anyuser and system:authuser system groups do not appear in a user's list of group memberships, and the pts membership command does not display their members. For more information on the system groups, see Using the System Groups on ACLs.

To Display Group Membership

Issue the pts membership command to display the members of a group, or the groups to which a user belongs.

   % pts membership <user or group name or id>⁺

where user or group name or id specifies the name or AFS UID of each user for which to display group membership, or the name or AFS GID of each group for which to display the members. If identifying a group by its AFS GID, precede the GID with a hyphen (-) to indicate that it is a negative number.

Example: Displaying the Members of a Group

The following example displays the members of the group terry:team.

   % pts membership terry:team
   Members of terry:team (id: -286) are:
     terry
     smith
     pat
     johnson

Example: Displaying the Groups to Which a User Belongs

The following example displays the groups to which users terry and pat belong.

   % pts membership terry pat
   Groups terry (id: 1022) is a member of:
     smith:friends
     pat:accounting
     terry:team
   Groups pat (id: 1845) is a member of:
     pat:accounting
     sam:managers
     terry:team

To Display the Groups a User or Group Owns

Issue the pts listowned command to display the groups that a user or group owns.

   %  pts listowned <user or group name or id>⁺

where user or group name or id specifies the name or AFS UID of each user, or the name or AFS GID of each group, for which to display group ownership. If identifying a group by its AFS GID, precede the GID with a hyphen (-) to indicate that it is a negative number.

Example: Displaying the Groups a Group Owns

The following example displays the groups that the group terry:team owns.

   % pts listowned -286
   Groups owned by terry:team (id: -286) are:
     terry:project
     terry:planners

Example: Displaying the Groups a User Owns

The following example displays the groups that user pat owns.

   % pts listowned pat
   Groups owned by pat (id: 1845) are:
      pat:accounting
      pat:plans

To Display A Group Entry

Issue the pts examine command to display general information about a user or group, including its name, AFS ID, creator, and owner.

   %  pts examine <user or group name or id>⁺

where user or group name or id specifies the name or AFS UID of each user, or the name or AFS GID of each group, for which to display group-related information. If identifying a group by its AFS GID, precede the GID with a hyphen (-) to indicate that it is a negative number.

The output includes information in the following fields:

Name: For users, this is the character string typed when logging in. For machines, the name is the IP address; a zero in address field acts as a wildcard, matching any value. For most groups, this is a name of the form owner_name:group_name. Some groups created by your system administrator do not have the owner_name prefix. See Group Names.
id: This is a unique identification number that the AFS server processes use internally. It is similar in function to a UNIX UID, but operates in AFS rather than the UNIX file system. Users and machines have positive integer AFS user IDs (UIDs), and groups have negative integer AFS group IDs (GIDs).
owner: This is the user or group that owns the entry and so can administer it.
creator: The name of the user who issued the pts createuser and pts creategroup command to create the entry. This field is useful mainly as an audit trail and cannot be changed.
membership: For users and machines, this indicates how many groups the user or machine belongs to. For groups, it indicates how many members belong to the group. This number cannot be set explicitly.
flags: This field indicates who is allowed to list certain information about the entry or change it in certain ways. See Protecting Group-Related Information.
group quota: This field indicates how many more groups a user is allowed to create. It is set to 20 when a user entry is created. The creation quota for machines or groups is meaningless because it not possible to authenticate as a machine or group.

Example: Listing Information about a Group

The following example displays information about the group pat:accounting, which includes members of the department that pat manages. Notice that the group is self-owned, which means that all of its members can administer it.

   % pts examine pat:accounting
   Name: pat:accounting, id: -673, owner: pat:accounting, creator: pat,
     membership: 15, flags: S-M--, group quota: 0

Example: Listing Group Information about a User

The following example displays group-related information about user pat. The two most interesting fields are membership, which shows that pat belongs to 12 groups, and group quota, which shows that pat can create another 17 groups.

  % pts examine pat
   Name: pat, id: 1045, owner: system:administrators, creator: admin,
     membership: 12, flags: S-M--, group quota: 17