| Displaying and Setting the AFS UID and GID Counters | ||
|---|---|---|
 | Chapter 13. Administering the Protection Database |  |
| Displaying and Setting the AFS UID and GID Counters | ||
|---|---|---|
| | Chapter 13. Administering the Protection Database | |
When you use the pts createuser command to create a user or machine entry in the
Protection Database, the Protection Server by default automatically allocates an AFS user ID (AFS UID) for it; similarly, it
allocates an AFS group ID (AFS GID) for each group entry you create with the pts creategroup
command. It tracks the next available AFS UID (which is a positive integer) and AFS GID (which is a negative integer) with the
max user id and max group id counters, respectively.
Members of the system:administrators group can include the -id argument to either pts creation command to assign a specific ID to a new user, machine, or group. It often makes sense to assign AFS UIDs explicitly when creating AFS accounts for users with existing UNIX accounts, as discussed in Assigning AFS and UNIX UIDs that Match. It is also useful if you want to establish ranges of IDs that correspond to departmental affiliations (for example, assigning AFS UIDs from 300 to 399 to members of one department, AFS UIDs from 400 to 499 to another department, and so on).
To display the current value of the counters, use the pts listmax command. When you next
create a user or machine entry and do not specify its AFS UID, the Protection Server increments the max user
id counter by one and assigns that number to the new entry. When you create a new group and do not specify its
AFS GID, the Protection Server decrements the max group id counter by one (makes it more
negative), and assigns that number to the new group.
You can change the value of either counter, or both, in one of two ways:
Directly, using the pts setmax command.
Indirectly, by using the -id argument to the pts
createuser command to assign an AFS UID that is larger than the max user id
counter, or by using the -id to the pts creategroup
command to assign an AFS GID that is less (more negative) than the max group id counter. In either case, the Protection
Server changes the counter to the value of the -id argument. The Protection Server does not
use the IDs between the previous value of the counter and the new one when allocating IDs automatically, unless you use the
pts setmax command to move the counter back to its old value.
If the value you specify with the -id argument is less than the max
user id counter or greater (less negative) than the max group id counter,
then the counter does not change.
Issue the pts listmax command to display the counters.
% pts listmax
where listm is an acceptable abbreviation of listmax.
The following example illustrates the output's format. In this case, the next automatically assigned AFS UID is 5439 and AFS GID is -469.
% pts listmax
Max user id is 5438 and max group id is -468.
Verify that you belong to the system:administrators group. If necessary, issue the pts membership command, which is fully described in To display the members of the system:administrators group.
% pts membership system:administrators
Issue the pts setmax command to set the max user
id counter, the max group id counter, or both.
% pts setmax [-group <group max>] [-user <user max>]
where
Is the shortest acceptable abbreviation of setmax.
Specifies an integer one greater (less negative) than the AFS GID that the Protection Server is to assign to the next group entry. Because the value is a negative integer, precede it with a hyphen (-).
Specifies an integer one less than the AFS UID that the Protection Server is to assign to the next user or machine entry.
| |  | |
| Setting the Privacy Flags on Database Entries |  | Chapter 14. Managing Access Control Lists |