VMS Help
DCE_SECURITY, Admin Intro, rgy_edit, pgo_commands
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
|
PRINCIPAL, GROUP, AND ORGANIZATION SUBCOMMANDS
Whether name applies to a principal, group, or organization depends on
the domain in which you run rgy_edit. Use the do[main] subcommand
(described in Miscellaneous Commands) to change domains.
v[iew] [name] [-f] [-m] [-po] Views registry entries.
The -f option displays entries in full (all fields except the
membership list and organization policy).
If you are viewing groups or organizations, -m displays the
membership list. For principals, -m lists all groups of which
the principal is a member, including groups that cannot appear
in a project list.
If you are viewing organizations, -po displays policy information.
If you do not enter the -po option, rgy_edit shows only the
organization's name and the UNIX number.
a[dd] [principal_name [unix_number] [-f fullname] [-al] [-q quota]]
a[dd] [group_name [unix_number] [-f fullname [-nl]]] [-al] ls
a[dd] [organization_name [unix_number] [-f fullname]]
Create a new name entry.
If you do not specify principal_name, group_name, or organization-
name, the add subcommand prompts you for each field in the entry.
If you are adding organizations, the command prompts you for policy
information as well. If you specify only principal_name, group_name,
or organization_name and no other arguments, the object's fullname
defaults to "" (that is, blank), the object's UNIX number is assigned
automatically, and the object's creation quota defaults to unlimited.
Use the -al option to create an alias for an existing principal or
group. No two principals or groups can have the same UNIX number,
but a principal or group and all its aliases share the same UNIX
number. The -al option creates an alias name for a principal or
group and assigns the alias name the same UNIX number as the
principal or group.
The -q option specifies the principal's object creation quota, the
total number of registry objects that can be created by the
principal. If you do not specify this option, the object creation
quota defaults to unlimited. For groups, the -nl option indicates
that the group is not to be included on project lists; omitting this
option allows the group to appear on project lists.
c[hange] [principal_name [-n name] [-f fullname] [-al | -pr]
[-q quota]]
c[hange] [group_name [-n name] [-f fullname] [-nl | -l] ]
[-al | -pr]
c[hange] [organization_name [-n name] [-f fullname]]
Changes a principal, group, or organization.
Specify the entry to change with principal_name, group_name, or
organization_name. If you do not specify a principal_name,
group_name, or organization_name, the change subcommand prompts
you for a name. If you do not specify any fields, the subcommand
prompts you for each field in succession. To leave a field
unchanged, press <RETURN> at the prompt. If you are changing
organization entries in the interactive mode, the subcommand
prompts you for policy information as well.
Use -n name and -f fullname, to specify a new primary name or
fullname, respectively.
For principals and groups, the -al option changes a primary name
into an alias, and the -pr option changes an alias into a primary
name. This change can be made only from the command line, not in
the interactive mode. The -q option specifies the total number of
registry objects that can be created by the principal.
For group entries, the -nl option disallows the group from appearing
in project lists, while the -l option allows the group to appear in
project lists.
For organization entries, you can change policy information only in
the interactive mode.
Changes to a principal name are reflected in membership lists that
contain the principal name. For example, if the principal ludwig is
a member of the group composers and the principal name is changed to
louis, the membership list for composers is automatically changed to
include louis but not ludwig.
For reserved names, you can change only fullname.
m[ember] [group_name | organization_name [-a member_list]
[-r member_list] ]
Edits the membership list for a group or organization.
If you do not specify a group or organization, the member subcommand
prompts you for names to add or remove.
To add names or aliases to a membership list, use the -a option
followed by the names separated by commas. To delete names from a
membership list, use the -r option followed by the names separated
by commas. If you do not include either the -a or -r option on the
command line, rgy_edit prompts you for names to add or remove.
Removing names from the membership list for a group or organization
has the side effect of deleting the login account for removed member
(and, of course, eliminating any permissions granted as a result of
the membership the next time the member's ticket-granting ticket is
renewed).
del[ete] name
Deletes a registry entry.
If you delete a principal, rgy_edit deletes the principal's account.
If you delete a group or organization, rgy_edit deletes any accounts
associated with the group or organization. You cannot delete
reserved principals.
adopt uuid principal_name [-u unix_number] [ -f fullname] [-q quota]
adopt uuid group_name [-f fullname] [-nl]
adopt uuid organization_name [-f fullname]
Creates a principal, group, or organization for the specified UUID.
The principal, group, or organization is created to adopt an orphan
object. Orphans are registry objects that cannot be accessed
because 1) they are owned by UUIDs that are not associated with a
principal or group and 2) no other principal, group, or organization
has access rights to the orphaned object. UUIDs are associated with
all registry objects when the object is created. When the registry
object is deleted, the association between the object and the UUID
is also deleted.
The principal_name, group_name, or organization_name you specify
must be unique in the registry as it must be when you create a
principal, group, or organization using the add subcommand. Except
for the manner in which it is created, the principal, group, or
organization created by the adopt subcommand is no different from
any other principal, group, or organization. The uuid option
specifies the UUID number to be assigned to the principal, group, or
organization. The UUID supplied must be the one that owns the
orphaned object. Specify the uuid in RPC print string format as 8
hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4
hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; and 12
hexadecimal digits. The format follows:
nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
For cell principals only, the -u option specifies the UNIX number to
be associated with the cell name. If you do not enter this option,
the next sequential UNIX number is supplied as a default. For all
principals other than cells, the UNIX number is extracted from
information embedded in the principal's UUID and cannot be specified
here.
For principals, the -q option specifies the principal's object
creation quota. If you do not enter the option, the object creation
quota is set to "unlimited."
For groups, the -nl option turns off the project list inclusion
property so that groups are not included in project lists. If you
do not enter this option, the group is included in project lists.
For principals, groups, and organizations, the -f option supplies
the object's fullname. If you do not enter the -f option, fullname
defaults to blank.
An error occurs if you specify a name or UNIX number that is already
defined within the same domain of the database.
Note that in the current implementation of the DCE, UNIX numbers are
embedded in UUID numbers. If you try to create a group or
organization to adopt an orphaned object and fail, it could be
because the embedded UNIX number is invalid because it does not fall
within the range of valid UNIX numbers set for the cell as a registry
property. If this is the case, you must reset the range of valid UNIX
numbers to include the UNIX number embedded in the UUID and then try
again to adopt the object.
[legal]
[privacy]
[GNU]
[policy]
[netiquette]
[sponsors]
[FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.