group(1m) Open Software Foundation group(1m)
NAME [Toc] [Back]
group - A dcecp object that manages a group in the DCE Security
Service
SYNOPSIS [Toc] [Back]
group add group_name_list -member member_name_list
group catalog [cell_name] [-simplename]
group create group_name_list
{-attribute extended_rgy_attr_list | -attribute value}
group delete group_name_list
group help [operation | -verbose]
group list group_name_list [-simplename]
group modify group_name_list
{-add extended_rgy_attr_list |
-remove extended_rgy_attr_list [-types] |
-change extended_rgy_attr_list | -attribute value}
group operations
group remove group_name_list -member member_name_list
group rename group_name -to new_group_name
group show group_name_list [-all | -xattrs]
ARGUMENTS [Toc] [Back]
cell_name The name of a cell to contact when processing the catalog
operation. The name must be a fully qualified cell name,
such as /.: or /.../cell_name.
group_name
The name of a single group to act on. See group_name_list
for the name format.
group_name_list
A list of one or more names of groups to act on. Supply the
names as follows:
+ Fully qualified names in the form
/.../cell_name/group_name, /.:/group_name, or
group_name@cell_name.
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
+ Cell-relative names in the form group_name. These names
refer to a group in the cell identified in the _s(sec)
convenience variable, or if the _s(sec) convenience
variable is not set, in the local host's default cell.
Do not mix fully qualified names and cell-relative names in
a list. In addition, do not use the names of registry
database objects that contain group information; in other
words, do not use names that begin with /.:/sec/group/.
operation The name of the group operation for which to display help
information.
DESCRIPTION [Toc] [Back]
The group object represents registry groups. Unless otherwise noted,
all of the operations of this object take the names of the groups to
act on as the argument. They must be group names, not the names of the
database objects that contain registry information about groups (that
is, the names must not begin with /.:/sec/group/).
When this command executes, it attempts to bind to the registry server
identified in the _s(sec) variable. If that server cannot process the
request or if the _s(sec) variable is not set, the command binds to
either an available slave server or the master registry server,
depending on the operation. Upon completion the command sets the
_b(sec) convenience variable to the name of the registry server to
which it bound.
ATTRIBUTES [Toc] [Back]
alias {yes | no}
Used with the create and modify operations, the value of
this attribute is either yes or no. Although each group can
have only one primary name, it can have multiple alias
names. All aliases refer to the same group, and therefore,
carry the same Universal Unique Identifier (UUID) and group
identifier (GID). While aliases refer to the same group,
they are separate entries in the registry database.
Therefore, the name supplied to the group command can refer
to the group's primary name or alias name. The value of this
attribute determines whether the name is a primary name
(alias no) or an alias name (alias yes). The default is no.
gid integer
Used with the create operation to specify the Group
Identifier. If this attribute is not present, then an
identifier is assigned to the group automatically.
uuid hexadecimal number
Used with the create operation to "adopt" an orphaned UUID.
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
Normally the UUID for a new group is generated by the
registry. In cases where data exists tagged with the UUID
of a group that has been deleted from the registry, this
attribute can be used with the create operation to specify
the old UUID for a new group. The UUID specified must be an
orphan, that is, a UUID for which no name exists in the
registry. An error occurs if you specify a UUID that is
already defined in the registry. If this attribute is not
present, a UUID is assigned to the group automatically.
fullname string
Used with the create and modify operations to specify the
full name of the group to be added to the registry. The
value is a string with spaces enclosed in quotation marks or
braces. The fullname attribute defaults to a null string
(that is, blank).
inprojlist {yes | no}
Used with the create and modify operations to include the
group in the principal's project list. The value for this
option is either yes or no. If it is no, then members of
this group do not acquire the access rights of this group.
The default is yes.
reserved {yes | no}
Indicates whether the group object is reserved or not. The
default is no. This attribute may not be set or modified by
the user.
See the OSF DCE Administration Guide for more information about group
attributes.
OPERATIONS [Toc] [Back]
group add
Adds members to a security group. The syntax is as follows:
group add group_name_list -member member_name_list
Options [Toc] [Back]
-member member_name_list
A list of one or more names of principals to be added to
each group in the argument.
The add operation adds members to groups identified by
group_name_list. The required member_name_list is a list of principal
names to be added.
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
If the principals named in group_name_list do not exist, the command
returns an error. This operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have r (read) and M (Member_list) permissions on the target
group and r (read) and g (groups) permissions on the principal being
added.
Examples [Toc] [Back]
dcecp> group add users -member chopin
dcecp>
group catalog
Returns a list of the names of all groups in the registry. The syntax
is as follows:
group catalog [cell_name] [-simplename]
Options [Toc] [Back]
-simplename
Returns a list of group names in the registry without
prepending the cell name.
The catalog operation returns a list of the names of all groups in the
local registry database. Use the cell_name argument to return a list
of groups in another cell's registry. By default, fully qualified
names are returned in the form cell_name/group_name. Use the
-simplename option to return the names without the cell name in the
form group_name.
Privileges Required [Toc] [Back]
You must have r (read) permission to the /.:/sec/group directory.
Examples [Toc] [Back]
dcecp> group cat
/.../my_cell.goodcompany.com/nogroup
/.../my_cell.goodcompany.com/system
/.../my_cell.goodcompany.com/daemon
/.../my_cell.goodcompany.com/uucp
/.../my_cell.goodcompany.com/bin
/.../my_cell.goodcompany.com/kmem
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
/.../my_cell.goodcompany.com/mail
/.../my_cell.goodcompany.com/tty
/.../my_cell.goodcompany.com/none
/.../my_cell.goodcompany.com/tcb
/.../my_cell.goodcompany.com/acct-admin
/.../my_cell.goodcompany.com/subsys/dce/sec-admin
/.../my_cell.goodcompany.com/subsys/dce/cds-admin
/.../my_cell.goodcompany.com/subsys/dce/dts-admin
/.../my_cell.goodcompany.com/subsys/dce/cds-server
/.../my_cell.goodcompany.com/subsys/dce/dts-servers
/.../my_cell.goodcompany.com/users
dcecp>
dcecp> group cat -simplename
nogroup
system
daemon
uucp
bin
kmem
mail
tty
none
tcb
acct-admin
subsys/dce/sec-admin
subsys/dce/cds-admin
subsys/dce/dts-admin
subsys/dce/cds-server
subsys/dce/dts-servers
subsys/dce/audit-admin
subsys/dce/dced-admin
dcecp>
group create
Creates a new group in the registry database. The syntax is as
follows:
group create group_name_list
{-attribute extended_rgy_attr_list | -attribute value}
Options [Toc] [Back]
-attribute value
As an alternative to using the -attribute option with an
attribute list, you can specify individual attribute options
by prepending a hyphen (-) to any attributes listed in the
ATTRIBUTES section of this reference page. You cannot use
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
this format to specify ERAs; it is only for the standard
attributes described in ATTRIBUTES.
-attribute extended_rgy_attr_list
Allows you to specify attributes, including ERAs, by using
an attribute list rather than individual attribute options.
The format of an attribute list is as follows:
{{extended_rgy_attr_list value}...{extended_rgy_attr_list value}}
See the OSF DCE Administration Guide for more information on
ERAs.
The create operation creates a new group in the registry database. The
argument is a list of names of groups to be created. Options are used
to specify the attributes of the newly created group. All options are
applied to all groups in the argument. This operation returns an empty
string on success.
Privileges Required [Toc] [Back]
You must have i (insert) permission to the directory in which the
group is to be created.
Examples [Toc] [Back]
dcecp> group create users4 -attribute {fullname "temporary users"}
dcecp>
dcecp> group create jimbo@gumby_cell
dcecp>
group delete
Deletes groups from the registry. The syntax is as follows:
group delete group_name_list
The delete operation deletes groups from the registry. When a group
is deleted, any accounts associated with the group are deleted as
well. The argument is a list of names of groups to be deleted. If a
named group does not exist, an error is generated. This operation
returns an empty string on success.
This operation also deletes any accounts associated with groups that
are deleted. To preserve accounts, add the desired principals to a
different group by using the group add -member command. Modify the
principals' accounts to point to the new group by using the account
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
modify command. Then you can delete the group by using the group
delete command.
Privileges Required [Toc] [Back]
You must have d (delete) permission to the directory in which the
target group exists. You must have r (read) and D (Delete_object)
permission on the group to be deleted.
Examples [Toc] [Back]
dcecp> group delete users4
dcecp>
group help
Returns help information about the group object and its operations.
The syntax is as follows:
group help [operation | -verbose]
Options [Toc] [Back]
-verbose Displays information about the group object.
Used without an argument or option, the group help command returns
brief information about each group operation. The optional operation
argument is the name of an operation about which you want detailed
information. Alternatively, you can use the -verbose option for more
detailed information about the group object itself.
Privileges Required [Toc] [Back]
No special privileges are needed to use the group help command.
Examples [Toc] [Back]
dcecp> group help
add Adds a member to the named group.
catalog Returns a list of all the names of groups in the registry.
create Creates a group.
delete Deletes a group.
list Returns all of the members of a group.
modify Changes the information about a group.
remove Removes a specified member from the named group.
rename Renames the specified group.
show Returns the attributes of a group.
help Prints a summary of command-line options.
Hewlett-Packard Company - 7 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
operations Returns a list of the valid operations for this command.
dcecp>
group list
Returns a list of the names of all members of a group. The syntax is
as follows:
group list group_name_list [-simplename]
Options [Toc] [Back]
-simplename
Returns the list of group names in the registry without
prepending the cell name.
The list operation returns a list of the names of all members of a
group. The argument is a list of names of groups to be operated on.
If more than one group is listed, the names are concatenated on
output. By default, fully qualified names are returned in the form
cellname/membername. Use the -simplename option to return them
without prepending the cell name to the member name. The members of
each group are listed in lexical order.
Privileges Required [Toc] [Back]
You must have r (read) permission to the /.:/sec/group directory.
Examples [Toc] [Back]
dcecp> group list none
/.../my_cell.goodcompany.com/dce-ptgt
/.../my_cell.goodcompany.com/dce-rgy
/.../my_cell.goodcompany.com/krbtgt/my_cell.goodcompany.com
/.../my_cell.goodcompany.com/cell_admin
/.../my_cell.goodcompany.com/hosts/pmin17/self
dcecp>
group modify
Changes attributes of groups. The syntax is as follows:
group modify group_name_list
{-add extended_rgy_attr_list |
-remove extended_rgy_attr_list [-types] |
-change extended_rgy_attr_list | -attribute value}
Hewlett-Packard Company - 8 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
Options [Toc] [Back]
-attribute value
As an alternative to using the -add, -change, or -remove
options with attribute lists, you can specify individual
attribute options by prepending a hyphen (-) to any
attributes listed in the ATTRIBUTES section of this
reference page. You cannot use this format to specify ERAs;
it is only for the standard attributes described in
ATTRIBUTES.
-add extended_rgy_attr_list
Allows you to modify attributes, including ERAs, by using an
attribute list rather than individual attribute options.
The format of an attribute list is as follows:
{{extended_rgy_attr_list value}...{extended_rgy_attr_list value}}
-change extended_rgy_attr_list
Allows you to modify attributes, including ERAs, by using an
attribute list rather than individual attribute options. See
the -add option for the attribute list format.
-remove extended_rgy_attr_list
Allows you to modify attributes, including ERAs, by using an
attribute list rather than individual attribute options. See
the -add option for the attribute list format.
Without the -types option, -remove deletes individual
attribute instances attached to the group. In this case,
extended_rgy_attr_list is a list of attribute-value pairs.
With the -types option, -remove deletes attribute types (and
all instances of that type) attached to the group. In this
case, extended_rgy_attr_list is a list of attribute types.
-types Used with the -remove option to remove attribute types (and
all instances of that type) attached to the group.
See the OSF DCE Administration Guide for more information about ERAs.
The modify operation changes attributes of groups. The argument is a
list of names of groups to be operated on. All modifications are
applied to all groups named in the argument. Groups are modified in
the order they are listed, and all modifications to an individual
group are atomic. Modifications to multiple groups are not atomic. A
failure for any one group in a list generates an error and cancels the
rest of the operation. This operation returns an empty string on
success.
Hewlett-Packard Company - 9 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
The -change option can modify the value of any standard attribute
except for gid and uuid.
Privileges Required [Toc] [Back]
You must have r (read) permission to the group to be modified and f
(full_name) permission to modify the group's full name and/or m
(mgmt_info) permission to modify the group's management information.
Examples [Toc] [Back]
dcecp> group modify users3 -change {fullname "General Nursing Staff"}
dcecp>
dcecp> group show users3
{name users3}
{fullname {General Nursing Staff}}
{gid 5212}
{uuid 0000145c-9363-21cd-a601-0000c08adf56}
{alias no}
{reserved no}
{inprojlist no}
dcecp>
dcecp> group modify users3 -add {test_era 101}
dcecp>
dcecp> group show users3 -all
{name users3}
{fullname {General Nursing Staff}}
{gid 5212}
{uuid 0000145c-9363-21cd-a601-0000c08adf56}
{alias no}
{reserved no}
{inprojlist no}
{test_era 101}
dcecp>
group operations
Returns a list of the operations supported by the group object. The
syntax is as follows:
group operations
The list of available operations is in alphabetical order except for
help and operations, which are listed last.
Privileges Required [Toc] [Back]
Hewlett-Packard Company - 10 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
No special privileges are needed to use the group operations command.
Examples [Toc] [Back]
dcecp> group operations
add catalog create delete list modify remove rename show help operations
dcecp>
group remove
Removes a member from a group. The syntax is as follows:
group remove group_name_list -member member_name_list
Options [Toc] [Back]
-member member_name_list
A list of one or more names of principals to be removed from
each group in the argument.
The remove operation removes members from the groups identified by
group_name_list. The required member_name_list is a list of principals
to remove from the groups named in group_name_list.
When a member is removed from a group, any accounts associated with
that principal and group are deleted. Remember that accounts are
associated with a principal, a group, and an organization; therefore,
any accounts whose principal name and group name match those given to
this command are removed, but accounts for which only one name matches
are untouched. This operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have r (read) and M (Member_list) permissions on the target
groups and r (read) permission on the member to be removed.
Examples [Toc] [Back]
dcecp> group remove users -member chopin
dcecp>
group rename
This operation changes the name of a specified group. The syntax is
as follows:
group rename group_name -to new_group_name
Hewlett-Packard Company - 11 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
Options [Toc] [Back]
-to new_group_name
Specifies the new name of the group.
See ARGUMENTS for a description of group names.
The rename operation changes the name of a specified group. The
argument is a single name of a group to be renamed. The operation
takes a required -to option with the value of the new name. The value
may not be a list. This operation returns an empty string on success.
Privileges Required [Toc] [Back]
You must have r (read) and n (name) permissions to the specified
groups.
Examples [Toc] [Back]
dcecp> group rename users4 -to users_temporary
dcecp>
group show
Returns registry information for the specified groups. The syntax is
as follows:
group show group_name_list [-all | -xattrs]
Options [Toc] [Back]
-xattrs Returns ERAs instead of the default attributes.
-all Returns ERAs in addition to the default attributes.
The show operation returns an attribute list for the specified groups.
The argument is a list of names of groups to be operated on. If more
than one group is given, the attributes are concatenated. Use the -
xattrs option to return ERAs instead of the standard attributes. Use
-all to return both types of attributes.
Privileges Required [Toc] [Back]
You must have r (read) permission to the specified groups.
Hewlett-Packard Company - 12 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
group(1m) Open Software Foundation group(1m)
Examples [Toc] [Back]
dcecp> group show users_temporary
{name users_temporary}
{fullname {temporary users}}
{gid 5211}
{uuid 0000145b-9362-21cd-a601-0000c08adf56}
{alias no}
{reserved no}
{inprojlist no}
dcecp>
RELATED INFORMATION [Toc] [Back]
Commands: dcecp(1m), dcecp_account(1m), dcecp_organization(1m),
dcecp_principal(1m), dcecp_registry(1m), dcecp_xattrschema(1m).
Hewlett-Packard Company - 13 -�OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |
