Principal, Group, and Organization Subcommands
view
Synopsis
v[iew] [name | -u unix_number] [-f] [-m] [-po]
Description
Views registry entries. Whether name applies to a principal, group, or organization depends on the domain in which you run rgy_edit. Use the
do[main] subcommand (described in Miscellaneous Subcommands in this reference page) to change domains.
If you specify the -u unix_number option, rgy_edit displays all matching entries, including any aliases.
The -f option displays entries in full (all fields except the membership list and organization policy).
If you are viewing groups or organizations, -m displays the membership list. For principals, -m lists all groups of which the principal is a member, including groups that cannot appear in a project list.
If you are viewing organizations, -po displays policy information. If you do not enter the -po option, rgy_edit shows only the organizations name and the UNIX number.
add
Synopsis
a[dd] [principal_name [unix_number] [-f fullname] [-al] [-q quota]]
a[dd]
[group_name [unix_number] [-f fullname [-nl]]] [-al] ls
a[dd]
[organization_name [unix_number] [-f fullname]]
Description
Creates a new name entry.
If you do not specify principal_name, group_name, or organization-name, the add subcommand prompts you for each field in the entry. If you are adding organizations, the command prompts you for policy information as well. If you specify only principal_name, group_name, or organization_name and no other arguments, the objects fullname defaults to (that is, blank), the objects UNIX number is assigned automatically, and the objects creation quota defaults to unlimited.
Use the -al option to create an alias for an existing principal or group. No two principals or groups can have the same UNIX number, but a principal or group and all its aliases share the same UNIX number. The -al option creates an alias name for a principal or group and assigns the alias name the same UNIX number as the principal or group.
The -q option specifies the principals object creation quota, the total number of registry objects that can be created by the principal. If you do not specify this option, the object creation quota defaults to unlimited.
For groups, the -nl option indicates that the group is not to be included on project lists; omitting this option allows the group to appear on project lists.
change
Synopsis
c[hange] [principal_name [-n name] [-f fullname] [-al | -pr] [-q quota]]
c[hange] [group_name [-n name] [-f fullname] [-nl | -l] ] [-al | -pr]
c[hange] [organization_name [-n name] [-f fullname]]
Description
Changes a principal, group, or organization.
If you do not specify a principal_name, group_name, or organization_name, the change subcommand prompts you for a name. If you do not specify any fields, the subcommand prompts you for each field in succession. To leave a field unchanged, press <Return> at the prompt. If you are changing organization entries in the interactive mode, the subcommand prompts you for policy information as well.
Use -n name and -f fullname, to specify a new primary name or fullname, respectively.
For principals and groups, the -al option changes a primary name into an alias, and the -pr option changes an alias into a primary name. You can make this change from the command line only, not in interactive mode.
The -q option specifies the total number of registry objects that the principal can create.
For group entries, the -nl option disallows the group from appearing in project lists, while the -l option allows the group to appear in project lists.
For organization entries, you can change policy information only in interactive mode.
Changes to a principal name are reflected in membership lists that contain the principal name. For example, if the principal ludwig is a member of the group composers and the principal name is changed to louis, the membership list for composers changes to include louis but not ludwig.
For reserved names, you can change only fullname.
member
Synopsis
m[ember] [group_name | organization_name [-a member_list] [-r member_list] ]
Description
Edits the membership list for a group or organization.
If you do not specify a group or organization, the member subcommand prompts you for names to add or remove.
To add names or aliases to a membership list, use the -a option followed by the names separated by commas. To delete names from a membership list, use the -r option followed by the names separated by commas. If you do not include either the -a or -r option on the command line, rgy_edit prompts you for names to add or remove.
Removing names from the membership list for a group or organization has the side effect of deleting the login account for removed member (and, of course, eliminating any permissions granted as a result of the membership the next time the members ticket-granting ticket is renewed).
delete
Synopsis
del[ete] name
Description
Deletes a registry entry.
If you delete a principal, rgy_edit deletes the principals account. If you delete a group or organization, rgy_edit deletes any accounts associated with the group or organization. You cannot delete reserved principals.
adopt
Synopsis
adopt uuid principal_name [-u unix_name] [ -f fullname] [ -q quota]
adopt uuid
group_name [-f fullname] [-nl]
adopt uuid organization_name [ -f fullname]
Description
Creates a principal, group, or organization for the specified UUID.
The principal, group, or organization is created to adopt an orphan object. Orphans are registry objects that cannot be accessed because 1) they are owned by UUIDs that are not associated with a principal or group and 2) no other principal, group, or organization has access rights to the orphaned object. UUIDs are associated with all registry objects when the object is created. When the registry object is deleted, the association between the object and the UUID is also deleted.
The principal_name, group_name, or organization_name you specify must be unique in the registry as it must be when you create a principal, group, or organization using the add subcommand. Except for the manner in which it is created, the principal, group, or organization created by the adopt subcommand is the same as any other principal, group, or organization.
The uuid option specifies the UUID number to be assigned to the principal, group, or organization. The UUID supplied must be the one that owns the orphaned object. Specify the uuid in RPC print string format as 8 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; and 12 hexadecimal digits. The format follows:
nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
For cell principals only, the -u option specifies the UNIX number to be associated with the cell name. If you do not enter this option, the next sequential UNIX number is supplied as a default. For all principals other than cells, the UNIX number is extracted from information embedded in the principals UUID and cannot be specified here.
For principals, the -q option specifies the principals object creation quota. If you do not enter the option, the object creation quota is set to unlimited.
For groups, the -nl option turns off the project list inclusion property so that groups are not included in project lists. If you do not enter this option, the group is included in project lists.
For principals, groups, and organizations, the -f option supplies the objects full name. If you do not enter the -f option, full name defaults to blank.
An error occurs if you specify a name or UNIX number that is already defined within the same domain of the database.
Note that in the current implementation of the DCE, UNIX numbers are embedded in UUID numbers. If you try to create a group or organization to adopt an orphaned object and fail, it could be because the embedded UNIX number is invalid because it is not within the range of valid UNIX numbers set for the cell as a registry property. If this is the case, you must reset the range of valid UNIX numbers to include the UNIX number embedded in the UUID and then try again to adopt the object.