PRINCIPAL, GROUP, AND ORGANIZATION SUBCOMMANDS Whether name applies to a principal, group, or organization depends on the domain in which you run rgy_edit. Use the do[main] subcommand (described in Miscellaneous Commands) to change domains.
1 – view
v[iew] [name] [-f] [-m] [-po] Views registry entries. The -f option displays entries in full (all fields except the membership list and organization policy). If you are viewing groups or organizations, -m displays the membership list. For principals, -m lists all groups of which the principal is a member, including groups that cannot appear in a project list. If you are viewing organizations, -po displays policy information. If you do not enter the -po option, rgy_edit shows only the organization's name and the UNIX number.
2 – add
a[dd] [principal_name [unix_number] [-f fullname] [-al] [-q quota]] a[dd] [group_name [unix_number] [-f fullname [-nl]]] [-al] ls a[dd] [organization_name [unix_number] [-f fullname]] Create a new name entry. If you do not specify principal_name, group_name, or organization name, the add subcommand prompts you for each field in the entry. If you are adding organizations, the command prompts you for policy information as well. If you specify only principal_name, group_name, or organization_name and no other arguments, the object's fullname defaults to "" (that is, blank), the object's UNIX number is assigned automatically, and the object's creation quota defaults to unlimited. Use the -al option to create an alias for an existing principal or group. No two principals or groups can have the same UNIX number, but a principal or group and all its aliases share the same UNIX number. The -al option creates an alias name for a principal or group and assigns the alias name the same UNIX number as the principal or group. The -q option specifies the principal's object creation quota, the total number of registry objects that can be created by the principal. If you do not specify this option, the object creation quota defaults to unlimited. For groups, the -nl option indicates that the group is not to be included on project lists; omitting this option allows the group to appear on project lists.
3 – change
c[hange] [principal_name [-n name] [-f fullname] [-al | -pr]
[-q quota]]
c[hange] [group_name [-n name] [-f fullname] [-nl | -l] ]
[-al | -pr]
c[hange] [organization_name [-n name] [-f fullname]]
Changes a principal, group, or organization.
Specify the entry to change with principal_name, group_name, or
organization_name. If you do not specify a principal_name,
group_name, or organization_name, the change subcommand prompts
you for a name. If you do not specify any fields, the subcommand
prompts you for each field in succession. To leave a field
unchanged, press <RETURN> at the prompt. If you are changing
organization entries in the interactive mode, the subcommand
prompts you for policy information as well.
Use -n name and -f fullname, to specify a new primary name or
fullname, respectively.
For principals and groups, the -al option changes a primary name
into an alias, and the -pr option changes an alias into a primary
name. This change can be made only from the command line, not in
the interactive mode. The -q option specifies the total number of
registry objects that can be created by the principal.
For group entries, the -nl option disallows the group from
appearing in project lists, while the -l option allows the group
to appear in project lists.
For organization entries, you can change policy information only in
the interactive mode.
Changes to a principal name are reflected in membership lists that
contain the principal name. For example, if the principal ludwig is
a member of the group composers and the principal name is changed
to louis, the membership list for composers is automatically
changed to include louis but not ludwig.
For reserved names, you can change only fullname.
4 – member
m[ember] [group_name | organization_name [-a member_list]
[-r member_list] ]
Edits the membership list for a group or organization.
If you do not specify a group or organization, the member subcommand
prompts you for names to add or remove.
To add names or aliases to a membership list, use the -a option
followed by the names separated by commas. To delete names from a
membership list, use the -r option followed by the names separated
by commas. If you do not include either the -a or -r option on the
command line, rgy_edit prompts you for names to add or remove.
Removing names from the membership list for a group or organization
has the side effect of deleting the login account for removed member
(and, of course, eliminating any permissions granted as a result of
the membership the next time the member's ticket-granting ticket is
renewed).
5 – delete
del[ete] name Deletes a registry entry. If you delete a principal, rgy_edit deletes the principal's account.If you delete a group or organization, rgy_edit deletes any accounts associated with the group or organization. You cannot delete reserved principals.
6 – adopt
adopt uuid principal_name [-u unix_number] [ -f fullname] [-q quota]
adopt uuid group_name [-f fullname] [-nl]
adopt uuid organization_name [-f fullname]
Creates a principal, group, or organization for the specified UUID.
The principal, group, or organization is created to adopt an orphan
object. Orphans are registry objects that cannot be accessed
because 1) they are owned by UUIDs that are not associated with a
principal or group and 2) no other principal, group, or organiza-
tion has access rights to the orphaned object. UUIDs are associ-
ated with all registry objects when the object is created. When
the registry object is deleted, the association between the object
and the UUID is also deleted.
The principal_name, group_name, or organization_name you specify
must be unique in the registry as it must be when you create a
principal, group, or organization using the add subcommand. Except
for the manner in which it is created, the principal, group, or
organization created by the adopt subcommand is no different from
any other principal, group, or organization. The uuid option
specifies the UUID number to be assigned to the principal, group,or
organization. The UUID supplied must be the one that owns the
orphaned object. Specify the uuid in RPC print string format as 8
hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4
hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen;
and 12 hexadecimal digits. The format follows:
nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
For cell principals only, the -u option specifies the UNIX number to
be associated with the cell name. If you do not enter this option,
the next sequential UNIX number is supplied as a default. For all
principals other than cells, the UNIX number is extracted from
information embedded in the principal's UUID and cannot be
specified here.
For principals, the -q option specifies the principal's object
creation quota. If you do not enter the option, the object
creation quota is set to "unlimited."
For groups, the -nl option turns off the project list inclusion
property so that groups are not included in project lists. If you
do not enter this option, the group is included in project lists.
For principals, groups, and organizations, the -f option supplies
the object's fullname. If you do not enter the -f option, fullname
defaults to blank.
An error occurs if you specify a name or UNIX number that is
already defined within the same domain of the database.
Note that in the current implementation of the DCE, UNIX numbers
are embedded in UUID numbers. If you try to create a group or
organization to adopt an orphaned object and fail, it could be
because the embedded UNIX number is invalid because it does not
fall within the range of valid UNIX numbers set for the cell as
a registry property. If this is the case, you must reset the
range of valid UNIX numbers to include the UNIX number embedded
in the UUID and then try again to adopt the object.