PRINCIPAL, GROUP, AND ORGANIZATION SUBCOMMANDS Whether name applies to a principal, group, or organization depends on the domain in which you run rgy_edit. Use the do[main] subcommand (described in Miscellaneous Commands) to change domains.
1 – view
v[iew] [name] [-f] [-m] [-po] Views registry entries. The -f option displays entries in full (all fields except the membership list and organization policy). If you are viewing groups or organizations, -m displays the membership list. For principals, -m lists all groups of which the principal is a member, including groups that cannot appear in a project list. If you are viewing organizations, -po displays policy information. If you do not enter the -po option, rgy_edit shows only the organization's name and the UNIX number.
2 – add
a[dd] [principal_name [unix_number] [-f fullname] [-al] [-q quota]] a[dd] [group_name [unix_number] [-f fullname [-nl]]] [-al] ls a[dd] [organization_name [unix_number] [-f fullname]] Create a new name entry. If you do not specify principal_name, group_name, or organization name, the add subcommand prompts you for each field in the entry. If you are adding organizations, the command prompts you for policy information as well. If you specify only principal_name, group_name, or organization_name and no other arguments, the object's fullname defaults to "" (that is, blank), the object's UNIX number is assigned automatically, and the object's creation quota defaults to unlimited. Use the -al option to create an alias for an existing principal or group. No two principals or groups can have the same UNIX number, but a principal or group and all its aliases share the same UNIX number. The -al option creates an alias name for a principal or group and assigns the alias name the same UNIX number as the principal or group. The -q option specifies the principal's object creation quota, the total number of registry objects that can be created by the principal. If you do not specify this option, the object creation quota defaults to unlimited. For groups, the -nl option indicates that the group is not to be included on project lists; omitting this option allows the group to appear on project lists.
3 – change
c[hange] [principal_name [-n name] [-f fullname] [-al | -pr] [-q quota]] c[hange] [group_name [-n name] [-f fullname] [-nl | -l] ] [-al | -pr] c[hange] [organization_name [-n name] [-f fullname]] Changes a principal, group, or organization. Specify the entry to change with principal_name, group_name, or organization_name. If you do not specify a principal_name, group_name, or organization_name, the change subcommand prompts you for a name. If you do not specify any fields, the subcommand prompts you for each field in succession. To leave a field unchanged, press <RETURN> at the prompt. If you are changing organization entries in the interactive mode, the subcommand prompts you for policy information as well. Use -n name and -f fullname, to specify a new primary name or fullname, respectively. For principals and groups, the -al option changes a primary name into an alias, and the -pr option changes an alias into a primary name. This change can be made only from the command line, not in the interactive mode. The -q option specifies the total number of registry objects that can be created by the principal. For group entries, the -nl option disallows the group from appearing in project lists, while the -l option allows the group to appear in project lists. For organization entries, you can change policy information only in the interactive mode. Changes to a principal name are reflected in membership lists that contain the principal name. For example, if the principal ludwig is a member of the group composers and the principal name is changed to louis, the membership list for composers is automatically changed to include louis but not ludwig. For reserved names, you can change only fullname.
4 – member
m[ember] [group_name | organization_name [-a member_list] [-r member_list] ] Edits the membership list for a group or organization. If you do not specify a group or organization, the member subcommand prompts you for names to add or remove. To add names or aliases to a membership list, use the -a option followed by the names separated by commas. To delete names from a membership list, use the -r option followed by the names separated by commas. If you do not include either the -a or -r option on the command line, rgy_edit prompts you for names to add or remove. Removing names from the membership list for a group or organization has the side effect of deleting the login account for removed member (and, of course, eliminating any permissions granted as a result of the membership the next time the member's ticket-granting ticket is renewed).
5 – delete
del[ete] name Deletes a registry entry. If you delete a principal, rgy_edit deletes the principal's account.If you delete a group or organization, rgy_edit deletes any accounts associated with the group or organization. You cannot delete reserved principals.
6 – adopt
adopt uuid principal_name [-u unix_number] [ -f fullname] [-q quota] adopt uuid group_name [-f fullname] [-nl] adopt uuid organization_name [-f fullname] Creates a principal, group, or organization for the specified UUID. The principal, group, or organization is created to adopt an orphan object. Orphans are registry objects that cannot be accessed because 1) they are owned by UUIDs that are not associated with a principal or group and 2) no other principal, group, or organiza- tion has access rights to the orphaned object. UUIDs are associ- ated with all registry objects when the object is created. When the registry object is deleted, the association between the object and the UUID is also deleted. The principal_name, group_name, or organization_name you specify must be unique in the registry as it must be when you create a principal, group, or organization using the add subcommand. Except for the manner in which it is created, the principal, group, or organization created by the adopt subcommand is no different from any other principal, group, or organization. The uuid option specifies the UUID number to be assigned to the principal, group,or organization. The UUID supplied must be the one that owns the orphaned object. Specify the uuid in RPC print string format as 8 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; and 12 hexadecimal digits. The format follows: nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn For cell principals only, the -u option specifies the UNIX number to be associated with the cell name. If you do not enter this option, the next sequential UNIX number is supplied as a default. For all principals other than cells, the UNIX number is extracted from information embedded in the principal's UUID and cannot be specified here. For principals, the -q option specifies the principal's object creation quota. If you do not enter the option, the object creation quota is set to "unlimited." For groups, the -nl option turns off the project list inclusion property so that groups are not included in project lists. If you do not enter this option, the group is included in project lists. For principals, groups, and organizations, the -f option supplies the object's fullname. If you do not enter the -f option, fullname defaults to blank. An error occurs if you specify a name or UNIX number that is already defined within the same domain of the database. Note that in the current implementation of the DCE, UNIX numbers are embedded in UUID numbers. If you try to create a group or organization to adopt an orphaned object and fail, it could be because the embedded UNIX number is invalid because it does not fall within the range of valid UNIX numbers set for the cell as a registry property. If this is the case, you must reset the range of valid UNIX numbers to include the UNIX number embedded in the UUID and then try again to adopt the object.