|
Creating and Using Protection (pts) Groups for IFS
A protection — or pts — group is used to assign access rights to Institutional File System (IFS) folders. It is a group of uniqnames that can also include other pts groups. You use pts groups in conjunction with Access Control Lists (ACLs) to control access to IFS directories and folders.
For example, you might create a pts group that includes all the people who work on the web site belonging to a particular student organization. You can then set ACLs to give all the people in that pts group full access to the IFS directory — and all the folders in it — where the web pages reside. As new students join and others graduate, you can easily edit the pts group. This simplifies things so you don't have to change ACLs on every folder every time group membership changes.
This document explains how to create, use, and change pts groups. However, you must be an owner of a group in order to make changes or delete it.
WHY pts: We specify pts as all lower-case characters because you must always enter it that way in an ITS Login Service session.
Table of Contents
pts Group Names
The format for the name of any pts group is <creator's uniqname>:<name of group>. For example, if your uniqname was bjensen and you created a pts group so a few of your friends could have access to some files in one of your IFS folders, you might name it bjensen:friends.
Connect to the ITS Login Service to Enter pts Commands
To create and work with pts groups, you need to enter pts commands (see list in the next section of this document). You can do this from the ITS Login Service.
- You must use secure software to connect to the ITS Login Service (login.itd.umich.edu). We recommend the following programs available to the U-M community members at no cost.
- WINDOWS: SSH Secure Shell is available at no cost from the U-M Blue Disc website. From the Operating System pull-down menu, select either Windows or Vista and download the SSH Secure Shell software. Help is available at Using SSH Secure Shell to Connect to Host Computers [Windows] (S4304).
- On your desktop, open the U-M Internet Access Kit folder.
- Double-click ITS Login (terminal).
- In the User Name field, enter your uniqname.
- In the Password field, enter your UMICH Kerberos password.
- At the Linux prompt (%), enter a pts command, then press Enter or Return.
Don't forget to logout. When you are finished with your ITS Login Service session, at the Linux (%) prompt, type logout and press Enter or Return.
- MAC OS X: Terminal, a Mac OS X application available in the Utilities folder located within the Applications folder.
HINT: From the U-M Blue Disc website, you can obtain a pre-configured shortcut that will appear in your Dock. From the Operating System pull-down menu, select Mac OS X and download the U-M SSH Connections item. If you use the Login shortcut, proceed to step 2 in the following steps.
- In Terminal, enter this command:
and press Enter or Return
- At the Password prompt, enter your UMICH Kerberos password and press Enter or Return.
- At the Linux prompt (%), enter a pts command, then press Enter or Return.
Don't forget to logout. When you are finished with your ITS Login Service session, at the Linux (%) prompt, type logout and press Enter or Return.
pts Commands
HINTS:
- To make changes to or delete a pts group, you must be an owner.
- When entering a command, never include the < and > brackets and provide the information that's requested, rather than the text within the brackets. For example, if your uniqname is bjensen, you would replace <youruniqname> with bjensen.
- Use lower-case characters. Commands entered in upper-case will not work. The only exception is the name of a pts group if it was created with an upper-case character. You should enter it that way.
- After entering a command, always complete it by pressing Enter or Return.
| Task |
Command |
| Create a pts group of which you are the owner |
pts creategroup <youruniqname:name of pts group>
The first part of the command can be abbreviated to pts cg.
For example, if your uniqname is bjensen and you want
to create a pts group called bjensen:docs, you would
enter:
|
| Add an individual or a pts group to a pts group |
pts adduser <uniqname or name of pts group you want to add> <name of pts group>
The first part of the command can be abbreviated to pts ad |
| Remove an individual or a pts group from a pts group |
pts removeuser <uniqname or name of pts group you want to remove> <name of pts group>
The first part of the command can be abbreviated to pts rem |
| Change the owner of a pts group |
pts chown <name of pts group> <new owner's uniqname or name of pts group that will be the owner>
The first part of the command can be abbreviated to chown |
| Delete a pts group |
pts delete <name of pts group>
The first part of the command can be abbreviated to pts
del |
| List information about a pts group (for example, owner,
creator, and so on) |
pts examine <pts group name or uniqname>
The first part of the command can be abbreviated to pts
e |
| List all pts groups owned by a given uniqname or pts
group |
pts listowned <uniqname or name of pts group>
The first part of the command can be abbreviated to pts
listo |
| List all pts groups of which a given uniqname is a member
or list all members of a given pts group |
pts membership <uniqname or name of pts group>
The first part of the command can be abbreviated to pts
m |
| Display list of pts commands available |
pts help |
Tips for Using pts Groups
- Remember to add yourself
You are not automatically a member of any group you create. If you want to be included in a pts group you create, you need to add yourself with the adduser command.
- Groups can own groups
It's often helpful to share ownership of a pts group, especially one that is large or that changes frequently, so that more than one person can make changes when needed. You do this by making a pts group the owner of the group rather than an individual.
For example, you might create a pts group of three or four people who have been designated to administer a web site and name the group webadmin. Then use the chown command to change ownership of the group from your uniqname to the webadmin group. You (or anyone else in that group) could then create a larger group (owned by webadmin) called webmembers that includes those people who have access to the web site's files to update them. The members of webadmin could then share administration of the webmembers group, making changes as needed.
Getting a Group IFS Directory
You can use pts groups with your IFS home directory and the folders inside it and with other directories and folders in IFS. You can also arrange to have a group IFS directory, either as a shared work space or as a means of publishing on the web. To get a group IFS directory, contact the ITS Accounts Office at 764-8000. You will need to fill out a form, then the directory will be created and a directory name assigned to your group. The form can be downloaded from the web; see IFS Group or Course Home Directory Application (R1132).
For details about using your IFS home directory or a group directory to publish on the Web, see the Create Your Own UM Web Page instructions.
Additional Resources
Visit ITS's
Information System to obtain ITS computer documentation
and other resources. A list of relevant documents follows:
ITS's Online Help Desk provides a variety of computing help resources.
For further help with pts groups, send e-mail or phone (734) 764-HELP.
|
