Skip to main content

PTS Groups

To increase security and reduce risk, Stanford is sunsetting its WebAFS service that is used to upload and download files to AFS.

To optimize AFS and make sure it is serving its intended functions, UIT has also taken these actions:

  • UIT no longer automatically provisions new faculty and staff members with AFS user volumes. New faculty or staff who need a personal user volume must submit a Help request.
    • This change does not impact existing AFS directories or the process for adding permissions for new individuals to those existing directories. Your existing space and everything in it remains intact.
    • This change does not impact the auto-provisioning of new AFS user volumes for students and postdocs.

​Class volumes do not expire and are kept indefinitely. This is an official academic policy, and any change to this policy must be considered by the Faculty Senate.

Overview

If lots of people need access to your directory you could have a problem: directories can only contain 20 ACLs. What if more than 20 people need access? Just create a single "group ACL" that applies to all these people at once. These group ACLs are called "pts groups". A pts group counts as one ACL but can hold as many SUNet IDs as you need. With a pts group you can grant lots of people access to your directory without bumping into the 20 ACL limit. It also saves you the time and hassle of assigning ACLs to people one at a time.

These instructions are divided into two parts. The first gives you step by step instructions on how to create and maintain pts groups in AFS. Unfortunately, creating pts groups -- and in many cases maintaining them -- requires that you work with the Unix command line. Don't worry: these instructions will guide you safely through the process.

The second part of these instructions is a summary of all the commands supplied in the first, minus the commentary: you can use it for quick and easy reference after you're comfortable with the basic idea.

Step by step instructions

These instructions presume you've got a SUNet ID and know enough about ACLs to understand why you want to create a pts group in the first place. Not so? Take a look at the Introduction to AFS pages.

In the example below, your SUNet ID is "jdoe" and you want to create a pts group called "mongrels" inside the WWW directory of a "bikes" group area in AFS. (In other words, inside the /afs/ir/group/bikes/WWW/ directory.)

  1. Log into Stanford Unix.

  2. Go to the directory in which you desire to create a pts group:
    In this example,   /afs/ir/group/bikes/WWW/   Type:
    cd /afs/ir/group/bikes/WWW/
    (You don't actually HAVE to create your pts group while in the directory that needs it, but doing so often saves typing, prevents mistakes, and seems more intuitive.)
  3. Make sure you have administrative permissions for that directory:
    a.) Type "fs la" (no quotes) at the command prompt while in the directory:

    b.) Look for your Sunet ID in the ACL list.
    c.) Look for rlidwka after your SUNet ID. The "a" at the end means you have administrative perms.
  4. Type:   pts creategroup -name <yoursunetid>:<group name>
    For example, since you're naming your pts group "mongrels", you'd type:
    pts creategroup -name jdoe:mongrels
  5. Check to make sure the group was created correctly: type "fs la" again. The name of your new group should be listed near the top of the ACL list, above all the individual Sunet IDs.

  6. Give your new group power (administrative privileges):
    a.) Type:  fs sa . <yoursunetid>:<groupname> rlidwka
    For example, since your pts group is called "mongrels", you'd type:
    fs sa . jdoe:mongrels rlidwka
    b.) Check to make sure you did it right by typing "fs la" again. Your new group should be listed like this:
    jdoe:mongrels rlidwka
    c.) Use administrative permissions only if your group needs it. Otherwise, just type:
    fs sa . <yoursunetid>:<groupname> rlidwk.
  7. Add people to your group. Type:
    pts adduser -user <sunetid> -group <name of pts group>
    For example:  pts adduser -user jsmith -group jdoe:mongrels
  8. Remove people from your group. Type:
    pts removeuser -user <sunetid> -group <name of pts group>
    For example:  pts removeuser -user jsmith -group jdoe:mongrels
  9. See who's in the group. Type:
    pts mem <name of group>
    For example:  pts mem jdoe:mongrels
  10. Find who owns the group. Type:
    pts exam <name of group>
    This lists the owner of the group, the creator, and how many people are in the group.

Quick guide to pts commands

  • To create a pts group.
    pts creategroup -name <yoursunetid>:<group name>
  • To give perms to a pts group.
    fs sa . <sunetid>:<groupname> <rlidwk or rlidwka>
  • To add people to a pts group.
    pts adduser -user <sunetid> -group <name of pts group>
  • To remove people from a pts group.
    pts removeuser -user <sunetid> -group <name of pts group>
  • To see who's in the pts group.
    pts mem <name of group>
  • To find who owns the pts group.
    pts exam <name of group>
  • To learn more pts group commands
    man pts
  • To see the ACL list
    fs la
  • To add someone to an ACL list
    fs sa . <sunetid> <rlidwk or rlidwka>
  • To remove someone from an ACL list
    fs sa . <sunetid> none
Last modified