Creating and Using Protection (pts) Groups for IFS

NOTE: This document is also available in these formats: Microsoft Word | Adobe Acrobat PDF

A protection group -- or pts group -- is similar to an e-mail group except that it is used for assigning access rights to Institutional File System (IFS) folders instead of for sending e-mail. A pts group is a group of uniqnames -- and sometimes of other pts groups, too. You use pts groups in conjunction with Access Control Lists (ACLs) to control access to IFS directories and folders.

For example, you might create a pts group that includes all the people who work on the web site belonging to a particular student organization. You can then set ACLs to give all the people in that pts group full access to the IFS directory -- and all the folders in it -- where the web pages reside. As new students join the organization, you can add them to the pts group, and as other students graduate, you can remove them from the group. This simplifies things so you don't have to change ACLs on every folder every time group membership changes.

This document tells you how to create, use, and change pts groups. For instructions on setting access privileges, see Using Access Control Lists (ACLs) With IFS Directories and Folders (S4111).

Table of Contents

• pts Group Names

• Connect to the Login Service to Enter pts Commands

• pts Commands

• Tips for Using pts Groups

• Getting a Group IFS Directory

• Additional Resources

pts Group Names

Connect to the Login Service to Enter pts Commands

1. Use secure software to connect to the Login Service (login.itd.umich.edu).
   • Windows. Use SSH Secure Shell software. For information about obtaining and using SSH Secure Shell, see Using SSH Secure Shell to Connect to Host Computers [Windows] (S4304).
   • Mac OS X. Mac OS X comes with SSH software called Terminal. Open the Applications folder, then the Utilities folder to find it. Open Terminal and enter this command:
     ssh login.itd.umich.edu

     The Blue Disc installs an icon in your dock that you can click to connect to the Login Service.

   • Mac OS 8.6-9.2.2. Mac Classic users can use MacSSH, which is available on the Blue Disc.

2. At the login prompt, enter your uniqname and press the Return key.

3. At the AFS Password prompt, enter your UMICH password and press Return.

4. Enter any pts command at the % prompt.

5. When you are finished, enter logout at the % prompt and quit or exit the software you used to connect to the Login Service.

pts Commands

NOTE: You must be an owner of a pts group to make changes to or delete it.

To do this . . .	Enter this command . . .
Create a pts group of which you are the owner	pts creategroup <youruniqname:name of pts group> The first part of the command can be abbreviated to pts cg. For example, if your uniqname were bjensen and you wanted to create a pts group called bjensen:docs, you would enter: pts cg bjensen:docs
Add an individual or a pts group to a pts group	pts adduser <uniqname or name of pts group you want to add> <name of pts group> The first part of the command can be abbreviated to pts ad
Remove an individual or a pts group from a pts group	pts removeuser <uniqname or name of pts group you want to remove> <name of pts group> The first part of the command can be abbreviated to pts rem
Change the owner of a pts group	pts chown <name of pts group> <new owner's uniqname or name of pts group that will be the owner> The first part of the command can be abbreviated to chown
Delete a pts group	pts delete <name of pts group> The first part of the command can be abbreviated to pts del
List information about a pts group (for example, owner, creator, and so on)	pts examine <pts group name or uniqname> The first part of the command can be abbreviated to pts e
List all pts groups owned by a given uniqname or pts group	pts listowned <uniqname or name of pts group> The first part of the command can be abbreviated to pts listo
List all pts groups of which a given uniqname is a member or list all members of a given pts group	pts membership <uniqname or name of pts group> The first part of the command can be abbreviated to pts m
Display list of pts commands available	pts help

Tips for Using pts Groups

Remember to add yourself

Groups can own groups

For example, you might create a pts group of three or four people who have been designated to administer a web site and name the group webadmin. Then use the chown command to change ownership of the group from your uniqname to the webadmin group. You (or anyone else in that group) could then create a larger group (owned by webadmin) called webmembers that includes those people who have access to the web site's files to update them. The members of webadmin could then share administration of the webmembers group, making changes as needed.

Getting a Group IFS Directory

For details about using your IFS home directory or a group directory to publish on the Web, see the Create Your Own UM Web Page instructions.

Additional Resources

Visit ITCS's Information System to obtain ITCS computer documentation and other resources. A list of relevant documents follows:

Using Access Control Lists (ACLs) With IFS Directories and Folders (S4111)

IFS Group or Course Home Directory Application (R1132)

Using SSH Secure Shell to Connect to Host Computers [Windows] (S4304).

We welcome your comments; please send e-mail.

ITCS's Online Help Desk provides a variety of computing help resources.

For further help with pts groups and IFS, send e-mail or phone (734) 764-HELP.