| Administering the UserList File | ||
|---|---|---|
 | Chapter 15. Managing Administrative Privilege |  |
| Administering the UserList File | ||
|---|---|---|
| | Chapter 15. Managing Administrative Privilege | |
Inclusion in the file /usr/afs/etc/UserList on the local disk of each AFS server machine enables an administrator to issue commands from the indicated suites.
The bos commands enable the administrator to manage server processes and the server configuration files that define the cell's database server machines, server encryption keys, and privileged users. See Administering Server Machines and Monitoring and Controlling Server Processes.
The vos commands enable the administrator to manage volumes and the Volume Location Database (VLDB). See Managing Volumes.
The backup commands enable the administrator to use the AFS Backup System to copy data to permanent storage. See Configuring the AFS Backup System and Backing Up and Restoring AFS Data.
Although each AFS server machine maintains a separate copy of the file on its local disk, it is conventional to keep all copies the same. It can be confusing for an administrator to have the privilege on some machines but not others.
If your cell uses the Update Server to distribute the contents of the system control machine's /usr/afs/etc directory, then edit only the copy of the UserList file stored on the system control machine. If you have forgotten which machine is the system control machine, see The Four Roles for File Server Machines.
To avoid making formatting errors that can result in performance problems, never edit the UserList file directly. Instead, use the bos adduser or bos removeuser commands as described in this section.
Issue the bos listusers command to display the contents of the /usr/afs/etc/UserList file.
% bos listusers <machine name>
where
Is the shortest acceptable abbreviation of listusers.
Names an AFS server machine. In the normal case, any machine is acceptable because the file is the same on all of them.
Verify you are listed in the /usr/afs/etc/UserList file. If not, you must have a qualified administrator add you before you can add entries to it yourself. If necessary, issue the bos listusers command, which is fully described in To display the users in the UserList file.
% bos listusers <machine name>
Issue the bos adduser command to add one or more users to the UserList file.
% bos adduser <machine name> <user names>+
where
Is the shortest acceptable abbreviation of adduser.
Names the system control machine if you use the Update Server to distribute the contents of the /usr/afs/etc directory. By default, it can take up to five minutes for the Update Server to distribute the changes, so newly added users must wait that long before attempting to issue privileged commands.
Specifies the username of each administrator to add to the UserList file.
Verify you are listed in the /usr/afs/etc/UserList file. If not, you must have a qualified administrator add you before you can remove entries from it yourself. If necessary, issue the bos listusers command, which is fully described in To display the users in the UserList file.
% bos listusers <machine name>
Issue the bos removeuser command to remove one or more users from the UserList file.
% bos removeuser <machine name> <user names>+
where
Is the shortest acceptable abbreviation of removeuser.
Names the system control machine if you use the Update Server to distribute the contents of the /usr/afs/etc directory. By default, it can take up to five minutes for the Update Server to distribute the change, so newly removed users can continue to issue privileged commands during that time.
Specifies the username of each administrator to add to the UserList file.
| |  | |
| Granting Privilege for kas Commands: the ADMIN Flag |  | Appendix A. Managing the NFS/AFS Translator |