Changing a Group's Owner

For user and machine entries, the Protection Server automatically assigns ownership to the system:administrators group at creation time, and this cannot be changed. For group entries, you can change ownership. This transfers administrative responsibility for it to another user or group (for information on group ownership of other groups, see Using Groups Effectively).

When you create a regular group, its owner_name prefix must accurately reflect its owner, as described in To create groups:

When you change a regular group's owner, the Protection Server automatically changes its owner_name prefix appropriately. For example, if the user pat becomes the new owner of the group terry:friends, its name automatically changes to pat:friends, both in the Protection Database and on ACLs.

However, the Protection Server does not automatically change the owner_name prefix of any regular groups that the group owns. To continue with the previous example, suppose that the group terry:friends owns the group terry:pals. When pat becomes the new owner of terry:friends, the name terry:pals does not change. To change the owner_name prefix of a regular group that is owned by another group (in the example, to change the group's name to pat:pals), use the pts rename command as described in Changing a Protection Database Entry's Name.

To change a group's owner

  1. Verify that you belong to the system:administrators group or own the group for which you are changing the owner. If necessary, issue the pts membership command, which is fully described in To display the members of the system:administrators group.

       % pts membership system:administrators
    
  2. (Optional) If you are changing the group's owner to another group (or to itself) and want to retain administrative privilege on the owned group, verify that you belong to the new owner group. If necessary, issue the pts membership command, which is fully described in To display group membership.

       % pts membership <user or group name or id>
    

    Use the pts adduser command to add yourself if necessary, as fully described in To add users and machines to groups.

       % pts adduser <user name> <group name>
    
  3. Issue the pts chown command to change the group's owner.

       % pts chown <group name> <new owner>
    

    where

    cho

    Is the shortest acceptable abbreviation of chown.

    group name

    Specifies the current name of the group.

    new owner

    Names the user or group to become the group's owner.

  4. (Optional) Issue the pts listowned command to display any groups that the group owns. As discussed in the introduction to this section, the pts chown command does not automatically change the owner_name prefix of any regular groups that a group owns.

       % pts listowned <user or group name or id>
    

    If you want to change their names to match the new owning group, use the pts rename command on each one, as described in To change the name of a machine or group entry.

       % pts rename <old name> <new name>