NAME

       pts_removeuser - Removes a user from a Protection Database group

SYNOPSIS

       pts removeuser -user <user name>+ -group <group name>+
           [-cell <cell name>] [-noauth] [-localauth] [-force]
           [-help]

       pts rem -u <user name>+ -g <group name>+
           [-c <cell name>] [-n] [-l] [-f] [-h]

DESCRIPTION

       The pts removeuser command removes each user or machine named by the -user argument from
       each group named by the -group argument.

       To add users to a group, use the pts adduser command. To list group membership, use the
       pts membership command. To remove users from a group and delete the group's entry
       completely in a single step, use the pts delete command.

CAUTIONS

       AFS compiles each user's group membership as he or she authenticates. Any users who have
       valid tokens when they are removed from a group retain the privileges extended to that
       group's members until they discard their tokens or reauthenticate.

OPTIONS

       -name <user name>+
           Specifies the name of each user entry or the IP address (complete or wildcard-style)
           of each machine entry to remove.

       -group <group name>+
           Names each group from which to remove members.

       -cell <cell name>
           Names the cell in which to run the command. For more details, see pts(1).

       -force
           Enables the command to continue executing as far as possible when errors or other
           problems occur, rather than halting execution at the first error.

       -help
           Prints the online help for this command. All other valid options are ignored.

       -localauth
           Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile
           file. Do not combine this flag with the -cell or -noauth options. For more details,
           see pts(1).

       -noauth
           Assigns the unprivileged identity anonymous to the issuer. For more details, see
           pts(1).

EXAMPLES

       The following example removes user smith from the groups "staff" and "staff:finance". Note
       that no switch names are necessary because only a single instance is provided for the
       first argument (the username).

          % pts removeuser smith staff staff:finance

       The following example removes three machine entries, which represent all machines in the
       ABC Corporation network, from the group "bin-prot":

          % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot

PRIVILEGE REQUIRED

       The required privilege depends on the setting of the fifth privacy flag in the Protection
       Database for the group named by the -group argument (use the pts examine command to
       display the flags):

       •   If it is the hyphen, only the group's owner and members of the system:administrators
           group can remove members.

       •   If it is lowercase "r", members of the group can also remove other members.

       (It is not possible to set the fifth flag to uppercase "R".)

SEE ALSO

       pts(1), pts_adduser(1), pts_examine(1), pts_membership(1), pts_setfields(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.