Provided by: openafs-client_1.8.4~pre1-1ubuntu2.4_amd64 
NAME
pts_removeuser - Removes a user from a Protection Database group
SYNOPSIS
pts removeuser -user <user name>+ -group <group name>+
[-cell <cell name>] [-noauth] [-localauth] [-force]
[-help] [-auth] [-encrypt] [-config <config directory>]
pts rem -u <user name>+ -g <group name>+
[-c <cell name>] [-n] [-l] [-f] [-h]
[-a] [-e] [-co <config directory>]
DESCRIPTION
The pts removeuser command removes each user or machine named by the -user argument from each group named
by the -group argument.
To add users to a group, use the pts adduser command. To list group membership, use the pts membership
command. To remove users from a group and delete the group's entry completely in a single step, use the
pts delete command.
CAUTIONS
AFS compiles each user's group membership as he or she authenticates. Any users who have valid tokens
when they are removed from a group retain the privileges extended to that group's members until they
discard their tokens or reauthenticate.
OPTIONS
-user <user name>+
Specifies the name of each user entry or the IP address (complete or wildcard-style) of each machine
entry to remove.
-group <group name>+
Names each group from which to remove members.
-auth
Use the calling user's tokens to communicate with the Protection Server. For more details, see
pts(1).
-cell <cell name>
Names the cell in which to run the command. For more details, see pts(1).
-config <config directory>
Use an alternate config directory. For more details, see pts(1).
-encrypt
Encrypts any communication with the Protection Server. For more details, see pts(1).
-force
Enables the command to continue executing as far as possible when errors or other problems occur,
rather than halting execution at the first error.
-help
Prints the online help for this command. All other valid options are ignored.
-localauth
Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. Do not
combine this flag with the -cell or -noauth options. For more details, see pts(1).
-noauth
Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).
EXAMPLES
The following example removes user smith from the groups "staff" and "staff:finance". Note that no switch
names are necessary because only a single instance is provided for the first argument (the username).
% pts removeuser smith staff staff:finance
The following example removes three machine entries, which represent all machines in the Example
Corporation network, from the group "bin-prot":
% pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot
PRIVILEGE REQUIRED
The required privilege depends on the setting of the fifth privacy flag in the Protection Database for
the group named by the -group argument (use the pts examine command to display the flags):
• If it is the hyphen, only the group's owner and members of the system:administrators group can remove
members.
• If it is lowercase "r", members of the group can also remove other members.
(It is not possible to set the fifth flag to uppercase "R".)
SEE ALSO
pts(1), pts_adduser(1), pts_examine(1), pts_membership(1), pts_setfields(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD
by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth
Cassell.