Provided by: openafs-client_1.8.10-2ubuntu1~23.10.1_amd64 bug

NAME

       pts_membership - Displays the membership list for a user or group

SYNOPSIS

       pts membership -nameorid <user or group name or id>+
           [-supergroups] [-expandgroups] [-cell <cell name>]
           [-localauth] [-noauth] [-force] [-help]
           [-auth] [-encrypt] [-config <config directory>]

       pts m -na <user or group name or id>+
           [-s] [-ex] [-c <cell name>]
           [-no] [-l] [-f] [-h]
           [-a] [-en] [-co <config directory>]

       pts groups -na <user or group name or id>+
           [-s] [-ex] [-c <cell name>]
           [-no] [-l] [-f] [-h]
           [-a] [-en] [-co <config directory>]

       pts g -na <user or group name or id>+
           [-s] [-ex] [-c <cell name>]
           [-no] [-l] [-f] [-h]
           [-a] [-en] [-co <config directory>]

DESCRIPTION

       The pts membership command lists the groups to which each user or machine specified by the
       -nameorid argument belongs, or lists the users and machines that belong to each group
       specified by the -nameorid argument.

       It is not possible to list the members of the system:anyuser or system:authuser groups,
       and they do not appear in the list of groups to which a user belongs.

       To add users or machine to groups, use the pts adduser command; to remove them, use the
       pts removeuser command.

OPTIONS

       -nameorid <user or group name or id>+
           Specifies the name or AFS UID of each user entry, the IP address (complete or
           wildcard-style) or AFS UID of each machine entry, or the name or AFS GID of each
           group, for which to list group membership. It is acceptable to mix users, machines,
           and groups on the same command line, as well as names and IDs. Precede the GID of each
           group with a hyphen to indicate that it is negative.

       -supergroups
           List the groups to which each group specified by the -nameorid argument belongs, in
           addition to user and machine members. Group membership may be nested when ptserver is
           compiled with the SUPERGROUPS option enabled.

       -expandgroups
           Instead of listing only the groups in which the user or machine is a direct member,
           list every group in which the user or machine belongs, including membership due to
           nested groups, for each user or machine specified by the -nameorid argument.

           Instead of listing groups which are members of a group, list every user and machine
           which is a member of a group, including the users and machines which are members due
           to nested groups, for each group specified by the -nameorid argument.

           Group membership may be nested when ptserver is compiled with the SUPERGROUPS option
           enabled.

       -auth
           Use the calling user's tokens to communicate with the Protection Server. For more
           details, see pts(1).

       -cell <cell name>
           Names the cell in which to run the command. For more details, see pts(1).

       -config <config directory>
           Use an alternate config directory. For more details, see pts(1).

       -encrypt
           Encrypts any communication with the Protection Server. For more details, see pts(1).

       -force
           Enables the command to continue executing as far as possible when errors or other
           problems occur, rather than halting execution at the first error.

       -help
           Prints the online help for this command. All other valid options are ignored.

       -localauth
           Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile
           file. Do not combine this flag with the -cell or -noauth options. For more details,
           see pts(1).

       -noauth
           Assigns the unprivileged identity anonymous to the issuer. For more details, see
           pts(1).

OUTPUT

       For each user and machine, the output begins with the following header line, followed by a
       list of the groups to which the user or machine belongs:

          Groups <name> (id: <AFS UID>) is a member of:

       For each group, the output begins with the following header line, followed by a list of
       the users and machines who belong to the group:

          Members of <group_name> (id: <AFS GID>) are:

EXAMPLES

       The following example lists the groups to which the user "pat" belongs and the members of
       the group "smith:friends".  Note that third privacy flag for the "pat" entry was changed
       from the default hyphen to enable a non-administrative user to obtain this listing.

          % pts membership pat smith:friends
          Groups pat (id: 1144) is a member of:
            smith:friends
            staff
            johnson:project-team
          Members of smith:friends (id: -562) are:
            pat
            terry
            jones
            richard
            thompson

       The following example shows how to list the groups to which nested groups belong. In this
       example the group "executives" is a member of the group "management" and the group
       "management" is a member of the group "staff".  The group "management" is called a
       supergroup of the group "executives" and the group "staff" is called a supergroup of the
       group "management".

          % pts membership executives
          Members of executives (id: -208) are:
            jane

          % pts membership executives -supergroups
          Members of executives (id: -208) are:
            jane
          Groups executives (id: -208) is a member of:
            management

          % pts membership management -supergroups
          Members of management (id: -207) are:
            executives
            mary
            sarah
            carol
          Groups management (id: -207) is a member of:
             staff

          % pts membership staff -supergroups
          Members of staff (id: -206) are:
            sales
            marketing
            engineering
            management
          Groups staff (id: -206) is a member of:

       The following example shows how to find all the users which belong to a group, including
       users of nested groups. In this example, the user "jane" is listed as an expanded member
       of the group "management" instead of the group "executives".

          % pts membership management -expandgroups
          Expanded Members of management (id: -207) are:
            jane
            mary
            sarah
            carol

       The following example shows how to find all the groups a user is a member of, including
       membership due to nested groups.  In this example the user "jane" is a direct member of
       the group "executives". The "-expandgroups" flag shows all the groups to which "jane" has
       membership status.

          % pts membership jane
          Groups jane (id: 7) is a member of:
            executives

          % pts membership jane -expandgroups
          Expanded Groups jane (id: 7) is a member of:
            staff
            management
            executives

PRIVILEGE REQUIRED

       Members of the system:ptsviewers and system:administrators groups can always use this
       command in any of its variations.  Additionally, a user can always list the groups to
       which they belong, and the owner of a group can always list the members of the group.

       Additional privileges may be granted by the setting of the third privacy flag in the
       Protection Database entry of each user or group indicated by the -nameorid argument (use
       the pts examine command to display the flags):

       •   If it is a hyphen, the default permissions described above apply.

       •   If it is lowercase "m" and the -nameorid argument specifies a group, then members of
           that group can also list the other members.  A privacy flag of "m" only changes the
           permissions when set for a group.  Setting this flag for a user or a machine has no
           effect.

       •   If it is uppercase "M", anyone who can access the cell's database server machines can
           list the membership of the group or the groups to which that user or machine belongs,
           depending on what type of entry the flag is set on.

SEE ALSO

       pts(1), pts_adduser(1), pts_examine(1), pts_removeuser(1), pts_setfields(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.