Administration Reference


[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

pts removeuser

Purpose

Removes a user from a Protection Database group

Synopsis

pts removeuser -user <user name>+  -group <group name>+
               [-cell <cell name>]  [-noauth]  [-force]  [-help]
   
pts rem -u <user name>+  -g <group name>+  [-c <cell name>]  
        [-n]  [-f]  [-h]

Description

The pts removeuser command removes each user or machine named by the -user argument from each group named by the -group argument.

To add users to a group, use the pts adduser command. To list group membership, use the pts membership command. To remove users from a group and delete the group's entry completely in a single step, use the pts delete command.

Cautions

AFS compiles each user's group membership as he or she authenticates. Any users who have valid tokens when they are removed from a group retain the privileges extended to that group's members until they discard their tokens or reauthenticate.

Options

-name
Specifies the name of each user entry or the IP address (complete or wildcard-style) of each machine entry to remove.

-group
Names each group from which to remove members.

-cell
Names the cell in which to run the command. For more details, see the introductory pts reference page.

-noauth
Assigns the unprivileged identity anonymous to the issuer. For more details, see the introductory pts reference page.

-force
Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.

-help
Prints the online help for this command. All other valid options are ignored.

Examples

The following example removes user smith from the groups staff and staff:finance. Note that no switch names are necessary because only a single instance is provided for the first argument (the username).

   % pts removeuser smith staff staff:finance
   

The following example removes three machine entries, which represent all machines in the ABC Corporation network, from the group bin-prot:

   % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot
   

Privilege Required

The required privilege depends on the setting of the fifth privacy flag in the Protection Database for the group named by the -group argument (use the pts examine command to display the flags):

(It is not possible to set the fifth flag to uppercase R.)

Related Information

pts

pts adduser

pts examine

pts membership

pts setfields


[Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]



© IBM Corporation 2000. All Rights Reserved