openafs/doc/man-pages/pod1/pts_removeuser.pod

=head1 NAME

pts removeuser - Removes a user from a Protection Database group

=head1 SYNOPSIS

B<pts removeuser -user> <I<user name>>+  -group <I<group name>>+
[B<-cell> <I<cell name>>]  [B<-noauth>]  [B<-force>]  [B<-help>]

B<pts rem -u> <I<user name>>+  B<-g> <I<group name>>+  [-c <I<cell name>>]  
[B<-n>]  [B<-f>]  [B<-h>]

=head1 DESCRIPTION

The pts removeuser command removes each user or machine named by
the B<-user> argument from each group named by the B<-group>
argument.

To add users to a group, use the pts adduser command. To
list group membership, use the B<pts membership> command. To
remove users from a group and delete the group's entry completely in a
single step, use the B<pts delete> command.

=head1 CAVEATS

AFS compiles each user's group membership as he or she
authenticates. Any users who have valid tokens when they are removed
from a group retain the privileges extended to that group's members until
they discard their tokens or reauthenticate.

=head1 OPTIONS

=over 4

=item -name

Specifies the name of each user entry or the IP address (complete or
wildcard-style) of each machine entry to remove.

=item -group

Names each group from which to remove members.

=item -cell

Names the cell in which to run the command. For more details, see
the introductory B<pts> reference page.

=item -noauth

Assigns the unprivileged identity anonymous to the
issuer. For more details, see the introductory B<pts> reference
page.

=item -force

Enables the command to continue executing as far as possible when errors
or other problems occur, rather than halting execution at the first
error.

=item -help

Prints the online help for this command. All other valid options
are ignored.

=back

=head1 EXAMPLES

The following example removes user smith from the groups
B<staff> and B<staff:finance>. Note that no
switch names are necessary because only a single instance is provided for the
first argument (the username).

   % pts removeuser smith staff staff:finance

The following example removes three machine entries, which represent all
machines in the ABC Corporation network, from the group
B<bin-prot>:

   % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot

=head1 PRIVILEGE REQUIRED

The required privilege depends on the setting of the fifth privacy flag in
the Protection Database for the group named by the B<-group> argument
(use the B<pts examine> command to display the flags):

=over 4

=item *

If it is the hyphen, only the group's owner and members of the
B<system:administrators> group can remove members.


=item *

If it is lowercase C<r>, members of the group can also remove
other members.


=back

(It is not possible to set the fifth flag to uppercase
C<R>.)

=head1 SEE ALSO

L<pts(1)>,
L<pts_adduser(1)>,
L<pts_examine(1)>,
L<pts_membership(1)>,
L<pts_setfields(1)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00			`=head1 NAME`

			`pts removeuser - Removes a user from a Protection Database group`

			`=head1 SYNOPSIS`

			`B<pts removeuser -user> <I<user name>>+ -group <I<group name>>+`
			`[B<-cell> <I<cell name>>] [B<-noauth>] [B<-force>] [B<-help>]`

			`B<pts rem -u> <I<user name>>+ B<-g> <I<group name>>+ [-c <I<cell name>>]`
			`[B<-n>] [B<-f>] [B<-h>]`

			`=head1 DESCRIPTION`

			`The pts removeuser command removes each user or machine named by`
			`the B<-user> argument from each group named by the B<-group>`
			`argument.`

			`To add users to a group, use the pts adduser command. To`
			`list group membership, use the B<pts membership> command. To`
			`remove users from a group and delete the group's entry completely in a`
			`single step, use the B<pts delete> command.`

			`=head1 CAVEATS`

			`AFS compiles each user's group membership as he or she`
			`authenticates. Any users who have valid tokens when they are removed`
			`from a group retain the privileges extended to that group's members until`
			`they discard their tokens or reauthenticate.`

			`=head1 OPTIONS`

			`=over 4`

			`=item -name`

			`Specifies the name of each user entry or the IP address (complete or`
			`wildcard-style) of each machine entry to remove.`

			`=item -group`

			`Names each group from which to remove members.`

			`=item -cell`

			`Names the cell in which to run the command. For more details, see`
			`the introductory B<pts> reference page.`

			`=item -noauth`

			`Assigns the unprivileged identity anonymous to the`
			`issuer. For more details, see the introductory B<pts> reference`
			`page.`

			`=item -force`

			`Enables the command to continue executing as far as possible when errors`
			`or other problems occur, rather than halting execution at the first`
			`error.`

			`=item -help`

			`Prints the online help for this command. All other valid options`
			`are ignored.`

			`=back`

			`=head1 EXAMPLES`

			`The following example removes user smith from the groups`
			`B<staff> and B<staff:finance>. Note that no`
			`switch names are necessary because only a single instance is provided for the`
			`first argument (the username).`

			`% pts removeuser smith staff staff:finance`

			`The following example removes three machine entries, which represent all`
			`machines in the ABC Corporation network, from the group`
			`B<bin-prot>:`

			`% pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot`

			`=head1 PRIVILEGE REQUIRED`

			`The required privilege depends on the setting of the fifth privacy flag in`
			`the Protection Database for the group named by the B<-group> argument`
			`(use the B<pts examine> command to display the flags):`

			`=over 4`

			`=item *`

			`If it is the hyphen, only the group's owner and members of the`
			`B<system:administrators> group can remove members.`


			`=item *`

			`If it is lowercase C<r>, members of the group can also remove`
			`other members.`


			`=back`

			`(It is not possible to set the fifth flag to uppercase`
			`C<R>.)`

			`=head1 SEE ALSO`

			`L<pts(1)>,`
			`L<pts_adduser(1)>,`
			`L<pts_examine(1)>,`
			`L<pts_membership(1)>,`
			`L<pts_setfields(1)>`

			`=head1 COPYRIGHT`

			`IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.`

			`This documentation is covered by the IBM Public License Version 1.0. It was`
			`converted from HTML to POD by software written by Chas Williams and Russ`
			`Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.`