Administration Reference

pts removeuser

Purpose

Removes a user from a Protection Database group

Synopsis

pts removeuser -user <user name>+  -group <group name>+
               [-cell <cell name>]  [-noauth]  [-force]  [-help]
   
pts rem -u <user name>+  -g <group name>+  [-c <cell name>]  
        [-n]  [-f]  [-h]

Description

The pts removeuser command removes each user or machine named by the -user argument from each group named by the -group argument.

To add users to a group, use the pts adduser command. To list group membership, use the pts membership command. To remove users from a group and delete the group's entry completely in a single step, use the pts delete command.

Cautions

AFS compiles each user's group membership as he or she authenticates. Any users who have valid tokens when they are removed from a group retain the privileges extended to that group's members until they discard their tokens or reauthenticate.

Options

-name

Specifies the name of each user entry or the IP address (complete or wildcard-style) of each machine entry to remove.

-group

Names each group from which to remove members.

-cell

Names the cell in which to run the command. For more details, see the introductory pts reference page.

-noauth

Assigns the unprivileged identity anonymous to the issuer. For more details, see the introductory pts reference page.

-force

Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.

-help

Prints the online help for this command. All other valid options are ignored.

Examples

The following example removes user smith from the groups staff and staff:finance. Note that no switch names are necessary because only a single instance is provided for the first argument (the username).

   % pts removeuser smith staff staff:finance
   

The following example removes three machine entries, which represent all machines in the ABC Corporation network, from the group bin-prot:

   % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot
   

Privilege Required

The required privilege depends on the setting of the fifth privacy flag in the Protection Database for the group named by the -group argument (use the pts examine command to display the flags):

• If it is the hyphen, only the group's owner and members of the system:administrators group can remove members.

• If it is lowercase r, members of the group can also remove other members.

(It is not possible to set the fifth flag to uppercase R.)

Related Information

pts

pts adduser

pts examine

pts membership

pts setfields