pts_removeuser - Removes a user from a Protection Database group

       AFS compiles each user's group membership as he or she authenticates. Any users who have valid tokens
       when they are removed from a group retain the privileges extended to that group's members until they
       discard their tokens or reauthenticate.

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This  documentation  is covered by the IBM Public License Version 1.0.  It was converted from HTML to POD
       by software written by Chas Williams and Russ Allbery, based on  work  by  Alf  Wachsmann  and  Elizabeth
       Cassell.

OpenAFS                                            2025-03-21                                  PTS_REMOVEUSER(1)

       The ptsremoveuser command removes each user or machine named by the -user argument from each group named
       by the -group argument.

       To add users to a group, use the ptsadduser command. To list group membership, use the ptsmembership
       command. To remove users from a group and delete the group's entry completely in a single step, use the
       ptsdelete command.

       The following example removes user smith from the groups "staff" and "staff:finance". Note that no switch
       names are necessary because only a single instance is provided for the first argument (the username).

          % pts removeuser smith staff staff:finance

       The  following  example  removes  three  machine  entries,  which  represent  all machines in the Example
       Corporation network, from the group "bin-prot":

          % pts removeuser -user 138.255.0.0 192.12.105.0 192.12.106.0 -group bin-prot

       pts_removeuser - Removes a user from a Protection Database group

-user <username>+
           Specifies  the name of each user entry or the IP address (complete or wildcard-style) of each machine
           entry to remove.

       -group <groupname>+
           Names each group from which to remove members.

       -auth
           Use the calling user's tokens to communicate with  the  Protection  Server.  For  more  details,  see
           pts(1).

       -cell <cellname>
           Names the cell in which to run the command. For more details, see pts(1).

       -config <configdirectory>
           Use an alternate config directory. For more details, see pts(1).

       -encrypt
           Encrypts any communication with the Protection Server. For more details, see pts(1).

       -force
           Enables  the  command  to  continue executing as far as possible when errors or other problems occur,
           rather than halting execution at the first error.

       -help
           Prints the online help for this command. All other valid options are ignored.

       -localauth
           Constructs a server ticket using a key  from  the  local  /etc/openafs/server/KeyFile  file.  Do  not
           combine this flag with the -cell or -noauth options. For more details, see pts(1).

       -noauth
           Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).

       The required privilege depends on the setting of the fifth privacy flag in the  Protection  Database  for
       the group named by the -group argument (use the ptsexamine command to display the flags):

       •   If it is the hyphen, only the group's owner and members of the system:administrators group can remove
           members.

       •   If it is lowercase "r", members of the group can also remove other members.

       (It is not possible to set the fifth flag to uppercase "R".)

pts(1), pts_adduser(1), pts_examine(1), pts_membership(1), pts_setfields(1)

ptsremoveuser-user <username>+ -group <groupname>+
           [-cell <cellname>] [-noauth] [-localauth] [-force]
           [-help] [-auth] [-encrypt] [-config <configdirectory>]

       ptsrem-u <username>+ -g <groupname>+
           [-c <cellname>] [-n] [-l] [-f] [-h]
           [-a] [-e] [-co <configdirectory>]