.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "PTS_MEMBERSHIP 1" .TH PTS_MEMBERSHIP 1 2024-03-20 OpenAFS "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME pts_membership \- Displays the membership list for a user or group .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBpts membership\fR \fB\-nameorid\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-supergroups\fR] [\fB\-expandgroups\fR] [\fB\-cell\fR\ <\fIcell\ name\fR>] [\fB\-localauth\fR] [\fB\-noauth\fR] [\fB\-force\fR] [\fB\-help\fR] [\fB\-auth\fR] [\fB\-encrypt\fR] [\fB\-config\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts m\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-s\fR] [\fB\-ex\fR] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR] [\fB\-a\fR] [\fB\-en\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts groups\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-s\fR] [\fB\-ex\fR] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR] [\fB\-a\fR] [\fB\-en\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .PP \&\fBpts g\fR \fB\-na\fR\ <\fIuser\ or\ group\ name\ or\ id\fR>+ [\fB\-s\fR] [\fB\-ex\fR] [\fB\-c\fR\ <\fIcell\ name\fR>] [\fB\-no\fR] [\fB\-l\fR] [\fB\-f\fR] [\fB\-h\fR] [\fB\-a\fR] [\fB\-en\fR] [\fB\-co\fR\ <\fIconfig\ directory\fR>] .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBpts membership\fR command lists the groups to which each user or machine specified by the \fB\-nameorid\fR argument belongs, or lists the users and machines that belong to each group specified by the \fB\-nameorid\fR argument. .PP It is not possible to list the members of the system:anyuser or system:authuser groups, and they do not appear in the list of groups to which a user belongs. .PP To add users or machine to groups, use the \fBpts adduser\fR command; to remove them, use the \fBpts removeuser\fR command. .SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-nameorid\fR <\fIuser or group name or id\fR>+" 4 .IX Item "-nameorid +" Specifies the name or AFS UID of each user entry, the IP address (complete or wildcard-style) or AFS UID of each machine entry, or the name or AFS GID of each group, for which to list group membership. It is acceptable to mix users, machines, and groups on the same command line, as well as names and IDs. Precede the GID of each group with a hyphen to indicate that it is negative. .IP \fB\-supergroups\fR 4 .IX Item "-supergroups" List the groups to which each group specified by the \fB\-nameorid\fR argument belongs, in addition to user and machine members. Group membership may be nested when \fBptserver\fR is compiled with the SUPERGROUPS option enabled. .IP \fB\-expandgroups\fR 4 .IX Item "-expandgroups" Instead of listing only the groups in which the user or machine is a direct member, list every group in which the user or machine belongs, including membership due to nested groups, for each user or machine specified by the \fB\-nameorid\fR argument. .Sp Instead of listing groups which are members of a group, list every user and machine which is a member of a group, including the users and machines which are members due to nested groups, for each group specified by the \fB\-nameorid\fR argument. .Sp Group membership may be nested when \fBptserver\fR is compiled with the SUPERGROUPS option enabled. .IP \fB\-auth\fR 4 .IX Item "-auth" Use the calling user's tokens to communicate with the Protection Server. For more details, see \fBpts\fR\|(1). .IP "\fB\-cell\fR <\fIcell name\fR>" 4 .IX Item "-cell " Names the cell in which to run the command. For more details, see \&\fBpts\fR\|(1). .IP "\fB\-config\fR <\fIconfig directory\fR>" 4 .IX Item "-config " Use an alternate config directory. For more details, see \fBpts\fR\|(1). .IP \fB\-encrypt\fR 4 .IX Item "-encrypt" Encrypts any communication with the Protection Server. For more details, see \&\fBpts\fR\|(1). .IP \fB\-force\fR 4 .IX Item "-force" Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error. .IP \fB\-help\fR 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .IP \fB\-localauth\fR 4 .IX Item "-localauth" Constructs a server ticket using a key from the local \&\fI/etc/openafs/server/KeyFile\fR file. Do not combine this flag with the \fB\-cell\fR or \fB\-noauth\fR options. For more details, see \fBpts\fR\|(1). .IP \fB\-noauth\fR 4 .IX Item "-noauth" Assigns the unprivileged identity anonymous to the issuer. For more details, see \fBpts\fR\|(1). .SH OUTPUT .IX Header "OUTPUT" For each user and machine, the output begins with the following header line, followed by a list of the groups to which the user or machine belongs: .PP .Vb 1 \& Groups (id: ) is a member of: .Ve .PP For each group, the output begins with the following header line, followed by a list of the users and machines who belong to the group: .PP .Vb 1 \& Members of (id: ) are: .Ve .SH EXAMPLES .IX Header "EXAMPLES" The following example lists the groups to which the user \f(CW\*(C`pat\*(C'\fR belongs and the members of the group \f(CW\*(C`smith:friends\*(C'\fR. Note that third privacy flag for the \f(CW\*(C`pat\*(C'\fR entry was changed from the default hyphen to enable a non-administrative user to obtain this listing. .PP .Vb 11 \& % pts membership pat smith:friends \& Groups pat (id: 1144) is a member of: \& smith:friends \& staff \& johnson:project\-team \& Members of smith:friends (id: \-562) are: \& pat \& terry \& jones \& richard \& thompson .Ve .PP The following example shows how to list the groups to which nested groups belong. In this example the group \f(CW\*(C`executives\*(C'\fR is a member of the group \&\f(CW\*(C`management\*(C'\fR and the group \f(CW\*(C`management\*(C'\fR is a member of the group \f(CW\*(C`staff\*(C'\fR. The group \f(CW\*(C`management\*(C'\fR is called a supergroup of the group \f(CW\*(C`executives\*(C'\fR and the group \f(CW\*(C`staff\*(C'\fR is called a supergroup of the group \f(CW\*(C`management\*(C'\fR. .PP .Vb 3 \& % pts membership executives \& Members of executives (id: \-208) are: \& jane \& \& % pts membership executives \-supergroups \& Members of executives (id: \-208) are: \& jane \& Groups executives (id: \-208) is a member of: \& management \& \& % pts membership management \-supergroups \& Members of management (id: \-207) are: \& executives \& mary \& sarah \& carol \& Groups management (id: \-207) is a member of: \& staff \& \& % pts membership staff \-supergroups \& Members of staff (id: \-206) are: \& sales \& marketing \& engineering \& management \& Groups staff (id: \-206) is a member of: .Ve .PP The following example shows how to find all the users which belong to a group, including users of nested groups. In this example, the user \f(CW\*(C`jane\*(C'\fR is listed as an expanded member of the group \f(CW\*(C`management\*(C'\fR instead of the group \f(CW\*(C`executives\*(C'\fR. .PP .Vb 6 \& % pts membership management \-expandgroups \& Expanded Members of management (id: \-207) are: \& jane \& mary \& sarah \& carol .Ve .PP The following example shows how to find all the groups a user is a member of, including membership due to nested groups. In this example the user \f(CW\*(C`jane\*(C'\fR is a direct member of the group \&\f(CW\*(C`executives\*(C'\fR. The \f(CW\*(C`\-expandgroups\*(C'\fR flag shows all the groups to which \f(CW\*(C`jane\*(C'\fR has membership status. .PP .Vb 3 \& % pts membership jane \& Groups jane (id: 7) is a member of: \& executives \& \& % pts membership jane \-expandgroups \& Expanded Groups jane (id: 7) is a member of: \& staff \& management \& executives .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" Members of the system:ptsviewers and system:administrators groups can always use this command in any of its variations. Additionally, a user can always list the groups to which they belong, and the owner of a group can always list the members of the group. .PP Additional privileges may be granted by the setting of the third privacy flag in the Protection Database entry of each user or group indicated by the \fB\-nameorid\fR argument (use the \fBpts examine\fR command to display the flags): .IP \(bu 4 If it is a hyphen, the default permissions described above apply. .IP \(bu 4 If it is lowercase \f(CW\*(C`m\*(C'\fR and the \fB\-nameorid\fR argument specifies a group, then members of that group can also list the other members. A privacy flag of \f(CW\*(C`m\*(C'\fR only changes the permissions when set for a group. Setting this flag for a user or a machine has no effect. .IP \(bu 4 If it is uppercase \f(CW\*(C`M\*(C'\fR, anyone who can access the cell's database server machines can list the membership of the group or the groups to which that user or machine belongs, depending on what type of entry the flag is set on. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBpts\fR\|(1), \&\fBpts_adduser\fR\|(1), \&\fBpts_examine\fR\|(1), \&\fBpts_removeuser\fR\|(1), \&\fBpts_setfields\fR\|(1) .SH COPYRIGHT .IX Header "COPYRIGHT" IBM Corporation 2000. All Rights Reserved. .PP This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.