PTS_MEMBERSHIP(1) AFS Command Reference PTS_MEMBERSHIP(1)NAMEpts_membership - Displays the membership list for a user or group
SYNOPSIS
pts membership -nameorid <user or group name or id>+
[-supergroups] [-expandgroups] [-cell <cell name>]
[-localauth] [-noauth] [-force] [-help]
pts m -na <user or group name or id>+
[-s] [-ex] [-c <cell name>]
[-no] [-l] [-f] [-h]
pts groups -na <user or group name or id>+
[-s] [-ex] [-c <cell name>]
[-no] [-l] [-f] [-h]
pts g -na <user or group name or id>+
[-s] [-ex] [-c <cell name>]
[-no] [-l] [-f] [-h]
DESCRIPTION
The pts membership command lists the groups to which each user or
machine specified by the -nameorid argument belongs, or lists the users
and machines that belong to each group specified by the -nameorid
argument.
It is not possible to list the members of the system:anyuser or
system:authuser groups, and they do not appear in the list of groups to
which a user belongs.
To add users or machine to groups, use the pts adduser command; to
remove them, use the pts removeuser command.
OPTIONS-nameorid <user or group name or id>+
Specifies the name or AFS UID of each user entry, the IP address
(complete or wildcard-style) or AFS UID of each machine entry, or
the name or AFS GID of each group, for which to list group
membership. It is acceptable to mix users, machines, and groups on
the same command line, as well as names and IDs. Precede the GID of
each group with a hyphen to indicate that it is negative.
-supergroups
List the groups to which each group specified by the -nameorid
argument belongs, in addition to user and machine members. Group
membership may be nested when ptserver is compiled with the
SUPERGROUPS option enabled.
-expandgroups
Instead of listing only the groups in which the user or machine is
a direct member, list every group in which the user or machine
belongs, including membership due to nested groups, for each user
or machine specified by the -nameorid argument.
Instead of listing groups which are members of a group, list every
user and machine which is a member of a group, including the users
and machines which are members due to nested groups, for each group
specified by the -nameorid argument.
Group membership may be nested when ptserver is compiled with the
SUPERGROUPS option enabled.
-cell <cell name>
Names the cell in which to run the command. For more details, see
pts(1).
-force
Enables the command to continue executing as far as possible when
errors or other problems occur, rather than halting execution at
the first error.
-help
Prints the online help for this command. All other valid options
are ignored.
-localauth
Constructs a server ticket using a key from the local
/usr/afs/etc/KeyFile file. Do not combine this flag with the -cell
or -noauth options. For more details, see pts(1).
-noauth
Assigns the unprivileged identity anonymous to the issuer. For more
details, see pts(1).
OUTPUT
For each user and machine, the output begins with the following header
line, followed by a list of the groups to which the user or machine
belongs:
Groups <name> (id: <AFS UID>) is a member of:
For each group, the output begins with the following header line,
followed by a list of the users and machines who belong to the group:
Members of <group_name> (id: <AFS GID>) are:
EXAMPLES
The following example lists the groups to which the user "pat" belongs
and the members of the group "smith:friends". Note that third privacy
flag for the "pat" entry was changed from the default hyphen to enable
a non-administrative user to obtain this listing.
% pts membership pat smith:friends
Groups pat (id: 1144) is a member of:
smith:friends
staff
johnson:project-team
Members of smith:friends (id: -562) are:
pat
terry
jones
richard
thompson
The following example shows how to list the groups to which nested
groups belong. In this example the group "executives" is a member of
the group "management" and the group "management" is a member of the
group "staff". The group "management" is called a supergroup of the
group "executives" and the group "staff" is called a supergroup of the
group "management".
% pts membership executives
Members of executives (id: -208) are:
jane
% pts membership executives -supergroups
Members of executives (id: -208) are:
jane
Groups executives (id: -208) is a member of:
management
% pts membership management -supergroups
Members of management (id: -207) are:
executives
mary
sarah
carol
Groups management (id: -207) is a member of:
staff
% pts membership staff -supergroups
Members of staff (id: -206) are:
sales
marketing
engineering
management
Groups staff (id: -206) is a member of:
The following example shows how to find all the users which belong to a
group, including users of nested groups. In this example, the user
"jane" is listed as an expanded member of the group "management"
instead of the group "executives".
% pts membership management -expandgroups
Expanded Members of management (id: -207) are:
jane
mary
sarah
carol
The following example shows how to find all the groups a user is a
member of, including membership due to nested groups. In this example
the user "jane" is a direct member of the group "executives". The
"-expandgroups" flag shows all the groups to which "jane" has
membership status.
% pts membership jane
Groups jane (id: 7) is a member of:
executives
% pts membership jane -expandgroups
Expanded Groups jane (id: 7) is a member of:
staff
management
executives
PRIVILEGE REQUIRED
Members of the system:ptsviewers and system:administrators groups can
always use this command in any of its variations. Additionally, a user
can always list the groups to which they belong, and the owner of a
group can always list the members of the group.
Additional privileges may be granted by the setting of the third
privacy flag in the Protection Database entry of each user or group
indicated by the -nameorid argument (use the pts examine command to
display the flags):
· If it is a hyphen, the default permissions described above apply.
· If it is lowercase "m" and the -nameorid argument specifies a
group, then members of that group can also list the other members.
A privacy flag of "m" only changes the permissions when set for a
group. Setting this flag for a user or a machine has no effect.
· If it is uppercase "M", anyone who can access the cell's database
server machines can list the membership of the group or the groups
to which that user or machine belongs, depending on what type of
entry the flag is set on.
SEE ALSOpts(1), pts_adduser(1), pts_examine(1), pts_removeuser(1),
pts_setfields(1)COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2013-10-10 PTS_MEMBERSHIP(1)
