NAME

pts_membership - Displays the membership list for a user or group

SYNOPSIS

pts membership -nameorid <user or group name or id>+ [-supergroups] [-expandgroups] [-cell <cell name>] [-localauth] [-noauth] [-force] [-help] [-auth] [-encrypt [<yes|no>]] [-config <configuration file>]

DESCRIPTION

The pts membership command (alias pts groups) lists the groups to which each user, machine, network or group specified by the -nameorid argument belongs, or lists the users, machines, networks or groups that belong to each group specified by the -nameorid argument.

It is not possible to list the members of the system:anyuser or system:authuser groups, and they do not appear in the list of groups to which a user belongs.

To add users, machines, networks or groups to groups, use the pts adduser command.

To remove members of groups, use the pts removeuser command.

OPTIONS

-nameorid <user or group name or id>+

Specifies the name or AFS UID of each user, the name or AFS GID of each group, or the IP address (complete or wildcard-style) or AFS UID of each machine. It is acceptable to mix users, machines, and groups on the same command line, as well as names (IP addresses for machines) and IDs. Precede the GID of each group with a hyphen to indicate that it is negative.

-supergroups

List the groups to which each group specified by the -nameorid argument belongs, in addition to user, machine and network members.

-expandgroups

Instead of listing only the groups to which the user, machine, or network is a direct member, list every group to which the user, machine or network belongs, including membership due to nested groups, for each user, machine or network specified by the -nameorid argument.

Instead of listing groups that are members of a group, list every user, machine and network which is a member of a group, including the users, machines and networks which are members due to nested groups, for each group specified by the -nameorid argument.

-auth

Use the calling user's tokens to communicate with the Protection Server. For more details, see pts(1).

-cell <cell name>

Names the cell in which to run the command. For more details, see pts(1).

-config <configuration file>

Sets the location of the configuration file to be used. The default file is /etc/yfs/yfs-client.conf. For more details, see pts(1).

-encrypt [<yes|no>]

Enables or disables encryption for any communication with the Protection Server. For more details, see pts(1).

-force

Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the first error.

-help

Prints the online help for this command. All other valid options are ignored.

-localauth

Constructs a server ticket using a key from the local /etc/yfs/server/KeyFileExt file. Do not combine this flag with the -cell or -noauth options. For more details, see pts(1).

-noauth

Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).

OUTPUT

For each user, machine and network entry, the output begins with the following header line, followed by a list of the groups to which the user, machine, or network belongs:

   Groups <name> (id: <Auristor User Number>) is a member of:

For each group, the output begins with the following header line, followed by a list of the users, machines and networks that belong to the group:

   Members of <group_name> (id: <Auristor Group Number>) are:

EXAMPLES

The following example lists the groups to which the user pat belongs and the members of the group smith:friends. Note that the (M) privacy flag for the pat entry was changed from the default hyphen - to enable a non-administrative user to obtain this listing.

   % pts membership pat smith:friends
   Groups pat (id: 1144) is a member of:
     smith:friends
     staff
     johnson:project-team
   Members of smith:friends (id: -562) are:
     pat
     terry
     jones
     richard
     thompson

The following example shows how to list the groups to which nested groups belong. In this example the group executives is a member of the group management and the group management is a member of the group staff. The group management is called a supergroup of the group executives and the group staff is called a supergroup of the group management.

   % pts membership executives
   Members of executives (id: -208) are:
     jane

   % pts membership executives -supergroups
   Members of executives (id: -208) are:
     jane
   Groups executives (id: -208) is a member of:
     management

   % pts membership management -supergroups
   Members of management (id: -207) are:
     executives
     mary
     sarah
     carol
   Groups management (id: -207) is a member of:
      staff

   % pts membership staff -supergroups
   Members of staff (id: -206) are:
     sales
     marketing
     engineering
     management
   Groups staff (id: -206) is a member of:

The following example shows how to find all the users which belong to a group, including users of nested groups. In this example, the user jane is listed as an expanded member of the group management instead of the group executives.

   % pts membership management -expandgroups
   Expanded Members of management (id: -207) are:
     jane
     mary
     sarah
     carol

The following example shows how to find all the groups a user is a member of, including membership due to nested groups. In this example the user jane is a direct member of the group executives. The -expandgroups flag shows all the groups to which jane has membership status.

   % pts membership jane
   Groups jane (id: 7) is a member of:
     executives

   % pts membership jane -expandgroups
   Expanded Groups jane (id: 7) is a member of:
     staff
     management
     executives

PRIVILEGE REQUIRED

Members of the system:ptsviewers and system:administrators groups can always use this command in any of its variations. Additionally, an authenticated user or machine can always list the groups to which they belong, and the owner of a group can always list the members of the group.

Additional privileges may be granted by the setting of the (M) privacy flag in the Protection Service entry of each user, machine or group indicated by the -nameorid argument (use the pts examine command to display the flags):

SEE ALSO

pts(1), pts_adduser(1), pts_examine(1), pts_removeuser(1), pts_setaccess(1), pts_setfields(1)

COPYRIGHT

IBM Corporation 2000. http://www.ibm.com/ All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

ACKNOWLEDGEMENTS

"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)

"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)

The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).

"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).

"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.