[hcoop/debian/openafs.git] / doc / man-pages / pod8 / uss_delete.pod

=head1 NAME

uss_delete - Deletes a user account (deprecated)

=head1 SYNOPSIS

=for html
<div class="synopsis">

B<uss delete> S<<< B<-user> <I<login name>> >>>
    S<<< [B<-mountpoint> <I<mountpoint for user's volume>>] >>>
    [B<-savevolume>] [B<-verbose>] S<<< [B<-cell> <I<cell name>>] >>>
    S<<< [B<-admin> <I<administrator to authenticate>>] >>> [B<-dryrun>]
    [B<-skipauth>] [B<-help>]

B<uss d> S<<< B<-u> <I<login name>> >>> S<<< [B<-m> <I<mountpoint for user's volume>>] >>>
    [B<-sa>] [B<-v>] S<<< [B<-c> <I<cell name>>] >>>
    S<<< [B<-a> <I<administrator to authenticate>>] >>> [B<-d>] [B<-sk>] [B<-h>]

=for html
</div>

=head1 CAUTIONS

The B<uss> command suite is currently designed for cells using the
obsolete Authentication Server, and therefore is primarily useful for
sites that have not yet migrated to a Kerberos version 5 KDC. The
Authentication Server and supporting commands will be removed in a future
version of OpenAFS, which may include B<uss> unless someone who finds it
useful converts it to work with a Kerberos version 5 KDC.

=head1 DESCRIPTION

The B<uss delete> command removes the Authentication Database and
Protection Database entries for the user named by B<-user> argument. In
addition, it can remove the user's home volume and associated VLDB entry,
a mount point for the volume or both, depending on whether the
B<-mountpoint> and B<-savevolume> options are provided.

=over 4

=item *

To remove both the volume and mount point, use the B<-mountpoint> argument
to name the user's home directory. It is best to create a tape backup of a
volume before deleting it. Note that other mount points for the volume are
not removed, if they exist.

=item *

To remove the mount point only, provide both the B<-mountpoint> and
B<-savevolume> options.

=item *

To preserve both the volume and mount point, omit the B<-mountpoint>
argument (or both it and the B<-savevolume> flag).

=back

=head1 OPTIONS

=over 4

=item B<-user> <I<login name>>

Names the entry to delete from the Protection and Authentication
Databases.

=item B<-mountpoint> <I<mountpoint for the user's volume>>

Specifies the pathname to the user's home directory, which is deleted from
the filespace. By default, the volume referenced by the mount point is
also removed from the file server machine that houses it, along with its
Volume Location Database (VLDB) entry. To retain the volume and VLDB
entry, include the B<-savevolume> flag. Partial pathnames are interpreted
relative to the current working directory.

Specify the read/write path to the mount point, to avoid the failure that
results from attempting to remove a mount point from a read-only
volume. By convention, the read/write path is indicated by placing a
period before the cell name at the pathname's second level (for example,
F</afs/.example.com>). For further discussion of the concept of read/write and
read-only paths through the filespace, see the B<fs mkmount> reference
page.

=item B<-savevolume>

Preserves the user's volume and VLDB entry.

=item B<-verbose>

Produces on the standard output stream a detailed trace of the command's
execution. If this argument is omitted, only warnings and error messages
appear.

=item B<-cell> <I<cell name>>

Specifies the cell in which to run the command. For more details, see
L<uss(8)>.

=item B<-admin> <I<administrator to authenticate>>

Specifies the AFS user name under which to establish authenticated
connections to the AFS server processes that maintain the various
components of a user account. For more details, see L<uss(8)>.

=item B<-dryrun>

Reports actions that the command interpreter needs to perform while
executing the command, without actually performing them. For more details,
see L<uss(8)>.

=item B<-skipauth>

Prevents authentication with the AFS Authentication Server, allowing a
site using Kerberos to substitute that form of authentication.

=item B<-help>

Prints the online help for this command. All other valid options are
ignored.

=back

=head1 EXAMPLES

The following command removes smith's user account from the C<example.com>
cell. The B<-savevolume> argument retains the C<user.smith> volume on its
file server machine.

   % uss delete smith -mountpoint /afs/example.com/usr/smith -savevolume

=head1 PRIVILEGE REQUIRED

The issuer (or the user named by B<-admin> argument) must belong to the
system:administrators group in the Protection Database, must have the
C<ADMIN> flag turned on in his or her Authentication Database entry, and
must have at least C<a> (administer) and C<d> (delete) permissions on the
access control list (ACL) of the mount point's parent directory. If the
B<-savevolume> flag is not included, the issuer must also be listed in the
F</usr/afs/etc/UserList> file.

=head1 SEE ALSO

L<UserList(5)>,
L<fs_mkmount(1)>,
L<uss(8)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	uss_delete - Deletes a user account (deprecated)
	4
	5	=head1 SYNOPSIS
	6
	7	=for html
	8	<div class="synopsis">
	9
	10	B<uss delete> S<<< B<-user> <I<login name>> >>>
	11	S<<< [B<-mountpoint> <I<mountpoint for user's volume>>] >>>
	12	[B<-savevolume>] [B<-verbose>] S<<< [B<-cell> <I<cell name>>] >>>
	13	S<<< [B<-admin> <I<administrator to authenticate>>] >>> [B<-dryrun>]
	14	[B<-skipauth>] [B<-help>]
	15
	16	B<uss d> S<<< B<-u> <I<login name>> >>> S<<< [B<-m> <I<mountpoint for user's volume>>] >>>
	17	[B<-sa>] [B<-v>] S<<< [B<-c> <I<cell name>>] >>>
	18	S<<< [B<-a> <I<administrator to authenticate>>] >>> [B<-d>] [B<-sk>] [B<-h>]
	19
	20	=for html
	21	</div>
	22
	23	=head1 CAUTIONS
	24
	25	The B<uss> command suite is currently designed for cells using the
	26	obsolete Authentication Server, and therefore is primarily useful for
	27	sites that have not yet migrated to a Kerberos version 5 KDC. The
	28	Authentication Server and supporting commands will be removed in a future
	29	version of OpenAFS, which may include B<uss> unless someone who finds it
	30	useful converts it to work with a Kerberos version 5 KDC.
	31
	32	=head1 DESCRIPTION
	33
	34	The B<uss delete> command removes the Authentication Database and
	35	Protection Database entries for the user named by B<-user> argument. In
	36	addition, it can remove the user's home volume and associated VLDB entry,
	37	a mount point for the volume or both, depending on whether the
	38	B<-mountpoint> and B<-savevolume> options are provided.
	39
	40	=over 4
	41
	42	=item *
	43
	44	To remove both the volume and mount point, use the B<-mountpoint> argument
	45	to name the user's home directory. It is best to create a tape backup of a
	46	volume before deleting it. Note that other mount points for the volume are
	47	not removed, if they exist.
	48
	49	=item *
	50
	51	To remove the mount point only, provide both the B<-mountpoint> and
	52	B<-savevolume> options.
	53
	54	=item *
	55
	56	To preserve both the volume and mount point, omit the B<-mountpoint>
	57	argument (or both it and the B<-savevolume> flag).
	58
	59	=back
	60
	61	=head1 OPTIONS
	62
	63	=over 4
	64
65	=item B<-user> <I<login name>>
66
67	Names the entry to delete from the Protection and Authentication
68	Databases.
69
70	=item B<-mountpoint> <I<mountpoint for the user's volume>>
71
72	Specifies the pathname to the user's home directory, which is deleted from
73	the filespace. By default, the volume referenced by the mount point is
74	also removed from the file server machine that houses it, along with its
75	Volume Location Database (VLDB) entry. To retain the volume and VLDB
76	entry, include the B<-savevolume> flag. Partial pathnames are interpreted
77	relative to the current working directory.
78
79	Specify the read/write path to the mount point, to avoid the failure that
80	results from attempting to remove a mount point from a read-only
81	volume. By convention, the read/write path is indicated by placing a
82	period before the cell name at the pathname's second level (for example,
83	F</afs/.example.com>). For further discussion of the concept of read/write and
84	read-only paths through the filespace, see the B<fs mkmount> reference
85	page.
86
87	=item B<-savevolume>
88
89	Preserves the user's volume and VLDB entry.
90
91	=item B<-verbose>
92
93	Produces on the standard output stream a detailed trace of the command's
94	execution. If this argument is omitted, only warnings and error messages
95	appear.
96
97	=item B<-cell> <I<cell name>>
98
99	Specifies the cell in which to run the command. For more details, see
100	L<uss(8)>.
101
102	=item B<-admin> <I<administrator to authenticate>>
103
104	Specifies the AFS user name under which to establish authenticated
105	connections to the AFS server processes that maintain the various
106	components of a user account. For more details, see L<uss(8)>.
107
108	=item B<-dryrun>
109
110	Reports actions that the command interpreter needs to perform while
111	executing the command, without actually performing them. For more details,
112	see L<uss(8)>.
113
114	=item B<-skipauth>
115
116	Prevents authentication with the AFS Authentication Server, allowing a
117	site using Kerberos to substitute that form of authentication.
118
119	=item B<-help>
120
121	Prints the online help for this command. All other valid options are
122	ignored.
123
124	=back
125
126	=head1 EXAMPLES
127
128	The following command removes smith's user account from the C<example.com>
129	cell. The B<-savevolume> argument retains the C<user.smith> volume on its
130	file server machine.
131
132	% uss delete smith -mountpoint /afs/example.com/usr/smith -savevolume
133
134	=head1 PRIVILEGE REQUIRED
135
136	The issuer (or the user named by B<-admin> argument) must belong to the
137	system:administrators group in the Protection Database, must have the
138	C<ADMIN> flag turned on in his or her Authentication Database entry, and
139	must have at least C<a> (administer) and C<d> (delete) permissions on the
140	access control list (ACL) of the mount point's parent directory. If the
141	B<-savevolume> flag is not included, the issuer must also be listed in the
142	F</usr/afs/etc/UserList> file.
143
144	=head1 SEE ALSO
145
146	L<UserList(5)>,
147	L<fs_mkmount(1)>,
148	L<uss(8)>
149
150	=head1 COPYRIGHT
151
152	IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
153
154	This documentation is covered by the IBM Public License Version 1.0. It was
155	converted from HTML to POD by software written by Chas Williams and Russ
156	Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.