UNIX group management
Each user account, e.g.
xy123456, has its own primary UNIX group which bears the same name
xy123456. In order to allow users to manage "their" group themselves, we provide a tool called
member distinguishes between the three roles owner, manager and member. A user
xy123456 is always an owner of the group with the same name
xy123456. In addition, IT Center staff may assign more owners. The following authorization rules hold:
An Owner or Manager can add or delete managers or members of the group.
- A user can remove himself from a group he is a member of.
Some typical use cases are shown in the following sections. To print the complete manual page of member use the following command:
Add Other Users to Your UNIX Group
Assume that you are the user
xy123456. To add another user
ab654321 to your group
xy123456 use the following command:
member add ab654321
member relies on Kerberos to authenticate against our LDAP server. Unless you already have a valid Kerberos ticket
member will ask for your password in order to get a ticket. Subsequently, you can use
member without the need to enter your password again until your Kerberos ticket expires.
It will take some minutes until the change actually becomes active on the system. You can print the current members of the group
xy123456with the command:
getent group xy123456
ab654321has to log in again in order to finally become a member of the group
xy123456. He can print a list of groups he is a member of using the command
If you are working in a remote desktop environment started by FastX you have to follow these steps to reflect membership changes of groups:
- Logoff from the remote desktop.
- Terminate the FastX connection to the server.
- Reestablish the FastX connection to the server and start a new remote desktop. Unless you are using an ssh key for authentication, you will be prompted for your password two times. If you have to enter your password just once, you didn't terminate the FastX connection in step 2.
- If a UNIX group is configured to grant ssh login access for the members of the group, changes will not be applied until the next business day.
Project Accounts and Groups
For project accounts, e.g.
jara9876, the technical contact of the project, e.g.
xy123456, is configured as the initial owner when the project is created. He therefore has the permission to add other users, e.g.
ab654321, using the command
member add --name jara9876 ab654321
In order to add further managers, e.g.
mn123456, use the command
member add --name jara9876 --manager mn123456
The following command lists all owners, managers and members of your own group (
To print the same information for a foreign group
jara9876 use the following command:
member --name jara9876 show
Note that you must belong to the group in order to list its managers or owners.
The following command prints all groups you are an owner, manager or member of: