Sie befinden sich im Service: RWTH High Performance Computing (Linux)

UNIX group management

UNIX group management

Kurzinformation

Each user account, e.g. xy123456, has its own primary UNIX group which bears the same name xy123456. In order to allow users to manage "their" group themselves, we provide a tool called member. member distinguishes between the three roles owner, manager and member. A user xy123456 is always an owner of the group with the same name xy123456. In addition, IT Center staff may assign more owners. The following authorization rules hold:

  1. An Owner or Manager can add or delete managers or members of the group.

  2. A user can remove himself from a group he is a member of.

Some typical use cases are shown in the following sections. To print the complete manual page of member use the following command:

member --man

Detailinformation

Add Other Users to Your UNIX Group

Assume that you are the user xy123456. To add another user ab654321 to your group xy123456 use the following command:

member add ab654321

member relies on Kerberos to authenticate against our LDAP server. Unless you already have a valid Kerberos ticket member will ask for your password in order to get a ticket. Subsequently, you can use member without the need to enter your password again until your Kerberos ticket expires.

Notes:

  1. It will take some minutes until the change actually becomes active on the system. You can print the current members of the group xy123456 with the command:

    getent group xy123456
  2. The user ab654321 has to log in again in order to finally become a member of the group xy123456. He can print a list of groups he is a member of using the command

    groups

    If you are working in a remote desktop environment started by FastX you have to follow these steps to reflect membership changes of groups:

    1. Logoff from the remote desktop.
    2. Terminate the FastX connection to the server.
    3. Reestablish the FastX connection to the server and start a new remote desktop. Unless you are using an ssh key for authentication, you will be prompted for your password two times. If you have to enter your password just once, you didn't terminate the FastX connection in step 2.
  3. If a UNIX group is configured to grant ssh login access for the members of the group, changes will not be applied until the next business day.

Project Accounts and Groups

For project accounts, e.g. jara9876, the technical contact of the project, e.g.xy123456, is configured as the initial owner when the project is created. He therefore has the permission to add other users, e.g. ab654321, using the command

member add --name jara9876 ab654321

In order to add further managers, e.g. mn123456, use the command

member add --name jara9876 --manager mn123456

List Groups

The following command lists all owners, managers and members of your own group (xy123456):

member show

To print the same information for a foreign group jara9876 use the following command:

member --name jara9876 show

Note that you must belong to the group in order to list its managers or owners.

The following command prints all groups you are an owner, manager or member of:

member finger

zuletzt geändert am 27.02.2023

Wie hat Ihnen dieser Inhalt geholfen?

Creative Commons Lizenzvertrag
Dieses Werk ist lizenziert unter einer Creative Commons Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Deutschland Lizenz