UNIX group management
Each user account, e.g. xy123456, has its own primary UNIX group which bears the same name xy123456. In order to allow users to manage "their" group themselves, we provide a tool called member. member distinguishes between the three roles owner, manager and member. A user xy123456 is always an owner of the group with the same name xy123456. In addition, IT Center staff may assign more owners. The following authorization rules hold:
An Owner or Manager can add or delete managers or members of the group.
- A user can remove himself from a group he is a member of.
Some typical use cases are shown in the following sections. To print the complete manual page of member use the following command:
Add Other Users to Your UNIX Group
Assume that you are the user xy123456. To add another user ab654321 to your group xy123456 use the following command:
member add ab654321
member relies on Kerberos to authenticate against our LDAP server. Unless you already have a valid Kerberos ticket, member will ask for your password in order to get a ticket. Subsequently, you can use member without the need to enter your password again until your Kerberos ticket expires.
It will take some minutes until the change actually becomes active on the system. You can print the current members of the group xy123456 with the command:getent group xy123456
The user ab654321 has to log in again in order to finally become a member of the group xy123456. He can print a list of groups he is a member of using the commandgroupsIcon
If you are working in a remote desktop environment started by FastX2 you have to follow these steps to reflect membership changes of groups:
- Logoff from the remote desktop.
- Terminate the FastX2 connection to the server (no process fastx2_sci must be running anymore on the server for your user ID).
- Reestablish the FastX2 connection to the server and start a new remote desktop. Unless you are using an ssh key for authentication, you will be prompted for your password two times. If you have to enter your password just once, you didn't terminate the FastX2 connection in step 2.
- If a UNIX group is configured to grant ssh login access for the members of the group, changes will not be applied until the next business day.
Project Accounts and Groups
For project accounts, e.g. jara9876, the technical contact of the project, e.g. xy123456, is configured as the initial owner when the project is created. He therefore has the permission to add other users, e.g. ab654321, using the command
member add --name jara9876 ab654321
In order to add further managers, e.g. mn123456, use the command
member add --name jara9876 --manager mn123456
The following command lists all owners, managers and members of your own group (xy123456):
To print the same information for a foreign group jara9876 use the following command:
member --name jara9876 show
Note that you must belong to a group in order to list its managers or owners.
The following command prints all groups you are an owner, manager or member of: