[TriLUG] Users and groups

Paul D. Boyle boyle at laue.chem.ncsu.edu
Thu Mar 14 11:11:35 EST 2002


JJ wrote:
> 
> When I create a new user, a new group is also created with the same name by
> default. Why is that?

This is idiosyncratic to Redhat.  This is the so-called "User Private"
Group scheme.  It is simply a convention which Redhat uses which
they feel makes it easier to use groups.  SuSE, on the other hand,
for example, adds "normal" users to a 'users' group, which is a more
conventional/traditional way of organizing groups under Unix.

> Should I create a 'standard' group that I want unprivileged users to belong
> to, so that I can grant / revoke
> privileges for the group? And if so, if I deny access to a particular
> resource from a group, but then grant access to that
> same resource to a user that is also in the 'denied' group, which set of
> rights wins? Most restrictive or least?

One thing I have done on Redhat is to keep the User Private Group scheme,
but then create common groups (e.g. a 'develop' group for people who
write programs) where they have access to a common subdirectory, say,
/usr/local/develop (which is owned by that group) where development work
is carried out.  You could set this up on per project basis, and users
could be members of multiple secondary groups in addition to their primary
"private group".

> I guess more to the point. can I create users and assign them to groups, and
> then grant privs to the groups? This is how I was trained to do it in a MS
> environment, and it does ease administration of users. Any concerns with
> taking this approach?

This sounds sort of similar to the what I outlined above.

Paul

-- 
Paul D. Boyle			    |	boyle at laue.chem.ncsu.edu
Director, X-ray Structural Facility |	phone: (919) 515-7362
Department of Chemistry - Box 8204  |	FAX:   (919) 515-5079
North Carolina State University     | 
Raleigh, NC, 27695-8204
http://laue.chem.ncsu.edu/web/xray.welcome.html



More information about the TriLUG mailing list