Comments on: User and Group Management 101

By: Spatik

Spatik — Wed, 27 Jun 2012 04:46:34 +0000

Nice tutorial, thank you…;)

By: Spatik

Spatik — Wed, 27 Jun 2012 04:46:09 +0000

Nice tutorial, than you…;)

By: Charles H. Lowe Jr.

Charles H. Lowe Jr. — Sun, 12 Feb 2012 23:43:35 +0000

I am trying to find out what a primary and secondary group are in group management.

Thankyou, Chuck

By: bthoward

bthoward — Wed, 30 Nov -0001 00:00:00 +0000

I find that this is all fine and dandy until you want to get just a tad more complicated.

For example I have a folder for the documents my wife and I keep on hand. I have a group called hoyt-trusted that my wife and I are members of. This group is intended to provide read/write access. However I have some users who visit that are trusted enough to have read access to that directory structure I put them in a group called hoyt. I want to use owners in this folder in the sense that I want my wife\'s files to be under her user account and I want my files to be under my user account. However we should be able to read and write to one another\'s files.

With the current structure this was not possible. After some digging I found ACL\'s. I really think that ACL\'s should become the standard way of doing things. Unless there is something better, but at the moment when I ran into this problem I found ACL\'s and I\'m loving the way they work! I also very much like the default control list which has solved other permissions issues that arise when you have many people creating files in a set folder. There are all sorts of ways that you can tweak things and you can usually find a way to get exactly the functionality that you want.

Now that I have all my groups and access control lists setup I only manage users by placing them into the groups to which they should belong. Their user then inherits all the permissions they should have and everyone gets along.

By: peterstoops

peterstoops — Wed, 30 Nov -0001 00:00:00 +0000

Very basic. I wouldn\'t allow any sysadmin on our servers who isn\'t familiar with these commands.

More interesting for me would be:
- I need to change the UID for a user.
- I need to change the GID for a group.
- I have usernames and groupnames with mixed cases, and want them all to be lowercase.

These are real cases we\'re facing, and after some thought, appear not too complex, until you\'re facing a big mixed environment with Linux, HP-UX, Solaris,... and you need all UIDs for a certain user to match, and GIDs for a group to match...

Ah, but we\'re nearly there, and then our nightmares will (hopefully) be over.

Good advise: Pay real close attention to this, you won\'t regret it! Good user and group management is a MUST!

Thanks for the article!

By: khess

khess — Wed, 30 Nov -0001 00:00:00 +0000

@bthoward: You\'re right. ACL management is in a future post.

@peterstoops: You got it. I\'ll schedule those topics for a future post. In large, mixed environments, you would typically use some enterprise-level user management software. There are some good ones out there. I wouldn\'t want to manage an environment of any size without one. Imagine removing a user account from say, 500 systems, or even 50.

By: grabur

grabur — Wed, 30 Nov -0001 00:00:00 +0000

Small nitpick – you suggest bob changes his name to bobby, and then change it to robert!

By: khess

khess — Wed, 30 Nov -0001 00:00:00 +0000

@grabur: fixed.