Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

UserLevel Management Of Unix Group Membership

Summary: User­Level Management
Of Unix Group Membership
We describe the design and implementation of a software suite, GrpAdmin, that allows unpriv­
ileged users to manage Unix group memberships. We begin by enumerating common problems
associated with traditional group management. We then show how GrpAdmin alleviates these
problems. The final section notes the effects, many of them sociological, anticipated during intro­
duction and deployment of the new software.
1. Introduction and Problem Statement
Unix groups, while a powerful concept, are subject to two annoying limitations. First, all group information has tra­
ditionally been stored in a single file, /etc/group or equivalent. The ability to change /etc/group confers all­or­noth­
ing powers of group manipulation --- either anything can be done to all groups or nothing can be done to any group.
Thus, for security reasons, group management responsibility has been concentrated in the hands of a relatively small
number of privileged people. This inability to directly delegate responsibility for group management to the people
directly involved with the group (e.g., members of project­related group) causes increased communication overhead,
distractions, interrupts and occasional frustrating delays.
A second problem is the limit imposed by Unix on the maximum number (usually 16­32) of groups associated with
an individual or process. This limit intrudes when extensive or fine­grained group­based file sharing is required. A
typical example occurs when instructors or TAs must be members of a large number of class­specfic groups. Since
changing group memberships ``on the fly'' is difficult or impossible, it may be necessary for those individuals to sac­


Source: Anderson, Richard - Department of Computer Science and Engineering, University of Washington at Seattle


Collections: Computer Technologies and Information Sciences