Summary: A User's Guide to Unix Group Management
In the interest of making life easier for everyone, the CSE Lab has developed a software
suite, collectively known as GrpAdmin, that allows userlevel management of Unix groups and
group memberships. We begin by explaining traditional group management procedures, then
describe a new methodology and its benefits. A concluding section provides examples of using
the new software.
1. Traditional Methods of Group Management
Unix groups can be a powerful tool for file protection and sharing. However the usual techniques for managing
groups are cumbersome. Traditionally, groups are manipulated by editing specific files. Access to these files is lim
ited to administrative ``super users'' since the access is all or nothing: the capability to change one group implies the
ability to change all groupd in arbitrary ways. Therefore group creation, membership changes and group removal
require indirection through support staff who are sufficiently trusted to actually perform those operations. Indirec
tion means sending mail, waiting for a reply, discovering that you forgot something or want to make yet another
change and then going through the whole process again. There are also delays in updates taking noticeable effect
due to the manner in which they are propagated.
An additional shortcoming of traditional group usage is that the underlying operating system imposes a limit on the
number of groups simultaneously associated with a user. Once this limit is reached, a user cannot join a new group
until some old membership(s) are removed.
In an effort to make groups more generally useful, the GrpAdmin software allows ``regular'' users to manage groups