Manage UNIX groups

You can create your own groups and add others to your groups.  By this way you can easily share your files with group members.  For example, if you are cooperating with another student in a course project, you can create a group abc and add both of you to it, then setup a directory (such ascourse) with permission 770 and owner group abc, thus only you two can access it, such as:


$ chmod 770 ~/course
$ chmod g+rw ~/course/*
$ chgrp -R abc ~/course

Please note your home directory should also be in proper permission mode so that your group member can really access course.  How to set permissions is out of the scope of this mini-howto.

To use the group utility, just type the command group.  You will be prompted to login.  After your input username and password, a menu will be displayed:


[huaz@disco:/home/huaz] group
No mail.
Welcome to the Group Creator program

login: huaz
password:

MENU
====
1. Create a group
2. Add users to a group
3. Delete users from a group
4. Delete a group
5. View a group
6. Review changes
7. Quit and Save
8. Quit without save

Enter a number:

The operation is straightforward, but let me explain several things that may seem confusing:

  • If you do not select option 7 before you quit the program, you will lose all the changes you just made.
  • You have to wait about 5 minutes and re-login for the changes to take effect.
  • Capital letters are not allowed in group names.
  • You cannot create an existent group, nor can you delete a non-existent group.
  • After you create a group, you become the owner, and you can change this group at your will, including add/remove users or even delete it.
  • You can not manage any groups that were created by others, except that you can always remove yourself from other groups.
  • You can find out the owner of a group by 5 (View a group). You should contact the owner if you want to be added to a group.
  • The difference of 5 and 6 is: 5 reviews group information that has been effective, while 6 reviews the changes you just made, which have not become effective.

To check whether the changes have been effective, you can use option 5.  You can also query ldap directly to see if the group has been created with:

ldapsearch -x -LLL -b ou=Group,dc=cs,dc=columbia,dc=edu cn=mygroup

If it has been created, you will see information about the group. If not, nothing will be shown.

You can also type groups (not ‘group’!) to see which groups you belong to.  If the results of ‘ldapsearch’ and ‘groups’ do not match, you have to re-login.

If you have any problems or questions about using group utility, please send email to crf.

Daniel Benamy, March 04 2009