Group accounts

Group Accounts

Group accounts are accounts that are intended to be used by more than one person. A group account has a home directory that is separate from any person's home directory. This group directory contains files that several people may collaborate to create for a specific purpose. It is also a single place where others may find information about a particular project or area of research. Group accounts have their own file space and internet traffic quota. File access controls for a group are separate from those of personal home directories. Selected personal accounts can be made members of a group by requesting this from System Support. These accounts will have special file access to read and change group files that other accounts will not. See the page on file permissions. Examples of group accounts are:
  • CSE courses that require group projects as part of their assessment usually assign students to group accounts, one account per project group.
  • Staff may request a group account to act as a central repository for group efforts such as a research project or conference.
  • Student societies are also given a group account.
A special type of group account is the user-managed group. This does not have a separate home directory. It allows the group manager to create directories and files in his/her own home directory and manage which other accounts have access to them.

When Group Accounts Are Created

Group accounts use extra resources such as space on backup tapes and internet traffic and require time from the system administrators to set up. Consequently they will only be created when real need for a group account exists. In other cases files should be kept in a personal home directory and a user-managed group may be created to help manage group access. Good reasons for creating a group account are:
  • Significant and consistent problems occur due to keeping group files in a personal home directory.
  • A repository is needed for documents for a high profile project or research group. This might be a conference which has a distinct URL, or a software project with several contributing authors.
  • A project uses resources at CSE, such as file space or a website. Even if the main person running the project were to leave, others at CSE would continue to run the project and use the resources.

How Groups Work

Group accounts are based upon Unix/Linux groups. Every account has an associated group of the same name to which it belongs and to which other accounts can be added. This fact, combined with file permissions, allows people to have shared access to directories and files that by default would be accessible only to the owner. There is, therefore, no need for the group account to have a password so System Support do not set one and the account is set to be classed as NoLogin.
  • to see what groups you're a member of look at the Groups line in your acc or type groups.
  • to access the group home directory type: cd /home/<groupname>
  • to see the group details type: acc group.<groupname>
  • to list all members of the group type: acc group.<groupname>/ (note the slash on the end).
If groups or cd don't work after SS tell you they've added you to a group, start a new login shell. At worst you might need to logout and login again. Group membership, like much of your session environment, is set upon login and subsequent changes won't automatically propagate.

Passwords on group accounts

We avoid setting passwords on group accounts where possible. If a group account requires an actual login (this will only be provided to staff), we will take it out of the NoLogin class and associate an SSH public key for each person requiring access. Each person generates an SSH key pair, keeps their private key and gives us the public key. See the SSH Key File Guide.

Adding other accounts to a personal group

If there are only a couple of people who want to share diskspace and the space needs are small, it may be simpler for user A to be added to user B's group and user B to set aside a directory in their home directory, with suitable file permissions, for the shared space. However, UMGs are the preferred method of handling this.
Last edited by Robert Doran 27/05/2011

Tags for this page:

account, group