User Managed Groups
These behave similarly to normal Unix groups and still have to be created by SS but once created they can be controlled by the group owner. Operations available to the group owner include adding and removing members, extending the UMG's expiry date and destroying the UMG. Only the group owner can add members to the UMG but members may remove themselves. Anybody can list the members of a UMG. All these operations are performed by the priv umg command. Emails are automatically sent to the group owner and members upon UMG creation and membership changes. The default expiry date on a UMG is one year, which can be extended up to the expiry date of the group owner's account.
To see what actions can be performed on a UMG, type priv help umg.
Using UMGs
UMGs always have names of the form: "username of group owner" "+" "purpose of UMG". For example, if user fbloggs wants to form a group with a couple of thesis partners, a logical choice of name would be fbloggs+thesis. Once created, the UMG owner (fbloggs) should create a subdirectory in their home directory for use by the UMG members and chgrp the subdirectory to the UMG. eg:% pwd
/home/fbloggs
% mkdir project
% ls -ld project
drwxr-x--x 2 fbloggs fbloggs 4096 Jan 16 13:16 project
% chgrp fbloggs+thesis project
% chmod g+w,g+s project
% ls -ld project
drwxrws--x 2 fbloggs fbloggs+thesis 4096 Jan 16 13:17 project
Note that if the UMG was created (by root) after fbloggs had most recently logged in, then fbloggs will need to start a new login shell before doing any of the above, so that fbloggs' group membership may be updated to include the new UMG.UMGs, the UDB, and expiry dates
UMGs are implimented by creating a user and group in the UDB that has the name of the UMG. The priv umg command simply ensures that for most of its operations, the user running it matches the owner part of the UMG name (ie: the string before the '+'). The UMG user and group can be viewed using acc just like any other UDB entry, you just have to prepend 'user.' to the UMG username. ie:% acc user.fbloggs+thesis
Group Name : fbloggs+thesis
Id : 99999
Expires : 31 Mar 2008
User classes : UserManagedGroupAccount
Waste Basket UID : 65619
Printer Usage Status : Run "priv pquota" to initialise this information
% acc group.fbloggs+thesis
Group Name : fbloggs+thesis
Id : 99999
Gid : 88888
Groups : fbloggs+thesis
Expires : NEVER (structural)
Group classes : UserManagedGroup
Members : user.fbloggs|user.s1234567, user.jdoe|user.s7654321
% priv umg list fbloggs+thesis
fbloggs 31mar2008
jdoe 20dec2007
Note that in the example above:
- The UMG: fbloggs+thesis has the expiry date of 31mar2008 (matching the expiry date of its UDB entity: user.fbloggs+thesis);
- The UDB group: group.fbloggs+thesis, is a structural entity that will usually never expire;
- The two users that are members of the UMG (fbloggs and jdoe), have membership expiry dates that either preceed or equal the UMG's expiry date;
- No UMG member can have a membership expiry date that is later than the expiry date of the UMG itself.
- No UMG can have an expiry date that is later than the expiry date of the UMG's owner.
- If a UMG is about to expire (ie: the UMG user is about to expire), then as long as the UMG owner has an expiry date that is later than the UMG user, then the UMG owner may extend the expiry of the UMG to the same date as the UMG owner's expiry date by using the command:
% priv umg renew UMGNAME - If a user's UMG membership is about to expire, then as long as the UMG itself has an expiry date that is later than the UMG membership expiry date, the UMG owner may extend the membership of that user in the UMG to any DATE up to and including the UMG's expiry date by using the command:
% priv umg extend UMGNAME USER DATE