User groups are meant to ease the user privilege management, by allowing user privileges to be set for a user group and then user can be assigned to a desired user group. User inherits all the privileges from the group she belongs to. User can still have user specific privileges defined, even if user belongs to a group. User's actual privileges are combination of user specific and group based privileges.
User groups can be created using addgroup utility. To add a user group interactively start addgroup program from Sauron top-level directory as follows:
./addgroup
|
Enter group name: hobbits
Enter group description: Shire Hobbits
Groupname: hobbits
Description: Shire Hobbits
Add this group [y/n]?y
Group hobbits added successfully.
|
User groups (like User accounts) must have some privileges assigned to them for them to be useful. Privileges can be assigned directly to the user group using modgroup utility. Privileges that can be set to a user group are same as the privileges for a user. For more information about privileges see the Section called Setting Privileges.
To add privileges for a user group interactively, start modgroup utility with the --add option. This can be done as follows from the Sauron top-level directory:
./modgroup hobbits --add
|
./modgroup hobbits
|
Groupname: hobbits (id=1)
Comment: Shire Hobbits
ID Type Ref. Mode
------ -------- ------------------------- --------------------------------
1 server test R
2 zone test:middle.earth RW
|
User group can be removed using delgroup utility. This utility works interactively when started without any arguments. To remove user(s) non-interactively use --group=<groupname>
To remove user group interactively, simply start delgroup without any arguments from Sauron top-level directory:
./delgroup
|