OK I'm a big UNIX guy and haven't shared much technical knowledge with this community and I want to do so.
UNIX groups is a way to share files amongst common groups of users. Users not member of the group wouldn't have priviliges to the files. Users member of a group would have priviliges to the files that belong to his group, but not another group of which he is not a member. I hope this is clear, but we'll go ahead. Of course UNIX permissions is just fine for home machines or machines that have little, basic sharing amongst users to do. Really complex shares will probably require ACLs. ACLs are out of the scope of this post. But of course, Mac OS X Tiger includes ACL. So I probably will create a new guide later.
I recently came across a need for UNIX groups on a Mac at work, which is used by many people. This is only necessary if simply have a Shared folder (/Users/Shared) is simply not enough and you need to have finer control of who accesses the files. This is not optimal in many cases, but we'll go ahead.
Let's say, we have the following users, following the format of long name followed by the UNIX short name:
Administrator priviliges: Administrator (administrator)
Standard users: Will Johansson (will), John Doe (john), Jane Doe (jane), Chris Lastname (chris)
1.) will, john are webmasters of a website. They need to share HTML files.
2.) john, jane are married. They need to share family photos.
3.) will, chris are colloborating on a book. They need to share Word documents.
Groups aren't optimal for scenarios #1 and #3. Version control is probably better for those, but we'll just use those scenarios to make my point with UNIX groups in Mac OS X. I'll have another article on version control.
Let's go ahead and note that we will have three groups, one for each scenario. Let's name them.
1.) webmasters
2.) doefamily
3.) book
As an administrator, log in Mac OS X and launch System Preferences and add the users will, john, jane and chris with their respective long names.
Quit System Preferences. Launch NetInfo Manager in /Applications/Utilities. Click on groups.
1.) webmasters
Click on New icon. For the name property, type in "webmasters". With webmasters selected, go to Directory in the menu and select "New Property". Name the property "gid" and give it any number above 500 (a safe bet). Make another New Property and name it "passwd" and give it a value of "*". Finally make another New Property and name it "users". Now don't give it any values. Instead, make sure users is selected and go to Directory in the menu and select "New Value". Type in "will". Do it again and type in "john". Excellent, we've finished the first group.
Save, of course.
2.) doefamily
Repeat the above except replace "webmasters" with "doefamily" and choose another gid of above 500 that you did not use for "webmasters". Also replace "will" with "jane". You'll add john as well, of course. You're set for "doefamily". Let's do book.
3.) book
Again, repeat #1. Have users contain values of "will" and "chris" and another gid.
Finally, to have any effect, we need to create folders that they can share. In Finder, go to Macintosh HD (the root of the hard drive). You should see Users and other folders. Make a new folder and name it Groups. Open Groups once made and make new folders named webmasters, doefamily and book.
Once you've finished that, launch Terminal in /Applications/Utilities and perform:
Having changed group ownership, we need to change permissions on the folders to make sure members in the group can write to the folder. UNIX permissions require a folder to be executable in order to cd to it. 777 means rwx for all owners, groups and users. 776 means rwx for owners and groups but any user not owning or in a group can only read the directory, thus not being able to modify anything in there. That might be fine, but 770 is best. That means owners and group members can read and write to the directory and no one else can even read. We'll use 770.
Enjoy.
UNIX groups is a way to share files amongst common groups of users. Users not member of the group wouldn't have priviliges to the files. Users member of a group would have priviliges to the files that belong to his group, but not another group of which he is not a member. I hope this is clear, but we'll go ahead. Of course UNIX permissions is just fine for home machines or machines that have little, basic sharing amongst users to do. Really complex shares will probably require ACLs. ACLs are out of the scope of this post. But of course, Mac OS X Tiger includes ACL. So I probably will create a new guide later.
I recently came across a need for UNIX groups on a Mac at work, which is used by many people. This is only necessary if simply have a Shared folder (/Users/Shared) is simply not enough and you need to have finer control of who accesses the files. This is not optimal in many cases, but we'll go ahead.
Let's say, we have the following users, following the format of long name followed by the UNIX short name:
Administrator priviliges: Administrator (administrator)
Standard users: Will Johansson (will), John Doe (john), Jane Doe (jane), Chris Lastname (chris)
1.) will, john are webmasters of a website. They need to share HTML files.
2.) john, jane are married. They need to share family photos.
3.) will, chris are colloborating on a book. They need to share Word documents.
Groups aren't optimal for scenarios #1 and #3. Version control is probably better for those, but we'll just use those scenarios to make my point with UNIX groups in Mac OS X. I'll have another article on version control.
Let's go ahead and note that we will have three groups, one for each scenario. Let's name them.
1.) webmasters
2.) doefamily
3.) book
As an administrator, log in Mac OS X and launch System Preferences and add the users will, john, jane and chris with their respective long names.
Quit System Preferences. Launch NetInfo Manager in /Applications/Utilities. Click on groups.
1.) webmasters
Click on New icon. For the name property, type in "webmasters". With webmasters selected, go to Directory in the menu and select "New Property". Name the property "gid" and give it any number above 500 (a safe bet). Make another New Property and name it "passwd" and give it a value of "*". Finally make another New Property and name it "users". Now don't give it any values. Instead, make sure users is selected and go to Directory in the menu and select "New Value". Type in "will". Do it again and type in "john". Excellent, we've finished the first group.
Save, of course.
2.) doefamily
Repeat the above except replace "webmasters" with "doefamily" and choose another gid of above 500 that you did not use for "webmasters". Also replace "will" with "jane". You'll add john as well, of course. You're set for "doefamily". Let's do book.
3.) book
Again, repeat #1. Have users contain values of "will" and "chris" and another gid.
Finally, to have any effect, we need to create folders that they can share. In Finder, go to Macintosh HD (the root of the hard drive). You should see Users and other folders. Make a new folder and name it Groups. Open Groups once made and make new folders named webmasters, doefamily and book.
Once you've finished that, launch Terminal in /Applications/Utilities and perform:
You'll need to type your administrator password for sudo as requested.
Having changed group ownership, we need to change permissions on the folders to make sure members in the group can write to the folder. UNIX permissions require a folder to be executable in order to cd to it. 777 means rwx for all owners, groups and users. 776 means rwx for owners and groups but any user not owning or in a group can only read the directory, thus not being able to modify anything in there. That might be fine, but 770 is best. That means owners and group members can read and write to the directory and no one else can even read. We'll use 770.
That's all there is to it! If you have any questions or trouble, please feel free to comment in this thread. I'll be glad to help. Also, if there are any errors in my documentation, please let me know and I'll fix it.
Enjoy.