russell@ccu1.aukuni.ac.nz (Russell J Fulton;ccc032u) (09/03/90)
We run a large UNIX system ( a SGI 4D/240 ) with over 1000 registered users. Other possibly relevant data: IRIX is a system V derivative with lots of BSD features. ( In particular next release will have BSD groups, due rsn.) We also run Yellow Pages to share /etc/passwd and /etc/group. The system is shared by 4 main groups of users. 1/ Academic staff 2/ Post graduate students 3/ Undergraduate students 4/ Computer centre programes We want to restrict access to certain resources to members of one or other of these groups. My first approach to this was to make a group not-ugrd that included all non undergraduates ( aprox 500) but YP bitched about the line in the /etc/group file being too long. HOw do other handle this sort of problem on large systems? Thanks, Russell. -- Russell Fulton, Computer Centre, University of Auckland, New Zealand. Internet rj_fulton@aukuni.ac.nz.
cep@cci632.UUCP ( co-op) (09/05/90)
In article <1990Sep3.004000.4711@ccu1.aukuni.ac.nz> russell@ccu1.aukuni.ac.nz (Russell J Fulton;ccc032u) writes: > >We want to restrict access to certain resources to members of one or other >of these groups. My first approach to this was to make a group not-ugrd that >included all non undergraduates ( aprox 500) but YP bitched about the line >in the /etc/group file being too long. You SHOULDN'T have to have a discreet entry for each person in /etc/group - the approach you want to take is to modify the group field of each entry in /etc/passwd. From the description of the setup you want, individual users should rarely (if EVER) have to change between groups. If the BSD'isms you are talking about support multiple group membership, then /etc/group should only contain the EXCEPTIONS. Does this help? Chris