There is occasional confusion with the use of the word groups on UNIX systems.
The UNIX systems offer different ways that groups can work together.
- Group Accounts
A club or an academic project group might want a login which would serve web space for their group, or in which programs and data can be stored, in a central location for the group, and separate from the individual logins.
- Mailing Lists
If web, or program or data storage, space is not needed, a mailing list might suffice for a group. Email to the list name could be delivered to the group. If there is a group account, a mailing list of the same name could be created to add that feature to the group.
- Group Accounts
There are two types at WPI, one is for a club and another is for an academic project. A student can create the academic type by self service on the web.
- Club Accounts
A group of people might want an account to establish a home page for the group and/or to store data which the group needs. That might be called a group account, or group login, since it was established to serve a group. The group might be a club, sorority, fraternity, etc. Web access to the account would be by http://users.wpi.edu/~account-name, and file access to the account from a Windows account would be by \\filer.wpi.edu\homes\account-name
If you have a problem with your web pages, you can see your entries in the apache log file with userlog
A group account cannot have the same name as an existing mailing list, so if you are planning to have a web presence and a mailing list, too, create the group account first, and then the mailing list.
There is no self-service web page to create a group account. The person who will be responsible for the account should contact helpdesk in person, by mail to firstname.lastname@example.org, or by phone at extension 5888, and describe the group and suggest a login name for the group. Account names are limited to 16 characters and cannot have a space in the name. The group must be officially recognized by WPI.
A group account exists on CCC UNIX systems. It does not exist as a Windows account.
Since classes of students arrive and depart each year, if the account owner wants the account to continue to work after they leave, the owner should use http://www.wpi.edu/+groupaccount to transfer ownership to someone interested in continuing to maintain the account.
See Group Account Access, below.
- Club Accounts
- Project Accounts
A group of students might want an account to establish a home page for their project and/or to store data which the project needs. That might be called a group account, or group login, since it was established to serve a group. Web access to the account would be by http://users.wpi.edu/~account-name, and file access to the account from a Windows account would be by \\filer.wpi.edu\homes\account-name
A project account exists on CCC UNIX systems. It does not exist as a Windows account.
There is a self-service web page to create a project account. A project account can be created the term before the project starts and will be removed a term after the project ends. Any student in the project can create the project account.
See Group Account Access, below.
I understand all these things, begin the process.
You can create a mailing list so that email to email@example.com will go to all the members of the group. Someone has to create the list at http://www.wpi.edu/+mailinglist and use that web page to keep the list up to date.
Since classes of students arrive and depart each year, if the list owner wants a mailing list to continue to work after they leave, the owner should use http://www.wpi.edu/+mailinglist to transfer ownership to someone interested in continuing to maintain the mailing list.
Begin the Process
- Create or manage a mailing list.
- Manage a group login that you own.
- Create or manage groups on CCC UNIX systems.
Group Account Access
As mentioned above, the group or project account does not exist on Windows.
Since the CCC web servers run on UNIX, and the group or project account is on UNIX, the accounts are accessible for display on the web. The subdirectory named public_html is the root of the web tree. i.e. http://www.wpi.edu/~account-name accesses the public_html subdirectory. Since the web tree is rooted in this subdirectory, you are free to have other subdirectories in the account which are not exposed to the web. You would map that directory as \\filer\homes\account-name\public_html
If you are comfortable working with RedHat Linux, you can work directly on a CCC UNIX system to work on the account. You can ssh to ccc and login with the account-name and the account's password. The account's password is distinct from your personal password and the account owner can set the password at the group account page, http://www.wpi.edu/+groupaccount. Even if you choose to mainly maintain the account's files via Windows, you are going to occasionally need to access the account directly in UNIX to update permissions on the account.
Although the account exists on UNIX, the disk space for the account rests on the filer, and the disk space is accessible to a Windows user by mapping the account with \\filer.wpi.edu\homes\account-name If you are more familiar with Windows, you should find this type of access convenient.
The problem accessing the account from your personal login, whether in Windows or UNIX, is that your account is different from the account-name login. You can make the group or project account accessible from your account, and from the accounts of others who may have an interest, through the use of UNIX groups.
There is confusion here, since the word group crops up again. In one sense, the account represents a group of individuals, but a mechansism called a UNIX group lets a group of individuals' accounts access directories and files the account.
There are three sets of permissions which control access to directories and files on UNIX. Those three sets are for the owner of the file, for the group of the file, and for others, who are neither owners nor in the group. A new file automatically has the owner set to be the account that created the file. If there was no other factor, the group of the file would be the owner's personal group. e.g. if your account created a file in the group account, the file would belong to you. You want to arrange things so that others in the group can edit that file in the future. Also, if the file was part of the group's web space, you would want the web to be able to display it.
When someone tries to access the file, if they are the file owner, the permission that applies is the owner permission of the file. If they are not the owner, but are in the same group as the file, the group permission applies. If they are neither the owner of the file, nor in the group of the file, the other permission applies.
If you have a group (club, fraternity, sorority, project) account and you, and maybe others, want to maintain the information in the account, you should add the individuals' accounts to the group account's UNIX group. The account owner can use the group edit page, http://www.wpi.edu/+gred to add or remove individuals' accounts from the group account's UNIX group membership. You would not add everybody in the club to the account's group, you would only need to add those who will be maintaining the information.
Now that the account's UNIX group has been expanded to include the individuals who will be maintaining the account, you should use the ssh access, as described above, to log in to a CCC UNIX system. Use these commands to set up group access:
chmod g+rws ~ public_html
That chmod command adds to the group, g+, permission of the home directory, ~, and the web root directory, public_html, so that they are readable and writable by the group (r is readable, w is writable), and so that any files or directories which are created in those directories will be in the account's UNIX group, no matter what individual creates the file. The s makes the group be stickey for any files or directories which any of the group members create. As mentioned before, normally if an individual account creates a file, the file is normally in the individual's UNIX group, which would limit access by others who want to work on the account's files. The s option puts the file in the group's UNIX account, so that everyone in the UNIX group will have access.
You only need to do that chmod setup once, so that all future files and directories are in the group.
An account starts with a public_html directory and, of course, a home directory, so we list those two in the chmod command above. If an account is passed to you with other directories already in it, it would be a good idea to change the modes of those directories, too, so that the rest of the account's files are easier to maintain.
By the way, the web server runs in its own account. That account is not yours, and it is not in your group, so the other permissions should be set on any file that the web must access so that the web server can read and display your site. The server does not need to write anything in your account, or create any files, so you should only grant read access to others for files in your web site.Maintained by itweb
Last modified: Aug 21, 2012, 14:27 EDT