NAME

dirgroup - a script for merging the contents of /etc/group.d into /etc/group.


SYNOPSIS

dirgroup


README

This is a script for merging the contents of a directory, /etc/group.d, into the file /etc/group. Storing group information in a directory allows users other than root to own and manage Unix groups. This minor change to Unix permission semantics provides many of the advantages of much more complex ACL systems.


DESCRIPTION

Normal Unix permissions are fine for keeping people out of your private files - unfortunately things tend to get more complicated when you want to grant access to only one or two people. The only way to do this in traditional Unix is to have the system administrator create a group for you and your friends, and then assign group ownership of the file to that group.

This isn't very efficient, since few system administrators will want to be bothered with creating little custom groups for everyone. In practise nobody bothers, and groups aren't really used very much.

This script allows system administrators to safely give normal users permission to create and modify their own groups, thus making the whole group concept much more useful and usable.


USAGE

Create and modify groups in /etc/group.d using your favorite editor or a more user-friendly tool which has yet to be written. Don't forget to add yourself to the group!

Run dirgroup to merge your modified group into /etc/group.

Log out, log in, have fun with your new group.


FILE FORMATS

The format of a group entry is something like this:

  group-name:password:group-number:user1,user2,user3, ...

See the group(5) man page for more information.

Usually people don't use passwords on groups - but it is very important not to leave that field empty (it should contain an x or a *), since an empty password means anyone is allowed to join the group using the newgrp(1) command.


COMMUNITY

All open source programs need user communities, so I've created a mailing list for dirgroup. If you have suggestions, bug reports or other contributions, please send mail to <dirgroup@molar.is>..

Archives and a subscription form are at http://www.molar.is/en/lists/dirgroup/


INSTALLATION

To install dirgroup, I recommend simply copying the script to /usr/bin, /usr/local/bin or wherever you store third-party binaries. Next you create the /etc/group.d directory and populate it with the current contents of /etc/group. Finally you modify the permissions of /etc/group and the dirgroup script to allow normal users to create and modify their own groups.

A typical installation sequence looks like this:

  $ cp dirgroup /usr/bin
  $ mkdir /etc/group.d
  $ dirgroup
  $ chmod ugo+rwxt /etc/group.d
  $ chmod u+s /usr/bin/dirgroup

Optionally, you may prefer not to make dirgroup setuid root, but instead invoke it from cron every once in a while.

Note to packagers: Running dirgroup to populate /etc/group.d before assigning granting global write access to /etc/group.d is very important to protect the current group structure from race-based attacks during installation.


KNOWN BUGS

Users will need to log in and out or use the newgrp command to see new or modified groups.


SCRIPT CATEGORIES

UNIX/System_administration


AUTHOR AND COPYRIGHT

dirgroup was written by Bjarni R. Einarsson <bre@klaki.net>.

This script is hereby released to the Public Domain. New versions will be put here: http://bre.klaki.net/programs/dirgroup/


SEE ALSO

  newgrp(1), group(5), groupadd(8), groupdel(8), groupmod(8)