dirgroup - a script for merging the contents of /etc/group.d into /etc/group.
dirgroup
This is a script for merging the contents of a directory, /etc/group.d, into the file /etc/group. Storing group information in a directory allows users other than root to own and manage Unix groups. This minor change to Unix permission semantics provides many of the advantages of much more complex ACL systems.
Normal Unix permissions are fine for keeping people out of your private files - unfortunately things tend to get more complicated when you want to grant access to only one or two people. The only way to do this in traditional Unix is to have the system administrator create a group for you and your friends, and then assign group ownership of the file to that group.
This isn't very efficient, since few system administrators will want to be bothered with creating little custom groups for everyone. In practise nobody bothers, and groups aren't really used very much.
This script allows system administrators to safely give normal users permission to create and modify their own groups, thus making the whole group concept much more useful and usable.
Create and modify groups in /etc/group.d using your favorite editor or a more user-friendly tool which has yet to be written. Don't forget to add yourself to the group!
Run dirgroup to merge your modified group into /etc/group.
Log out, log in, have fun with your new group.
The format of a group entry is something like this:
group-name:password:group-number:user1,user2,user3, ...
See the group(5) man page for more information.
Usually people don't use passwords on groups - but it is very important not to leave that field empty (it should contain an x or a *), since an empty password means anyone is allowed to join the group using the newgrp(1) command.
All open source programs need user communities, so I've created a mailing list for dirgroup. If you have suggestions, bug reports or other contributions, please send mail to <dirgroup@molar.is>..
Archives and a subscription form are at http://www.molar.is/en/lists/dirgroup/
To install dirgroup, I recommend simply copying the script to /usr/bin, /usr/local/bin or wherever you store third-party binaries. Next you create the /etc/group.d directory and populate it with the current contents of /etc/group. Finally you modify the permissions of /etc/group and the dirgroup script to allow normal users to create and modify their own groups.
A typical installation sequence looks like this:
$ cp dirgroup /usr/bin $ mkdir /etc/group.d $ dirgroup $ chmod ugo+rwxt /etc/group.d $ chmod u+s /usr/bin/dirgroup
Optionally, you may prefer not to make dirgroup setuid root, but instead invoke it from cron every once in a while.
Note to packagers: Running dirgroup to populate /etc/group.d before assigning granting global write access to /etc/group.d is very important to protect the current group structure from race-based attacks during installation.
Users will need to log in and out or use the newgrp command to see new or modified groups.
UNIX/System_administration
dirgroup was written by Bjarni R. Einarsson <bre@klaki.net>.
This script is hereby released to the Public Domain. New versions will be put here: http://bre.klaki.net/programs/dirgroup/
newgrp(1), group(5), groupadd(8), groupdel(8), groupmod(8)