Working with Group Settings

Group settings identify the groups a user belongs to. In Workgroup Manager, use the Group Settings pane in the user’s account to work with group settings.

For information about how to administer group accounts, see Chapter 5, “Setting Up Group Accounts.”

Choosing a User’s Primary Group

A primary group is the fastest way to determine whether a user has group permissions for a file. The primary group ID is used by the file system when the user accesses a file that he or she doesn’t own. The file system checks the file’s group permissions, and if the primary group ID of the user matches the ID of the group associated with the file, the user inherits group access permissions.

Important: Don’t rely on primary group membership when assigning file permissions. Although you can make a primary group a hierarchical group or a parent of hierarchical groups, the file permissions for the primary group do not propagate. If a user’s primary group is a hierarchical group or the parent of a hierarchical group, the user is granted file permissions only for the primary group.

If the user does not belong to other groups, the user belongs to the primary group. If a user selects a different workgroup at login, the user still retains access permissions from the primary group.

The primary group ID should be a unique string of digits. By default, the primary group ID is 20 (which identifies the group as “staff”), but you can change it. The maximum value for a group ID is 2,147,483,647.

Use Workgroup Manager to define the primary group ID of an account stored in an Open Directory domain, the local directory domain, or other read/write directory domain. You can also use Workgroup Manager to review the primary group information for any directory domain accessible from the server you’re using.

To set a primary group ID using Workgroup Manager:

1In Workgroup Manager, click Accounts.

2Select the user account you want to work with.

To select the account, click the globe icon, choose the directory domain where the account resides, and then select the user account in the accounts list.

3To authenticate, click the lock and enter the name and password of a directory domain administrator.

4Click Groups and then edit or review the Primary Group ID field.

Chapter 4 Setting Up User Accounts

77

Page 76 Page 78
Page 77
Image 77
Apple 10.5 Leapard manual Working with Group Settings, Choosing a User’s Primary Group
Page 76 Page 78
Top Page Image Contents