groups on Panther--what is the default setup?

Discussion in 'Apple' started by James Meiss, Mar 1, 2005.

  1. James Meiss

    James Meiss Guest

    I just realized that on my powerbook with 10.3.8 there are groups for
    each user name. So I have username "me" say, and I am a member of the
    group "me" as well. This seems very strange. There are groups for each
    of the users I created on this 'book with their usernames.

    On my desktop (10.3.8 too), there is a group "staff" which I am a member
    of. There is no group "me".

    I have no idea about how the powerbook got set up that way--but isn't it
    wrong? How could this have happened?

    I can't seem to add myself to the group staff. I though this would be
    done in "NetInfo Manager" but adding my name to the staff group (and
    even logging out and in) doesn't seem to work. My understanding is that
    /etc/group also is meaningless.

    So how to I add myself to the staff group, and get rid of the "me" group?
     
    James Meiss, Mar 1, 2005
    #1
    1. Advertisements

  2. No, it's not wrong.

    Panther apparently defaults to the setup where each user is put
    in a group of the same name.

    However, if you upgrade--or archive and install--then your
    previous setup is preserved, in particular the pre-Panther ones
    where there was an overall group 'staff'.

    Indeed I have the reverse situation: I have the reverse
    situation. My Porwerbook was upgraded from 10.1 and 10.2, and I
    have the global staff group. My iMac came with Panther installed
    and (after creating the users) the individual groups.

    On the machine with the individual groups, I added myself to
    staff using Netinfo...I think.

    --Ettore
     
    Ettore Aldrovandi, Mar 1, 2005
    #2
    1. Advertisements

  3. Try SharePoints <http://www.hornware.com/sharepoints/>.
     
    Neill Massello, Mar 1, 2005
    #3
  4. James Meiss

    James Meiss Guest

    Thanks. That works well. It also shows me what the correct format for
    adding users to groups is in NetInfo. It wasn't obvious (at least to me).
     
    James Meiss, Mar 1, 2005
    #4
  5. James Meiss

    James Meiss Guest

    Very strange. It seems to me to defeat the whole purpose of groups if
    each user is simply put in a new group.

    Anyway, thanks for explaining this.
     
    James Meiss, Mar 1, 2005
    #5
  6. I tend to agree. On the other hand, there's probably some merit
    in it. I forget who exactly started this, I think it was Red Hat?
    Anyway, the argument was that if users needed to collaborate or
    whatever, then specific groups could be created for the
    purpose. The counter-argument would be then that users would
    default to make their files world-writable, thus defeating the
    purpose of groups--and permissions--as you say.

    This is users' sociology, and I don't know enough to have an
    opinion on what really happens.

    Others have jumped on on this: Debian, FreeBSD, if I'm not
    mistaken. I seem to remember OpenBSD offers this setup as an
    option. (I have an OpenBSD box as my firewall-router-DNS, and I
    don't have that setup, so I must have opted out.) I don't think
    the commercial Unices do this, as far as I know.
    You're welcome.
     
    Ettore Aldrovandi, Mar 1, 2005
    #6
  7. James Meiss

    Simon Slavin Guest

    One of those computers had a fresh installtion of OS X 10.3. The
    other one was updated from an earlier version of the OS.
    1. It's right.
    2. It's done to make up for a problem with rights which Unix doesn't
    deal with very well.
    3. Leave it alone.
    4. Don't mess with groups you didn't create. The system will expect
    to find them the way it left them and you'll get it all confused.
    The 'staff' group on some computers is equivalent to having an admin
    account. Just check to see that your accounts do or don't have admin
    status as you require. Let the 'staff' group take care of itself.

    Simon.
     
    Simon Slavin, Mar 3, 2005
    #7
  8. That's definitely something that remains to be seen. Getting
    better or perhaps more granular access control is more complex
    than just patching things up with individual user groups.
    Why not? Adding people to groups is not "messing" with the
    groups. Where do we find that we are not supposed to add users to
    the group staff?
    What sort of admin account? Staff on some system has the ability
    to 'su' to root. So do members of the "wheel" group. Note that on
    Panther member of the "admin" group can run anything via sudo,
    including getting a root shell, which you wouldn't be able to do
    using 'su' if the root account is disabled (as per default). So,
    what's the harm in being member of the 'staff' group?
     
    Ettore Aldrovandi, Mar 4, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.