I am maybe a bit behind schedule here, but since there has been so
much discussion about groups, I think I ought to tell about how we
(University of Oslo, Norway) have solved our group-problem.
Our main system consists of ~400 Unix-machines (clients and servers)
including 8 different Unix-flavors and ~12.000 users. YP (NIS) is used
to maintain information about users, groups netgroups and so on.
(YP-groups are appended/merged with the local groupfile on all our
hosts at given intervals to make logins go faster, you really gain som
speed by doing this!)
- is there an other way to get that many users in one group ?
Yes there is.
The University has software agreements maintained by user group
membership -- a user who is for instance member of group wpwin can
install Word Perfect for Windows on his PC. With a lot of PCs around,
the length limit of the group line soon became a problem fo us. The
solution was to split the affected groups in several lines, each
shorter than 1024 characters.
NB: The clue here is how you do that! You change the name of the group
in the extra line, but you do NOT change the gid:
mygroup:*:4711:user1,user2,user3,user4,user7,[...],user129,user130,user131
mygroup1:*:4711:user132,user133,user134,user135,[...],user198,user199,user200
[...]
mygroup6:*:4711:user734,user735,user736,user737,[...],user800,user801,user802
This way you can have a pritty large amount of group members. (We do
not generate user-names like the ones abowe ;-)
This solution has caused us no problems, whit our different Unix-types
(AIX, Digital UNIX, HP-UX, IRIX, Linux, Solaris, SunOS, not even for
EP-IX and Unisoft UNIX, I think :-) or PC-NFS or Ethershare. We have
been using this implementation for a more than a year now.
To administrate the large number of groups and the even larger number
of members we have implemented a distributed edgroup facility to make
it possible for more remote IT-persons to administrate their own
groups:
> edgroup
Welcome to the YP-group modification program (version 1.4)
Password for meh: Thanks
OK
The following commands are accepted:
lall list lali lmod add rem newg addm remm help
lall Lists ALL group names with a short explanation.
list group LIST members of a <group>.
lali Lists all ALIases (whith members).
lmod group Lists MODerators for <group>.
add user1 user2 ... group ADD User to <group>.
rem user1 user2 ... group REMove User from <group>.
newg domain name Make a new group in <domain>. Named <domain><name>
addm user group ADD Moderator for <group>.
remm user group REMove Moderator for <group>.
help Prints this help text.
Send complaints/bugs to: meh_at_usit.uio.no
> q
Morten
Received on Fri Jun 16 1995 - 17:30:24 NZST