NIS groups & subgroups under Linux

einheitlix · 2009-05-29 11:57:16

Hi,

I'm a systems administrator at a university chair and we manage our groups centrally through NIS. We have several kinds of machines, some running FreeBSD, others Ubuntu, and yet others Arch Linux. Our NIS server runs under FreeBSD.

Now, everyone who has an account here (students, members of the chair etc.), belongs to some NIS group (member, hiwi, bachelor, master, ...).

Now I would like to achieve the following: under a certain system, let's say an Arch machine, I would like to have that Arch recognizes something like this, for instance: "every member of the NIS group master should also be a member of local group optical". That is, every one writing his master's thesis (hence member of group master) should be able to use the dvd burner on this particular machine.
In thiis scenario it does not make sense to add a central NIS group "optical" since this is only relevant on certain machines where this group exists and makes sense. For example, under Ubuntu or FreeBSD, such a group does not even exist. Under Ubuntu the corresponding group (serving a similar purpose) is named cdrom.

Hence, besides the central NIS groups, I would like to be able to configure "local" groups that one belongs to only on certain machines. This is possible by just adding the username to /etc/group. For instance, if there is a user bob member of the central NIS group master, he will belong to the group master anywhere he logs in. If, on an Arch machine, I specify in /etc/group that user bob belongs to the group optical, then when bob logs in on the Arch machine, he belongs to the groups master and optical. On an Ubuntu machine, I can make the same entry in /etc/group specifying bob should be a member of cdrom. Then when bob logs into the Ubuntu machine, he is a member of master and of cdrom.

This does work, but I have to do it for every user I want to add to certain groups. However, I want to manage this in a much more generic way. I would like to be able to specify, on the Arch machine, something like "every member of master should be a member of optical", and on the Ubuntu machine "every member of master should be a member of cdrom", that is, some local groups would be "supergroups" of some central NIS groups.

Is this possible at all? Are there things like group hierarchies under Linux? Can I declare a "subgroup" of another group? And if not, do you see another way to solve this problem?

Actually I never heard of such a thing being possible, but it would be so handy. I got the idea when I read an Ubuntu howto about NIS:
https://help.ubuntu.com/community/SettingUpNISHowTo

I quote:

Note: A frequently asked question is how to give NIS users audio, DRI, video privileges. Simply add the user's group to video in file /etc/group

This didn't work for me and I would have wondered if it had. One cannot just add users and groups randomly to a group in /etc/group, and Linux would have to guess whether I mean a user or a group every time. Especially when there's a user and a group of the same name...

Any thoughts or ideas are welcome and much appreciated

Thanks!

Malte

Last edited by einheitlix (2009-05-29 12:06:58)

Peanut · 2009-05-29 18:13:04

Assuming that man group is up-to-date, such a feature can't be configured in /etc/group.

Perhaps someone else might provide a more thorough solution, but so far my only suggestion is to have a cron job on each machine that compares the memberlist of each NIS group (like master) with the necessary groups (eg. optical) in /etc/group, and updates the file accordingly.

Last edited by Peanut (2009-05-29 18:13:26)

Arch Linux

#1 2009-05-29 11:57:16

NIS groups & subgroups under Linux

#2 2009-05-29 18:13:04

Re: NIS groups & subgroups under Linux

Board footer