Andrew Deason wrote:
It seemed like a more logical way to organize group memberships and established relationships between groups and sub-groups. But maybe my understanding on this topic is a little off.I tend to think of groups with a colon in them as more... unofficial, or per-user/per-group. That is, they are "convenience" groups created by a user or group, and not something to be messed with by administrators, or as part of official policy ("the administrators of group0 go in group group0.admins"). Instead, they are groups like adeason:friends, for "adeason's friends", that's only really used by adeason, and only adeason controls it.
Note that the AFS Admin Guide refers to "regular" groups and "prefix-less" groups. A group like adeason:friends is called a regular group and is owned by the regular user adeason. Prefix-less groups do not have the colon and are meant to be used for groups which do not have a specific user as an owner. Those groups must be created by system:administrators. You can create a group can set the owner of the group to be itself or another group. The documentation calls the former a "self-owned" group. See, Creating Groups, http://doc.openafs.org/AdminGuide/ch14s05.html#HDRWQ545 As others have said, the term supergroups is something else. Supergroups refers to the feature where a group can be a member of group, in addition to users being members of groups. This is not yet documented in the Admin Guide.
Say I want to let everyone in 'staff' access some new tool I wrote in ~adeason/code. But I don't want to let user mmeffie (who is in 'staff') access it, because he complains about the way I drink whiskey.
Fair point. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
