There are several significant changes to user accounts and groups this summer.  In order to complete the automation of account creations and deletions with our allocations management system, ColdFront, we will be altering all user accounts in the following ways:


1. All faculty groups will be renamed to include a prefix of "grp-"  For example, if your faculty group's current group name is smith, it will be renamed to grp-smith.



2. new accounts will be created for all users that include a private primary group.  Currently, a user's primary unix group is that of their faculty group.  This complicates file permissions when a user is in more than one faculty or course group.  It also potentially allows the access of a user's home directory by other group members, if file permissions are set incorrectly.



Why does this matter?  See the example and then the explanation below



Consider this example:

username - smith  (faculty group leader)


current group name - smith


id smith

uid=8845(smith) gid=89245(smith) groups=89245(smith),89200060(davfs2),45693(academic),89200013(pi)



home directory:  /user/smith

The ownership of this currently shows it's owned by user=smith and group=smith


project directory: /projects/academic/smith

The ownership of this currently shows it's owned by user=smith and group=smith


Step 1 of the changes happens on Tuesday, July 23:

  • Rename all faculty groups to include the grp- prefix.  
  • smith becomes grp-smith.  
  • The ownership of both the home and project directories will show group=grp-smith



Step 2 of the changes happens during the August 13-14 downtime:

  • All user accounts are recreated to include a private group for each account, named the same as the username  NOTE: depending on when your account was created, you may already have a shadow group (username=group_name)
  • Every account is added back into their faculty group account, now grp-smith
  • All home directory group ownership is changed to new private group created

id smith

uid=8845(smith) gid=8845(smith) groups=8845(smith),89245(grp-smith),89200060(davfs2),45693(academic),89200013(pi)


home directory:  /user/smith

The ownership now shows it's owned by user=smith and group=smith

NOTE: although this appears to be the same as before, the underlying group ID for the smith group is different after we create the private group


project directory: /projects/academic/smith

The ownership now shows it's owned by user=smith and group=grp-smith



How does this affect me?  Why does this matter?

The average user will find these changes to be transparent and will be completely unaffected.  However, it's important to adjust any scripts that change the group ownership of files and directories and alter these commands, if you use them.


Files in the shared project spaces should be owned by grp-your_group and new files created in the project directory will be set automatically.  Files copied to the project space will take on these group permissions, unless you specify to preserve file permissions.  However, if you move a file from somewhere else, the file permissions will be retained the original location and this will result in disk space errors.  You can change the file permissions before moving:


chgrp grp-your_group <filename>

example:

chgrp grp-smith /projects/academic/smith/myfile.txt

NOTE: You will get out of space error messages if files in your project space are group owned by your private group



After August 14, new files created in your home directory willbe owned by your private group:

chgrp your_group <filename>

example:

chgrp smith /user/smith/myfile.txt