| Essentially, a group is nothing more than a list of users or other groups. Nevertheless, groups are used as a means to organize access to file and folder permissions, share points, Web sites, email groups, and managed workgroup settings. Mac OS X Server can also utilize nested groups, allowing groups to contain other groups. This section discusses initial group configuration; the next section covers adding users to group lists. We discuss implementation of groups in specific services in future chapters. To create a group 1. | In Workgroup Manager, click the Accounts icon in the Toolbar and click the Group tab in the account types tab (Figure 4.36).
Figure 4.36. Click the Accounts icon and the Group tab in Workgroup Manager. 
| 2. | Click the directory authentication icon, and select the appropriate directory database from the pop-up menu.
| 3. | Click New Group to populate the information in the Members frame with a new untitled group (Figure 4.37).
Figure 4.37. Create a new group and all the associated fields. 
| 4. | Enter a new group name (long name), short name, group ID, path to the image (the image will then appear in the window, and comment (Figure 4.38).
Figure 4.38. Add group information, such as the group name, short name, group ID, picture path, and comments. 
Using the automatically generated Group ID setting is usually acceptable. It's good practice to keep the long and short names the same.
| | | 5. | Click the plus button next to the Members list.
A user drawer appears to one side of the main Workgroup Manager window (Figure 4.39).
Figure 4.39. When you click the plus button, a user drawer appears to one side of the main Workgroup Manager window. 
| 6. | Click and drag a user account or list of users or groups from the user and/or group list to the Members field (Figure 4.40).
Figure 4.40. Drag users from the users drawer into the members field in Workgroup Manager. 
| 7. | When you've finished making changes, click Save.
|
 Tip
What Is a Primary Group? Every user belongs to at least one group: their primary group. The default primary group for all users on Mac OS X Server is the Staff group (the Staff Group ID is 20). However, you can specify any group as a user's primary group in the user's Groups settings in Workgroup Manager. You can't remove the user from the primary group's membership. You can, however, change the user's primary group, which removes them from the previous primary group. The primary group is used to facilitate group membership lookups. Instead of having to iterate all of the group records to determine if a user is a member of a group, the system only has to look to the user's own user record. |
Assigning group folders Just as a user can have a home folder, a group can have a group folder. The group folder is used as a common access point for all members of that group. Group folders aren't required for remote login access or any other services; they're convenient locations for shared files. However, group folders must reside inside a share point that your client computers can access. Refer to Chapter 5 for more information about configuring share points. To assign a group folder 1. | In Workgroup Manager, navigate to the appropriate directory and group list that you wish to have a group folder and click the Group Folder tab.
| 2. | Select the share point where the group folder will reside by doing one of the following:
- If this server has been configured with network mount share points such as sharing the Group folder, select one of those shares from the list (Figure 4.41). (If not, see the task "To create additional network mounts" in Chapter 5.)
Figure 4.41. Click the Group Folder tab and select a group folder location from the network mount list or... 
- Click the plus button to open the dialog to specify a custom share point in the mount points window that appears. You must specify the server's address, the share point, and the client's mount point (Figure 4.42).
Figure 4.42. ...click the plus button to specify the server's address, the share point, and the client's mount point. 
| | | 3. | To specify an owner for the group folder, click the ellipsis button next to the Owner Name field.
A user drawer appears to one side of the main Workgroup Manager window (Figure 4.43).
Figure 4.43. When you click the ellipsis button, a user drawer appears to one side of the main Workgroup Manager window. 
| 4. | Click and drag a user account from the user list to the Owner Name field (Figure 4.44).
Figure 4.44. Drag a user account to the Owner Name field. 
| 5. | When you've finished making changes, click Save.
The group folder will automatically be created overnight on the server, provided the server is left running.
|
Tips You can force the server to create the group folder immediately by entering the following command in the Terminal: sudo creategroupfolder. You can use command-line tools to enable disk usage quotas per group account. See the section "Setting disk quotas via the command line" for more information. To delete group members, click the account in the Members list, and then click the Delete button. You can add groups to other groups by dragging one group into the other group and saving the changes. Administrative users are automatically placed in the Admin group user list.
Adding groups to users You may find it easier to manage groups by adding groups to users. However, it's important to understand that groups are only lists of user accounts. In Workgroup Manager, when you add a group to a user account, the system is actually adding the user account to that group's user list. This simulation of adding groups to users is another convenience provided by Mac OS X Server. To add a group to a user 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, and click the Groups tab (Figure 4.45).
Figure 4.45. Select the user or users you want to add to a group and click the Groups tab. 
| 2. | Click the directory authentication icon, and select the appropriate directory database from the pop-up menu.
| 3. | Click the plus button next to the Other Groups list (Figure 4.46).
Figure 4.46. Clicking the plus button opens a group drawer to one side of the main Workgroup Manager window. 
A group drawer appears to one side of the main Workgroup Manager window.
| | | 4. | Click and drag a group or list of groups from the group list to the Other Groups field (Figure 4.47).
Figure 4.47. Drag a group or list of groups to the Other Groups field. 
You can also click Show Inherited Groups to see any groups that your user may also be a member of by the fact that the initial group chosen may be part of another group (Figure 4.48).
Figure 4.48. Clicking Show Inherited Groups shows all inherited groups for that user or users. 
| 5. | When you've finished making changes, click Save.
|
Tips To delete group memberships, click the group in the Other Groups list, and then click Delete, which appears as a minus icon. You can show the system groups by selecting View > Show System Users & Groups in Workgroup Manager.
|
