View Single Post
  #3   (View Single Post)  
Old 8th October 2009
Greg_Morgan Greg_Morgan is offline
Port Guard
 
Join Date: May 2009
Posts: 13
Default

TerryP,

Thanks for your detailed reply.

Could you please elaborate the best practices that I need to follow when using the said groups and login classes?

(aka) Supplementary questions:
From your explanations, this is what I infer. Please confirm if I understood it right.

a) The purpose of a group is to assemble a set of users and treat them as a block. Such grouping facilitates permission setting, as it can be maintenance intensive to list &/or update rights of each user individually.

b) The purpose definition as to what a group (say US_employess) can and cannot do are special connotations that a sysadmin/owner attaches to that name.

c) The group called "users" does not have any special task association. All users of the system can be part of this group.

d) The groups staff & operators have special task functions/uses. Hence, when I need to add an user to my system, I need not include them into these groups. Said another way, most users who have accounts on my system should not belong to these groups.

e) It is a good idea to not put newbies in the staff group. (The least no. of groups that they are, it is good.)

f) In a corporate environment, the people who are designated to work on backups etc. only should be part of the group called operators. In a home setup, users who are likely to mount & unmount flash drives, cd-roms should belong to this group.

g) Login class is a super governor that sets resource limits as detailed in login.conf.

Thanks again for taking the time to explain things to a newbie. I appreciate it.

Regards,
gm
Reply With Quote