[aklug] Re: group environment configuration?

From: Marc Grober <marc@interak.com>
Date: Thu Mar 11 2010 - 12:14:44 AKST

We are mixing several issues up....
For those who may not know, all *ix provide the ability to create groups and
populate same with users. Unfortunately, this is pretty crude and typically
amounts to population of one flat file (while there are lots of web resources on
this, here's a simple one:
http://www.cyberciti.biz/faq/understanding-etcgroup-file/)
Some unix also provide extended acl tools (acl being the acronym for access
control list). See e.g.
http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html

*ix typically do not provide much in the way of GUI tools to manage group access
to resources comparable to MMC and MS-Active Directory. There are lots of reason
to explain this, but they are really only german here in that this is an area
that has been getting more attention as Windows users look at linux admin tools.
There are quite a few commercial tools, largely building on extending security
management to the enterprise, but few free/open apps. An example of a linux gui
acl tool can be found here: http://rofi.roger-ferrer.org/eiciel/ for an example
of a GUI ACL linux editor

WHile ldap is a "lightweight" access protocol, managing ldap can be hugely
confusing, just ask anyone who has tried to implement ldap for group management
on Suse. There is some discussion about tools for ubuntu ldap here:
http://ubuntuforums.org/showthread.php?t=317227

The kicker here is that it is one thing to assign perms or create acls, and
another thing to make use of them. The easier bit is to simply provide or deny
access to a resource based on bits, but to be more proactive (i.e. pop up a
window to such and such a resource based upon the user being a member of such
and such a group) requires some extensive scripting that cases out this or that
based on environment and membership. As I have mentioned, webmin can be an
ecxcellent framework to explore such, but as far as I know there is nothing free
in a can ready to go... if there were your employer wouldn't need YOU - lol

-- Binary/unsupported file stripped by Ecartis --
-- Type: application/pkcs7-signature
-- File: smime.p7s
-- Desc: S/MIME Cryptographic Signature

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Mar 11 12:14:18 2010

This archive was generated by hypermail 2.1.8 : Thu Mar 11 2010 - 12:14:18 AKST