setting up private groups

R

radish

Registered
here is the situation. i have networked several offices together using the afp and i have them all sharing information with each other and also they have their own password protected folder plus a public shared folder on an Xserve.

what i want to do is make each office department there own group. so that each group can share information internally but the only way for groups to share information is if they deposit in a group drop box on the xserve.

what i have managed to do this to an extent with the afp but it doesnt stop people coonecteing to another computer and tranferring data to it's drop box. so i will need to disable guest access between groups aswell. it would be even better if none of the groups could see each other on the network.

i have heard about share points but i was kind off hoping that there was built in functionality in osx. netinfo maybe? or maybe switching protocols?

thank you
 
I don't think there's really anything you can do to stop people sharing information they have access to - you have to trust your users at some point. Or am I misunderstanding what you're trying to do?

That said, you can make groups for each department and add users to the groups appropriately.

Unfortunately, I don't have access to OS X server to look at the management tools there, and netinfo manager in plain old OS X has a truly sucky interface (for shame, Apple). Anyway, you can create new groups in netinfo manager; the 'name' and 'gid' values need to be unique - you have to check that yourself (sucky interface) - and then the 'users' value should just be a list of user account names (not uids) of the users in that department. Check, say, the appserverusr group for an example of the format.

The low numbered gids seem to be reserved for server/infrastructure stuff, and the automatically created groups that the OS makes for each user start at 501 and count up (same numbers as the corresponding users' uids). gids are unsigned 32 bit integers, so the range is theoretically from 0 to 4,294,967,295 - should be lots of room at the high end for you to make stuff that won't get in the way of the OS.

Change the group ownership of a department's folder to be that department's group, and edit owner/group/world permissions accordingly. For folders that really belong to the whole department, the user ownership should maybe be root, or else that department's IT-honcho-in-charge, if there is one. If you make it an arbitrary user in that department, they could change the permissions to something you probably don't want...

Hopefully this helps you out.
 
You must log in or register to reply here.
Back
Top