Manualshelf

Group Membership Expansion: Guidelines for Deployment

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
1234567
3
is then frozen for the lifetime of the process. This value is inherited across exec() calls, but not across
fork() calls.
Deployment scenario
The following example shows how group membership expansion is useful in a business context.
Suppose that a company has many sales offices, each having a number of sales representatives. The
representatives within an office share data among themselves and protect it from other users based on
group membership. Each of the sales representatives has a user account that is a member of a group
named after the representatives’ sales office.
If Jones, Lewis, and Dhali worked out of a Milwaukee sales office of a company with additional
offices in Chicago and Madison, a portion of the /etc/group file might look like this:
Figure 1. Excerpt from the /etc/group file
chicago::185:smith,rolls,chang,burke,kafer,zenda,jbkaiser
milwaukee::186:jones,lewis,dhali,jbkaiser
madison::187:bucky,lenin,fiske,carty,jbkaiser
File permissions are established so that the file owner and members of the group can read and write
the files, but others are excluded from access. A listing of the files in a directory following this scheme
might look like this:
Figure 2. Excerpt from a directory listing
-rw-rw---- 1 smith chicago 92160 May 1 11:00 plist.chi
-rw-rw---- 1 bucky madison 51200 May 2 13:18 plist.mad
-rw-rw---- 1 jones milwaukee 181280 May 2 13:07 plist.mil
The vice president, Kaiser, could gain access to all of the files belonging to all of the sales offices by
becoming a member of all of the groups. In a large company, the vice president might need to
manage several dozen sales offices.
There are other file-sharing and protection models along this line where the limit of 20 groups per
user is too restrictive.
Installing group membership expansion
The code to enable the group membership expansion enhancement is available as a set of patches in
Update 3 to HP-UX 11i v3.
Updating the HP-UX core
All of the files needed to update the HP-UX core for groups expansion are installed as a consequence
of installing the patch PHKL_38095. A reboot is required following installation. Installing the