Filter
Top Products
40 Chapter 2
When a user attempts to access a directory or file the user doesn’t own, group privileges are
checked:
m First the GID of the user’s primary group is compared with the GID associated with the
directory or file. If they match, the user is granted group access privileges.
m If they do not match, NetInfo searches through the login hierarchy for a group record
with a matching GID, starting with the local domain and proceeding toward the root
domain.
If NetInfo finds a matching group record, it searches the login hierarchy to map each
short name in the group record to a UID. If the user’s UID matches one of the UIDs
found, the user is granted group access privileges.
Plan to create group and related user records in NetInfo domains accessible from any
Mac OS X computer you want the user to be able to log in to or connect to.
Avoiding Duplicate Short Names
Since short names are used to find UIDs of group members, duplicate short names can result
in file access being granted to users you hadn’t intended to give access.
Return to the example of Tony and Tom Smith, who have duplicate short names. Assume that
the administrator has created a group in the root domain to which all students belong. The
group—AllStudents—has a GID of 2017.
Tom Smith (tsmith, smitty, UID 2000)
AllStudents (tsmith, GID 2017)
/
Students Faculty
Tony’s computer
Tony Smith
(tsmith, smitty, UID 3000)
Tom ’s computer
owner 127 can: Read & Write
group 2017 can: Read only
everyone else can: None
MyDoc