We are getting more and more outside developers (from different clients) and are beginning to need a better strategy than adhoc adding to our server and adding to them ourcompany group (which owns everything in /var/www/ – our workspace)
And optimal solution would be to able to nest groups, so if I could @ourcompany would be all members the group @ourcompany.
ourcompany:xxx:john,joe,bob
guestcompany:xxx:guest1,guest2,@ourcompany
But that's not possible. I am toying with the idea of having a template system, where i do some simple sed stuff to get substitute and create a new /etc/group
(The reason I don't want guestcompany:xxx:guest1,guest2,john,joe,bob is because if we add or remove people from our company than someone will have to go through and make sure everything is updated, which probably could fall off the edge)
I guess the next logical step is ACLs but from my past experience is that they're somewhat a hassle to deal with, so I just wanted to see if any of you knew any other solutions that would work.
Best Answer
I'm not suggesting that you do it this way, but I've gotten around this problem by using Active Directory to manage my centralized authentication and implemented Likewise Open to authenticate my Linux machines. LWO gives a consistent UID and GID across all machines because they're based on a hash. This makes things like NFS and rsync very easy to deal with. It also solves nested groups nicely.
Are you using any sort of centralized authentication like NIS or LDAP?