As an instructional aid, project leaders may designate TAs to lead small groups of project members. This is accomplished by creating a group (sometimes referred to as a "subgroup"), and designating the TA as the leader of the group. A project group is a lot like a unix group, and in fact unix groups is the mechanism used to protect members of one group from members of another group on Emulab nodes. For each group created, a new unix group is created, and the members of the group added. When a group member starts an experiment, he/she indicates the group in the Begin Experiment form. All of the nodes in the experiment will have user accounts built for only those members of the group. In this way, multiple subgroups of a project can work independently, and be protected from each other via the generally well understood unix group protection mechanism.
As a convenience, all new projects are created with one new group, termed the default group. All project members are in the default group, and as its name implies, whenever the group is left unspecified in a form, it defaults to the project group (this allows you to create a project without any sub groups at all; new members join the default group, new experiments are created in the default group, etc.).
As project leader, you may create and destroy subgroups, and add or remove project members from your groups. You are automatically a member of new groups you create; even though you are not the designated leader of the group, you still retain all of the same permissions that you have as project leader, within the group. This means that you can terminate experiments that have been created within the group, and edit the personal information for group members. To create a group, simply go to the Project Information link at your left, and look for the "Create New Group" link, or go to the Create New Group page directly. Once you have created a group, you can edit the members of the group by clicking on the "Edit" option in the group information page.
As group leader, you may approve new user applications to join your group. You may also create and destroy experiments created within the group. If you are a TA managing a group, you can have new Emulab users Join your group by telling them to go to the Join Project link at your left, and specifying the name of your group where it asks for a group name. You will receive an email message for each person that applies to join your group. To approve (or deny) membership in your group, use the New User Approval link. If the user who wishes to join your group is already a member of the project, then the project leader must add them to your group. In other words, there is no mechanism to join multiple groups via a web form; the Project Leader must do it on the Edit Group page.
These are some important security issues to keep in mind:
You have the following choices for Trust:
| ||User||-||User may log into machines in your experiments|
| ||Local Root||-||User may create/destroy experiments in your project and has root privileges on machines in your experiments|
| ||Group Root||-||In addition to Local Root privileges, user may also approve new group members and modify user info for other users within the group. This level of trust is typically given only to TAs and the like.|