As an instructional aid, project leaders may designate TAs to lead smaller groups of project members. This is accomplished by creating a group, and designating the TA as the leader of that group. A project group is a lot like a unix group, and in fact unix groups is the mechanism used to protect members of one group from members of another group on Emulab nodes. For each group created, a new unix group is created, and the members of the group added. When a group member starts an experiment, he/she indicates the group in the Begin Experiment form. All of the nodes in the experiment will have user accounts built for only those members of the group. In this way, multiple groups of a project can work independently, and be protected from each other via the generally well understood unix group protection mechanism.
As a convenience, all new projects are created with one new group, termed the default group. All project members are in the default group, and as its name implies, whenever the group is left unspecified in a form, it defaults to the default group (this allows you to create a project without any additional groups at all; new members join the default group, new experiments are created in the default group, etc.).
Subgroup is used to refer to a group in a project which is not the default group.
As project leader (proj_root or group_root in the default group),
you may create and destroy subgroups, and add or remove project members from any
subgroup. You can also edit the personal information for group members, and
begin and terminate experiments in any group. You have root access on every
experiment node in any group in your project.
You can make yourself the leader of new subgroups, but more
typically you would designate someone else to lead a subgroup.
A project leader has full control over a subgroup regardless of whether he
is a leader, or even member of that subgroup (in fact, it may be desirable to
not be a member of subgroups, since subgroup membership means your home
directory will be available on nodes on experiments in that subgroup.)
To create a subgroup, simply go to the Project Information link at your left, and look for the "Create New Group" link, or go to the Create New Group page directly. Once you have created a subgroup, you can edit its membership by clicking on the "Edit" option in the group information page.
As group leader (group_root) in your group,
you may approve new user applications to join your group,
as well as remove users from your group. You may bestow
group_root, local_root, or user
privileges on other users in your group.
You may begin and terminate experiments in your group, and have
root access on experiment nodes in your group.
If you are a TA managing a subgroup, you can have new Emulab users
Join your subgroup by telling them to go to the Join Project link at your
left, and specifying the name of your subgroup where it asks for a group
name. You will receive an email message for each person that applies
to join your subgroup. To approve (or deny) membership in your subgroup, use
the New User
Approval link. If the user who wishes to join your subgroup is
not already a member of the project, approving them to join your
group will automatically add them to the project, with user
permissions in the default group.
Note: There is no mechanism to join multiple subgroups via a single web form, however, once you have joined one group in a project, you may submit group join requests multiple times to join other Project groups.
Note: Only the project leader may give users group_root in
the default group.
As Local Root (local_root) in a group, you
may not alter the membership of the group in any way. However, you may begin
and terminate group experiments, and have root access on experiment nodes in your
group.
As a user (user) in a group, you may not alter group membership
or begin and terminate group experiments. You may, however, log into nodes
in group experiments, without root access.
These are some important security issues to keep in mind:
project_root,
group_root, or local_root) permissions to a user
in the default group and user permissions in a
subgroup, as it can result in an unintentional breach of privacy.
Consider this example: User Joe has local_root
permissions in the default group, and user permissions in
a subgroup. Another user Bob is in
the same subgroup as Joe, and since Joe has user permissions, it was
probably intended that Joe would not be able to read Bob's files. Joe
now creates an experiment, specifying the default group in the web
form. The nodes in Joe's experiment would get NFS mounts for all of
the members in the project (including Bob), and since Joe has local_root
permission in the default group, would be granted root access on his
nodes. Joe can now access the files of all members of the project,
including Bob. The correct approach is to specify user permissions
in the default group, and either user or local_root in the subgroup
(depending on whether subgroup members are mutually trust each other
and need to create experiments).
For example, if Joe has group_root permissions in one
subgroup, and user permissions in a second subgroup, and there is
another user Bob who is in both subgroups, then Joe can access Bob's
files when creating an experiment in one of the subgroups, but not the
other. If Joe is really not supposed to access Bob's files, then Joe
should not have group_root permission in a subgroup that contains Bob.
| User | User may log into machines in your experiments. |
| Local Root | User may create/destroy experiments in your project and has root privileges on machines in your experiments. |
| Group Root | In addition to Local Root privileges, user may also approve new group members and modify user info for other users within the group. This level of trust is typically given only to TAs and the like. |