Permissions on UCSCNT and Jellylorum
DRAFT

We describe the permissions for normal and password protected unit directories.  We also list the membership of local groups in the UCSCNT domain and on jellylorum itself.

ACL for normal unit directory

In order to use www.ucsc.edu, every web author is a user in the UCSCNT domain.  Each web user typically belongs to the following groups: Question: why are web users in the Domain Users group, rather than in the Domain Guests, or Guests, or Local Users, or Users groups?  I guess I don't understand the subtle differences between these.  Could the Domain Users group be listed within the webuser group?

Typically, each unit directory has the following ACL:

User/group Permission
jellylorum\iusr_jellylorum read
unit group change
system full
webadmin full

ACL for password protected unit directory

To set up a password protected unit directory (so that you need to furnish a password to browse pages in that directory), I set up a restricted user in the UCSCNT domain which belongs only to the groups: This user is not part of any unit group, so it doesn't have any write privileges.  The protected unit directory has the following ACL:
User/group name Permission
restricted user read
unit group change
system full
webadmin full

The restricted user has local access to jellylorum, as has iusr_jellylorum.  The difference being that iusr_jellylorum has a random password (that no one knows), while the restricted user has a password that is shared by several (many) people.

Problem: when people browse protected pages, they are in the system as the restricted user, so they can no longer read the unprotected pages.  I need to add some other group to enable them to read unprotected pages.

Groups in the UCSCNT domain and on Jellylorum


Here are how the groups are setup in the UCSCNT domain, and on Jellylorum:
 

Local groups
Group name UCSCNT Jellylorum
Account Operators Domain Admins G 
webadmin G		 Group does not exist
Administrators Administrator U 
Domain Admins G 
joebob U 
rjones U 
stmc U 
tdorset U		 Administrator U 
UCSCNT\Domain Admins G 
UCSCNT\tdorset U
Backup Operators jacques U 
tdorset U		  
Guests Domain Guests G Guest U 
IUSR_JELLYLORUM U 
IWAM_JELLYLORUM U 
UCSCNT\Domain Guests G
Local Users Domain Admins G Group does not exist
MTS Trusted Impersonator Group does not exist IWAM_JELLYLORUM U
Print Operators   Group does not exist
Power Users Group does not exist  
Replicator    
Server Operators Administrator U 
joebob U 
Operator U 
rjones U 
webadmin G		 Group does not exist
Users Administrator U 
ericg U 
joebob U 
stmc U		  
wss ericg U 
peterm U 
stmc U		 Group does not exist
Global groups in UCSCNT domain
Group type Group name Members
Domain groups Domain Admins Administrator
jacques
joebob
rjones
stmc
tdorset
Domain Guests Guest
Domain Users Administrator
All UCSCNT users except Guest
Unit groups avcue galen
laporte
banner-manual lrose
njmiller
finaff njmiller
housing caroldh
jimryan
mikawa
myk
shkirby
twjordan
matman jrscott
lrose
sldamon
steveg
mbest Administrator ?
joebob
skadota
mdn anderso
mbolle
opers allens
jfusari
kdgivens
mmajeski
rosewood
srclabue
sunnyboy
osp dmriggs
wfclark
pio ericg
jamacken
jar
jrburns
jsalesin
piodev jrburns
jsalesin
planbudg galen
ppmanual galen
stars bongo
summer summers
testunit jar
peterm
rosewood
testuser
toplevel galen
idris
jamacken
jrburns
jsalesin
ldjaffe
tammyh
tour ericg
galen
jamacken
jar
jrburns
jsalesin
Other web groups webadmin Administrator
jacques
joebob
stmc
tdorset
webmaster
webuser everyone in a unit group
Other groups authors-cats
CATS-WS
coordadmin
instructors
Kerr
KERR-Instructors
kerrlab
KerrPC Lab
thumbsup		 members not listed here