How to Create and Manage Groups with Workgroup Manager in Lion Server - dummies

How to Create and Manage Groups with Workgroup Manager in Lion Server

By John Rizzo

Although the number of options and settings are fewer creating a group account in Lion Servrer with Workgroup Manager is much the same as creating, editing and deleting a user account. Group accounts contain one or more user or group accounts. Group accounts that are members of another group are nested accounts.

Create group accounts in Lion Server

To create a new group account with Workgroup Manager, follow these steps:

  1. Click the lock icon on the right side of the Workgroup Manager window and enter the username and password of the directory administrator in the dialog; click the Authenticate button.

  2. Select the Groups tab just below the globe icon and then click the New Group icon in the toolbar.

    A new group is created, named Untitled 1. If Untitled 1 already exists, the new group is Untitled 2, and so on.


  3. In the Basic tab, enter the group’s name in the Name field.

    A short name is generated automatically.

    The group ID (GID) is generated automatically based on the first available number higher than 1025 — the first GID used for regular directory accounts.

    The Basic tab includes a field to enter a picture path, used to set a custom picture to identify this group. You can use the Comment field for human-readable comments regarding this group account.

  4. Add users and groups to the group membership by clicking the Members tab at right and then the Add (+) button.

    A users and groups drawer slides out the side of the Workgroup Manager window. Users are shown under a User icon (a single silhouetted figure) and groups under a Group icon (three silhouetted figures).


  5. Drag user and group accounts to the Members tab to add them to the new group.

    To remove a user or group, click the account name in the Members tab and then click the Delete (–) button.

Like a user account, a group can have its own auto-mounting folder on a share point. The process is like assigning a home folder to a user, except that you select Groups on the left. Where the users screen has a Home Folder tab on the right, the groups screen has a Group Folder tab.

When you set the share point and folder, group members can access the shared folder as well as save and edit content, subject to permissions set for the shared folder.

When you select a share point for a group folder, you must specify an owner of the folder. Click the ellipsis (. . .) button next to the short name to select a user to be the group folder’s owner. This can be a member of the group or an administrator. The owner can create, edit, or delete any file or folder in the group folder.

Edit and delete group accounts in Lion Server

Although you can’t change the short names of user accounts, you can modify any aspect of a group account within Workgroup Manager. Simply access an existing group account in the same way that you would for a new account.

The group ID (GID) shouldn’t be changed after a group is created. The GID is tied to file permissions and resources in Lion Server; changing it may have unintended consequences, making data and resources unavailable to users.

Group accounts can’t be disabled like user accounts; however, removing all members of a group effectively disables anyone from accessing the group resources. To permanently remove a group, do the following:

  1. Click the Groups tab just below the globe icon and then select the group to be deleted in the list of accounts.

  2. Click the Delete icon in the toolbar and then confirm the deletion of the group account by clicking Delete in the dialog that appears.

Files in shared folders created by deleted groups remain on the server. However, data such as blogs, wikis, and group calendars in other services is removed from the server when the group account is deleted.