This tool is designed to allow users to manage their own groups.  It uses the same group management methods as the rest of the RATS tools. This script should be protected with Radius authentication as an ACL. In fact, the script can modify its own ACL when required.

Here is how it works. One of the configuration options allows you to set group superuser.  These are people who can maintain their own groups. Their configuration entry contains the groups which they are allowed to edit. A users file contains their Radius authinfo.  This users file is used by the .htaccess method to grant them access to this web form.  Once there, the users can add and remove members to the groups they are allowed to manage.  Further more then can give other users the same group changing privileges to any of the groups for which they are empowered.  The CGI script automatically maintains all the ACL's involved.

However, the super users need to be entered into the Radius ACL file by hand and this modification should be made with great care such so no file corruption may show up as the script itself tries to make changes. Your safest best (right) now is to touch the appropriate lock files as defined in the configuration file.

Note that if you ever change the name of "users" file (which as you will remember contains the Radius ACL) you must make sure to also change it in your .htaccess file.