Learning Objectives
By the end of this chapter, you should be able to:
- Explain why it is useful to have Linux users belong to one or more groups.
- Use utilities such as groupadd, groupdel, groupmod, and usermod to create, remove and manipulate groups and their membership.
- Describe User Private Groups.
- Explain the concept of group membership.
Groups
Where is the groups config file location?
/etc/group
Groups
Describe the components of a record in the /etc/group file.
Inside /etc/group file
groupname:password:GID:user1,user2,…
- groupname: is the name of the group
- password: is the password place holder. Group passwords may be set, but only if /etc/gshadow exists
- GID: is the group identifier. Values between 0 and 99 are for system groups. Values between 100 and GID_MIN (as defined in /etc/login.defs and usually the same as UID_MIN) are considered special. Values over GID_MIN are for UPG (User Private Groups)
- user1,user2,…: is a comma-separated list of users who are members of the group. The user need not be listed here if this group is the user’s principal group.
Group Management
What is the command to add a new group?
groupadd
$ sudo groupadd -r -g 215 staff
🚩 Be very careful with the usermod -G command; the group list that follows is the complete list of groups, not just the changes. Any supplemental groups left out will be gone! Non-destructive use should utilize the -a option, which will preserve pre-existing group memberships when adding new ones.
Group Management
What is the command to remove a group?
groupdel
$ sudo groupdel newgroup
Group Management
What is the command to modify a group and add new users?
groupmod
$ sudo groupmod -g 101 blah
Group Management
What is the command to manage a user’s group memberships?
usermod
$ sudo usermod -G student,group1,group2 student
Group Management
The group manipluation utilities modify which 2 group config files?
- groupadd
- groupdel
- groupmod
- usermod
/etc/group
/etc/gshadow (if it exists)
User Private Groups
What is a User Private Group?
The idea behind UPGs is that each user will have his or her own group.
However, UPGs are not guaranteed to be private; additional members may be added to someone’s private group in /etc/group.
By default, users whose accounts are created with useradd have: primary GID = UID and the group name is also identical to the user name.
Group Membership
A Linux user has ___ primary group; this is listed in ___ and will also be listed in ___.
- 1
- /etc/passwd
- /etc/group
Group Membership
Group membership can be identified by running either of the following commands?
- $ groups [user1 user2 …]
- $ id -Gn [user1 user2 …]
With no arguments, either command reports on the current user. Note that the default groups can differ by distribution:
On CentOs:
[student@CentOS7 ~]$ groups
student
On Ubuntu:
student@ubuntu:~$ groups
student adm cdrom sudo dip plugdev lpadmin sambashare libvirt
-
30 - User Accounts60
-
31. Group Management11
-
32. File Permissions and Ownership19
-
33. Pluggable Authentication Modules (PAM)3
-
34. Network Addresses15
-
35. Network Devices And Configuration54
-
36. Firewalls53
-
37. System Startup And Shutdown13
-
38. GRUB12
-
39. SYSTEM INIT: SYSTEMD, SYSTEMV AND UPSTART22
-
40. BACKUP AND RECOVERY METHODS58
-
41. Linux Security Modules46
-
42. Local System Security15
-
43. Basic Troubleshooting9
-
44. System Rescue9
-
man man12
