Group Administration in Linux
The group is nothing but a collection of users using which one can reduce the administration task in the o/s environment. Groups are divided into two types.
(a) primary group:- It is a group in which a user initially belongs in this group the user can access the resource with default permissions.
(b) Secondary group:- Apart from primary, if a user has an account in the other group i.e then it is called a secondary group to the user. ---> The group information is maintained by the two database files.
(i) /etc/group: This file maintains group related information.
Syn: <group name>: <password placeholder> : <GID> : <members>
(ii) /etc/gshadow: This file maintains group password related information.
Syn: <group name> : <password placeholder>: <group admin> : <members>
Groupadd: Creates a group
Syn: groupadd [options] group name
r creates a system group
Ex: ---> Let’s create a group called sales #groupadd sales
- To verify the group:
- To add the user:
#usermod –G sales user1 #cat/etc/group/grep sales
---> To add another user to the sales group
#usermod -G sales user2
- Now if you verify, you should see two user accounts in the last field:
- Another way you can verify what groups a user belongs to is to user
Syn: id [options] [username]
G shows the GID
n shows the name instead of the ID
u shows the UID
Ex: #id -Gn user1
- If the ID command is called without any options, you can also see what UID & GID the user has: # id user1
Groupmod: Modifies the properties of a group
Syn: groupmod [options] groupname
---> To change the groupid:
# groupmod –g 888 sales
---> To change groupname:
#groupmod -n <new-name> <Existing name>
- Assign the password to the group:
- Adding and Removing Members t a Group:
Syn: g passwd [options] <arguments> <groupname>
|-a||Add a single user|
|-M||Add multiple users|
|-d||Removing a user from a group|
Ex: #g passwd –a user1 sales #g passwd –M user2, user3, user4 color #g passwd –A user3 color
Groupdel: Deletes a group
- To removes a group:
If the group has empty (or) secondary users you can delete the group. In case the group maintains a single primary user, then you can’t delete the group account.
Su: Enables you to run a command as another user or switch user accounts.
- To switch accounts, use this command:
- You can also login as the root user using the su command:
* Tip:- You can log in to the root user account using the SU command with no parameters. So what is the difference between using su and su the su command mover you into the root user’s account without initializing any of the root’s path or shell variables? When you use su -, everything is initialized as if you were logging in from the console.
User Account Initialization:
When a user is created, everything from the /etc/skel directory is copied to the user’s newly created home directory (usually /home/ <username>).
- You can modify these “skeleton” files or can add your own custom files. The benefit here is that user creation becomes standardized, ensuring that policies are adhered to. The customizable files are broken down into two different sections:
(a) User-specific files: à After a user is created and his home directory is populated, that user can now customize those files to fit his own personal needs.
- Bashrc Defines functions and aliases
- Bash_profile Sets environment variables
- Bash_logout Defines any commands that should be executed before the users log out
(b) Global user configuration: /etc/bashrc Defines functions an aliases /etc/profile sets environment variables /etc/profile.d specifies a directory that contains scripts that are called by the /etc/profile file.
- One last file to look at is /etc/login.defs. This file control specifies relating to system-wide user logins and passwords.
#grep -˅ ˄# /etc/login.defs (or) #cat /etc/login.defs
Inclined to build a profession as Linux Developer? Then here is the blog post on, explore Linux Training
Group collaboration is an essential part of any business and for any system administrator who deals with users. Here we look at three key features about file directory permissions;
(a) Setuid: This flag is used to allow multiuser access à For example if you have a script that generates reports for your company, but the script must be run as user1 to succeed, you can set the setuid bit to enable other users to run this command as though they were user1
- Create a file to hold the report script:
#touch reporting- script
- Set the setuid bit:
#chmod 4755 reporting-script
#chmod U+S reporting-script
- Now view the permissions of the file:
#ls -l reporting – script
- In the file’s owner permissions, notice that there is an ‘s’ in place of the x. This shows that this file has the setuid flag set.
*Tip: à To find all setuid files: # find / -perm 4000
(b) Setgid: This flag is used to allow multi-group access. à which is similar to setuid but set at the group level instead. With this bit set, all users of the group can execute the file instead of just the user who owns it. The setgid bit allows users to collaborate on files.
Step 1: As root, create the directory:
# mkdir /tmp/oracle
Step 2: Create the group0 and add users to it.
# group add sales
# usermod -G sales user1
# usermod -G sales user2
Step 3: Assign the permissions for collaboration:
# chown root: sales /tmp/oracle
#chmod 2770 /tmp/oracle
Step 4: Verify # ls -ld /tmp/oracle
- Now all members of the sales group can read/write to files within this folder. Also, notice that access to this folder is denied for anyone who isn’t a member of the sales group.
(c) sticky bit: This flag prevents accidental delete by users & groups
Step 1: Set the sticky bit on the /tmp directory:
# chmod 1777 /tmp
Step 2: Verify # ls -ld / tmp
- For the sticky bit, there is a ‘t’ on the end of the permissions listed. Now other users are not able to delete your files; only you can.
- This feature might be helpful when you’re sharing files and there are particular files you don’t want other users to delete.
For an in-depth understanding of Linux click on