Group Administration

Group Administration in Linux

The group is nothing but a collection of users using which one can reduce the administration task in the o/s environment. Groups are divided into two types.

(a)  primary group:- It is a group in which a user initially belongs in this group the user can access the resource with default permissions.

(b) Secondary group:- Apart from primary, if a user has an account in the other group i.e then it is called a secondary group to the user. --->  The group information is maintained by the two database files.

(i)  /etc/group: This file maintains group related information.

Syn: <group name>: <password placeholder> : <GID> : <members>

(ii) /etc/gshadow: This file maintains group password related information.

Syn: <group name> : <password placeholder>: <group admin> : <members>   

Groupadd: Creates a group

Syn: groupadd [options] group name

r         creates a system group

g         groupid

Ex: ---> Let’s create a group called sales #groupadd sales

• To verify the group:

#cat/etc/group/grep sales

• To add the user:

#usermod –G sales user1 #cat/etc/group/grep sales

---> To add another user to the sales group

#usermod  -G sales user2

• Now if you verify, you should see two user accounts in the last field:

#cat/etc/group/grep sales

• Another way you can verify what groups a user belongs to is to user

Syn: id [options] [username]

G        shows the GID

n         shows the name instead of the ID

u         shows the UID

Ex: #id             -Gn user1

• If the ID command is called without any options, you can also see what UID & GID the user has: # id user1

Groupmod: Modifies the properties of a group

Syn:  groupmod [options] groupname

g         groupid

n         newgroupname

---> To change the groupid:

# groupmod –g 888 sales

---> To change groupname:

#groupmod     -n <new-name>          <Existing name>

G passwd:

• Assign the password to the group:

#gpasswd <groupname>

• Adding and Removing Members t a Group:

Syn: g passwd [options] <arguments>          <groupname>  

-a	Add a single user
-M	Add multiple users
-A	Group Administrator
-d	Removing a user from a group

Ex: #g passwd –a user1 sales #g passwd –M user2, user3, user4 color #g passwd –A user3   color

Groupdel:       Deletes a group

• To removes a group:

#groupdel       <groupname>

Note:  

If the group has empty (or) secondary users you can delete the group. In case the group maintains a single primary user, then you can’t delete the group account.

Switching Accounts:

Su: Enables you to run a command as another user or switch user accounts.

• To switch accounts, use this command:

#SU      user1

• You can also login as the root user using the su command:

#su-root

* Tip:-  You can log in to the root user account using the SU command with no parameters. So what is the difference between using su and su the su command mover you into the root user’s account without initializing any of the root’s path or shell variables? When you use su -, everything is initialized as if you were logging in from the console.

User Account Initialization:  

When a user is created, everything from the /etc/skel directory is copied to the user’s newly created home directory (usually /home/ <username>).

• You can modify these “skeleton” files or can add your own custom files. The benefit here is that user creation becomes standardized, ensuring that policies are adhered to. The customizable files are broken down into two different sections:

(a) User-specific files: à After a user is created and his home directory is populated, that user can now customize those files to fit his own personal needs.

• Bashrc Defines functions and aliases
• Bash_profile Sets environment variables
• Bash_logout Defines any commands that should be executed before the users log out

(b)  Global user configuration: /etc/bashrc     Defines functions an aliases /etc/profile     sets environment variables /etc/profile.d  specifies a directory that contains scripts that are called by the /etc/profile file.

• One last file to look at is /etc/login.defs. This file control specifies relating to system-wide user logins and passwords.

#grep   -˅         ˄#        /etc/login.defs (or) #cat /etc/login.defs

Inclined to build a profession as Linux Developer? Then here is the blog post on, explore Linux Training

Group collaboration:

Group collaboration is an essential part of any business and for any system administrator who deals with users. Here we look at three key features about file directory permissions;

(a) Setuid: This flag is used to allow multiuser access à For example if you have a script that generates reports for your company, but the script must be run as user1 to succeed, you can set the setuid bit to enable other users to run this command as though they were user1

• Create a file to hold the report script:

#touch reporting- script

• Set the setuid bit:

#chmod           4755    reporting-script

(or)

#chmod           U+S      reporting-script

• Now view the permissions of the file:

#ls       -l          reporting – script

• In the file’s owner permissions, notice that there is an ‘s’ in place of the x. This shows that this file has the setuid flag set.

*Tip: à To find all setuid files: # find / -perm 4000

(b) Setgid: This flag is used to allow multi-group access. à which is similar to setuid but set at the group level instead. With this bit set, all users of the group can execute the file instead of just the user who owns it. The setgid bit allows users to collaborate on files.

Step 1:  As root, create the directory:

# mkdir /tmp/oracle

Step 2:  Create the group0 and add users to it.

# group add sales

# usermod      -G        sales    user1

# usermod      -G        sales    user2

Step 3:  Assign the permissions for collaboration:

# chown          root: sales       /tmp/oracle

#chmod           2770    /tmp/oracle

Step 4:  Verify  # ls      -ld        /tmp/oracle

• Now all members of the sales group can read/write to files within this folder. Also, notice that access to this folder is denied for anyone who isn’t a member of the sales group.

(c) sticky bit: This flag prevents accidental delete by users & groups

Step 1: Set the sticky bit on the /tmp directory:

# chmod          1777 /tmp

Step 2: Verify # ls        -ld / tmp

• For the sticky bit, there is a ‘t’ on the end of the permissions listed. Now other users are not able to delete your files; only you can.
• This feature might be helpful when you’re sharing files and there are particular files you don’t want other users to delete.

For an in-depth understanding of Linux click on

• Features of UNIX/LINUX
• Architecture of O/S
• UNIX Introduction
• Basic commands
• User Administration