• USA : +1 973 910 5725
  • INDIA: +91 905 291 3388
  • info@tekslate.com
  • Login

Group Administration

 Group Administration in Linux

Group is nothing but collection of users using which one can reduce the administration task in the o/s environment.

Groups are divided into two types.

(a)  primary group:- It is a group in which a user initially belongs in this group the user can access the resource with default permissions.

(b) Secondary group:–  Apart from primary, if a user have an account in the other group i.e then it is called as secondary group to the user.

—>  The group information maintained by the two database fiels.

(i)  /etc/group: This file maintains group related information.

Syn: <group name>: <password placeholder> : <GID> : <members>

(ii) /etc/gshadow: This file maintains group password related information.

Syn:  <group name> : <password placeholder>: <group admin> : <members>

   Groupadd:   Creates a group

Syn: groupadd [options] group name

-r         creates a system group

-g         groupid

Ex: —> Let’s create a group called sales

#groupadd sales

  • To verify the group:

#cat/etc/group/grep sales

  • To add the user:

#usermod –G sales user1

#cat/etc/group/grep sales

—> To add another user to the sales group

#usermod  -G sales user2

  • Now if you verify, you should see two user accounts in the last field:

#cat/etc/group/grep sales

  • Another way you can verify what groups a user belongs to is to user

Syn:  id [options] [username]

-G        shows the GID

-n         shows the name instead of the ID

-u         shows the UID

Ex: #id             -Gn user1

  • If the ID command is called without any options, you can also see what UID & GID the user has: # id user1

Groupmod:   Modifies the properties of a group

Syn:  groupmod [options] groupname

-g         groupid

-n         newgroupname

—> To change the groupid:

# groupmod –g 888 sales

—> To change groupname:

#groupmod     -n <new-name>          <Existing name>

G passwd:

  • Assign the password to the group:

#gpasswd <groupname>

  • Adding and Removing Members t a Group:

Syn: g passwd [options] <arguments>          <groupname>

 

-aAdd single user
-MAdd multible users
-AGroup Administrator
-dRemoving a user from group

 

 

Ex:        #g passwd –a user1 sales

#g passwd –M user2, user3, user4 color

#g passwd –A user3   color

Groupdel:       Deletes a group

  • To removes a group:

#groupdel       <groupname>

Note:  If the group has empty (or) secondary users you can delete the group . In case the group maintains single primary user, then you can’t delete the group account.

Switching Accounts:

Su:       Enables you to run a command as another user or switch user accounts.

  • To switch accounts, use this command:

#SU      user1

  • You can also login as the root user using the su command:

#su-root

* Tip:-  You can log in to the root user account using the SU command with no parameters. So what is the difference between using su and su the su command mover you into the root user’s account without initializing any of root’s path or shell variables. When you use su -, everything is initialized as if you were logging in from the console.

User Account Initialization:  When a user is created, everything from the /etc/skel directory is copied to the user’s  newly created home directory (usually /home/ <username>).

  • You can modify these “skeleton” files or can add your own custom files. The benefit here is that user creation becomes standardized, ensuring that policies are adhered to. The customizable files are broken down into two different sections:

(a) User-specific files:

à After a user is created and his home directory is populated, that user can now customize those files to fit his own personal needs.

  • Bashrc Defines functions and aliases
  • Bash_profile Sets environment variables
  • Bash_logout Defines any commands that should be executed before the users log out

(b)  Global user configuration:

/etc/bashrc     Defines functions an aliases

/etc/profile     sets environment variables

/etc/profile.d  specifies a directory that contains scripts that are called by the /etc/profile file.

  • One last file to look at is /etc/login.defs. This file controls specifies relating to system wide user logins and passwords.

#grep   -˅         ˄#        /etc/login.defs

(or)

#cat /etc/login.defs

Learn more about Linux Interview Questions in this blog post. 
Interested in mastering Linux ? Check out this blog post to learn more Linux Training Videos

Group collaboration:

Group collaboration is an essential part of any business and for any system administrator who deals with users. Here we look at three key features about file an directory permissions;

(a) Setuid: This flag is used to allow multiuser access

à For example, if you have a script that generates reports for your company, but the script must be run as user1 to succeed, you can set the setuid bit to enable other users to run this command as through they were user1

  • Create a file to hold the report script:

#touch reporting- script

  • Set the setuid bit:

#chmod           4755    reporting-script

(or)

#chmod           U+S      reporting-script

  • Now view the permissions of the file:

#ls       -l          reporting – script

  • In the file’s owner permissions, notice that there is an ‘s’ in in place of the x. This shows that this file has the setuid flag set.

*Tip:         à To find all setuid files:

# find / -perm 4000

(b) Setgid:  This flag is used to allow multi group access.

à which is similar to setuid but set at the group level instead. With this bit set, all users of the group are able to execute the file instead of just the user who owns it. The setgid bit allows users to collaborate on files.

Step 1)As root, create the directory:

# mkdir /tmp/oracle

Step 2):  Create the group0 and add users to it.

# group add sales

# usermod      -G        sales    user1

# usermod      -G        sales    user2

Step 3):           Assign the permissions for collaboration:

# chown          root: sales       /tmp/oracle

#chmod           2770    /tmp/oracle

Step 4):           Verify  # ls      -ld        /tmp/oracle

  • Now all members of the sales group are able to read / write to files within this folder. Also, notice that access to this folder is denied for anyone who isn’t a members of the sales group.

(c) sticky bit:  This flag prevents accidental delete by users & groups

Step 1) :          Set the sticky bit on the /tmp directory:

# chmod          1777 /tmp

Step 2):           Verify # ls        -ld / tmp

  • For the sticky bit, there is a ‘t’ on the end of the permissions listed. Now other users are not able to delete your files; only you can.
  • This feature might be helpful when you’re sharing files and there are particular files you don’t want other users to delete.

For indepth understanding of Linux click on

Summary
Review Date
Reviewed Item
Group Administration
Author Rating
5

“At TekSlate, we are trying to create high quality tutorials and articles, if you think any information is incorrect or want to add anything to the article, please feel free to get in touch with us at info@tekslate.com, we will update the article in 24 hours.”

0 Responses on Group Administration"

    Leave a Message

    Your email address will not be published. Required fields are marked *

    Site Disclaimer, Copyright © 2016 - All Rights Reserved.

    Support


    Please leave a message and we'll get back to you soon.

    I agree to be contacted via e-mail.