4.2. Group Management

Previous page
Table of content
Next page

4.2. Group Management

What is a group in the context of access rights? Suppose there are 1,000 users in your network, of which 500 require access to the accounting files. How can you grant these users the necessary rights? You can make an effort and grant each of the 500 users the necessary rights to the files individually and relax for a while. Now assume you have to cancel this granting of access rights. Do you fancy executing 500 commands again? Isn't there an easier way to do this? Perhaps writing a program to do this would help. Most likely, it will require as much effort, if not more, as changing each user 's rights individually.

On the other hand, you can combine all these users into a group and grant the necessary file access rights to the entire group. Afterward, should you need to deny access rights for the group, you will be able to do this with one command. Don't you think this way is much easier than setting each user's rights individually or writing a program to do this?

In Linux, all users are assigned to one group or another. If the group is not specified when a new user account is created, a new group will be created under the user's name by default.

4.2.1. Adding a Group

A new group is added to the system by the groupadd command. It looks like the following: 

 groupadd [-g gid [-o]] [-r] [-f] group_name

The following options can be specified after the command name:

  • -g gid This is the group ID. Must be a unique (unless the -o option is used) positive number. In most cases, the group ID does not have to be specified; the system automatically assigns the first smallest available value greater than 500.

  • -r This option specifies that a system group is to be created. Such groups are assigned identifiers less than 500. Unless the -g option is also given, the first available value less than 500 will be assigned.

  • -f This prevents the creation of groups that have the same name. The command exits with an error, the new group is not created, and the existing group is not altered .

If some options are omitted, their default values are used. The following are some examples of adding a group. The commands' work is explained in the comments following the # character. 

 groupadd testgroup1        # Creating a group named                            # testgroup1 with a default ID groupadd -g 506 testgroup2 # Creating a group named                            # testgroup2 with ID 506 groupadd -r testgroup3     # Creating a group named                            # testgroup3 with a default                            # system ID (less than 500)

All information about groups is added to the /etc/group file. Open this file either in Midnight Commander or by executing the cat /etc/group command in the console.

There will be the following three entries containing information about the groups added at the end of the file: 

 testgroup1:x:500: testgroup2:x:506: testgroup3:x:11:

The group name, the password, the identifier, and the user list are presented in four columns , each delimited by a colon .

No identifier was specified for testgroup1; therefore, the system assigned a default ID value. The group ID was explicitly specified for testgroup2 . Because the -r option was specified in the last command, the system assigned testgroup3 the next available default system identifier (11 in this case).

The last column (after the third colon) is empty. It is supposed to contain the user list, but it has not been formed yet.

4.2.2. Editing a Group

Group parameters can be adjusted by editing the /etc/group file directly. I, however, do not recommend this method. Use the groupmod command instead. The command takes the same options as the groupadd command, only instead of adding a new group it edits the parameters of an existing one.

4.2.3. Deleting a Group

A group can be deleted by the groupdel command executed as follows : 

 groupdel group_name

Before deleting a group, you have to change the owners of all files pertaining to the group; otherwise , only the administrator will be able to access these files.

A group also cannot be deleted if it has users. Consequently, all group users must be removed from the group before the group itself can be deleted.


Previous page
Table of content
Next page
Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141
Authors: Michael Flenov
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Qshell for iSeries
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Microsoft WSH and VBScript Programming for the Absolute Beginner
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy