Who Needs What? Managing Groups

Groups are the easy way to handle the "need-to-know" issues that always crop up when dealing with users on a network. Create a group when there is a set of people who need to have similar permission to work on particular files or directories.

As with users, there are two types of groups in SUSE Linux: Local and System. Generally speaking, Local groups are composed of real-life users, and System groups are for managing applications and their files.

Every user on a SUSE Linux system is assigned to the Users group, so common permissions can be set up for everyone. By default, all users are also assigned to the Dialout and Video groups, although this can be changed in YaST.

Adding Groups

Adding a new Local group to your system is very much like adding a user. From the YaST Security and Users section, choose Edit and Create Groups. You can also come to this page directly from the Edit and Create Users page by clicking the option button. On this page, you will see the existing Local groups (by default, just the Users group). Click Set Filter and then click System Groups to look at those groups instead.

To define a group of writers on this system, click Add to display the screen shown in Figure 19.4.

Figure 19.4. Adding a Writers group.

Note

When you are working with Group Administration in YaST, you are actually editing the /etc/group file that stores information about groups on the system. YaST also backs up the old file (as /etc/group.YaST2save) when it makes changes, so you can revert to the old file if you need to.

In addition to YaST, the SuperUser can use several commands to manage groups: groupadd (to add a group), groupdel (to delete a group), gpasswd (to set a group password), and grpck (to check /etc/group for typos) are among the most commonly used.

You can also edit this file directly (as the SuperUser). Back up the file first, as YaST does, and run grpck afterward.

This process is straightforward. The only thing you have to do is to name the group and identify its members from the list of local and system users on the right. If you want to set a group password for extra security, define that here as well. YaST sets the default Group ID (GID) number starting at 1000. You can change this, but there's no real need to.

When you have checked the box of the members of the group, click Next to create the group and return to the main page. You should see the Writers group on the list of Local Groups, along with its membership. You can add and remove members through this screen, and also through the User screen.

Note

Because the User and Group Administration tools share the same page, the Expert Options button appears in both. Except for the Write Changes Now option, nothing here really applies to groups. Use Write Changes Now if you are switching to the User Administration page before leaving YaST.

Click Finish to confirm your changes and close this window. Now you can choose to restrict some files and directories to the Writers group by assigning those files and directories to the Writers group and setting appropriate permissions.