Advanced Group Management
Advanced Group Management
As you ve seen, each user account belongs to a primary group (specified in the /etc/passwd file) and can be assigned to other groups during the account creation or whenever necessary. Groups are useful when setting permissions on files or directories. You ve already seen how to create groups and manage group membership via the Red Hat User Manager; now you ll perform some similar tasks , and more, with the command line. The commands in the following subsections will directly affect /etc/groups .
Creating Groups via the Command Line
You need to be logged in as root to create a new group from the command line. The command is groupadd , followed by the group name :
# groupadd editors Optionally, you can specify the GID, like this:
# groupadd -g 1973 editors For further information, you can browse the manual page by executing man groupadd from a terminal.
Managing Group Membership from the Command Line
From the command line and with the appropriate permissions, even ordinary users can administer groups and decide which users belong to them. This authorization comes from root, via the gpasswd command:
# gpasswd -a eziodm authors Adding user eziodm to group authors # gpasswd -A eziodm authors
The first command uses the -a option to ensure the eziodm account is added to the authors group. The second command uses the -A option to grant eziodm the administration rights for the authors group.
Now, the eziodm user account is permitted to add new users to the authors group, like this:
$ gpasswd -a markm authors Adding user markm to group authors
He can also remove users from that group:
$ gpasswd -d deepakt authors Removing user deepakt from group authors Revoking a User s Permission to Manage Membership of a Group
Finally, you can see what happens when root revokes administration rights for eziodm. This can be done by passing an empty list to the -A option:
# gpasswd -A '' authors To test that this command has indeed revoked eziodm s right to manage the authors group, we can switch users to eziodm and use that account context to try to reinsert deepakt as a member of the authors group:
# su - eziodm $ gpasswd -a deepakt authors Permission denied.
As you can see, eziodm no longer has the rights to add members to the authors group.
If you want to find out something more about gpasswd , you can check its manual page with man gpasswd at your shell prompt.
| Note | When you add new members to a group, or remove members from a group, your changes are not visible until the next login, either via su “ or by logging out completely and logging back in. If you use su “ followed by your account name (or even newgrp followed by a group you ve just been given access to), only commands you type in that shell (for example, id ) will be affected by the new membership. |
Deleting Groups
It is advisable to delete a group only when it doesn t contain any members. It is possible to delete secondary groups with user accounts still associated to it. Moreover, deleting a group (just like deleting a user account) could leave stale files whose group no longer exists. You can run the following command periodically as root on your system, to identify these files:
# find / -nouser o nogroup From there, you can reassign these files to valid users or groups.
To delete a group via the User Manager GUI utility, you need to select the group and click the Delete button.
| Caution | Beware: The group is deleted immediately, and without confirmation . |
Deleting Groups via the Command Line
From the command line, as root, use the groupdel command followed by the group name:
# groupdel authors Just like the graphical tool, groupdel will not ask for confirmation.
You can check the manual page for this command via man groupdel .
EAN: 2147483647
Pages: 170