Introduction
Every user who has access to a Linux system needs a login and a password. Each user must belong to a primary group and for security or access purposes can belong to several secondary groups.
The easiest way to manage users and groups is through the graphical application, User Manager (redhat-config-users). The following command line tools can also be used to manage groups:
- groupadd, groupmod, and groupdel — Industry-standard methods of adding, deleting, and modifying user groups.
- gpasswd — Industry-standard method of administering the /etc/group file.
- pwck, grpck — Tools for the verification of the password, group, and associated shadow files.
How to
Create a new group
groupadd mygroup
Add a group to a user
usermod -a -G groupName userName
where:
- a stands for append
- -G stands for supplementary group (not the primary group)
Get the groups of a user
groups oracle
oracle : oracle davfs2
The user oracle has two groups: oracle and davfs2
or
id -Gn userName
Get your groups
groups
oracle davfs2
Delete a group
[root@ebs121 /]# /usr/sbin/groupdel oinstall
groupdel: cannot remove user's primary group.
Get Group information (secondary group)
Group information is stored in /etc/group. This file can be directly edited.
Format of the file is:
- Group name
- Group password (hardly ever used)
- Group ID
- User names (separated by commas)
Each field is separated by a colon.
cat /etc/groups
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
............
gerardnico:x:500:
oinstall:x:501:
dba:x:502:applvis,oravis
Extra Information
User Private Groups
Red Hat Linux uses a user private group (UPG) scheme, which makes UNIX groups easier to manage.
A UPG is created whenever a new user is added to the system. A UPG has the same name as the user for which it was created and that user is the only member of the UPG.
UPGs makes it is safe to set default permissions for a newly created file or directory which allow both the user and that user's group to make modifications to the file or directory.
The setting which determines what permissions are applied to a newly created file or directory is called a umask and is configured in the /etc/bashrc file. Traditionally, on UNIX systems the umask is set to 022, which allows only the user who created the file or directory to make modifications. Under this scheme, all other users, including members of the creator's group are not allowed to make any modifications. However, under the UPG scheme, this “group protection” is not necessary since every user has their own private group.