The easiest way to manage users and groups is through the graphical application, User Manager (redhat-config-users). The following command line tools can also be used to manage groups:
- groupadd, groupmod, and groupdel — Industry-standard methods of adding, deleting, and modifying user groups.
- gpasswd — Industry-standard method of administering the /etc/group file.
- pwck, grpck — Tools for the verification of the password, group, and associated shadow files.
Create a new group
Add a group to a user
usermod -a -G groupName userName
- a stands for append
- -G stands for supplementary group (not the primary group)
Get the groups of a user
oracle : oracle davfs2
The user oracle has two groups: oracle and davfs2
id -Gn userName
Get your groups
Delete a group
[root@ebs121 /]# /usr/sbin/groupdel oinstall groupdel: cannot remove user's primary group.
Get Group information (secondary group)
Group information is stored in /etc/group. This file can be directly edited.
Format of the file is:
- Group name
- Group password (hardly ever used)
- Group ID
- User names (separated by commas)
Each field is separated by a colon.
root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp ............ gerardnico:x:500: oinstall:x:501: dba:x:502:applvis,oravis
User Private Groups
Red Hat Linux uses a user private group (UPG) scheme, which makes UNIX groups easier to manage.
A UPG is created whenever a new user is added to the system. A UPG has the same name as the user for which it was created and that user is the only member of the UPG.
UPGs makes it is safe to set default permissions for a newly created file or directory which allow both the user and that user's group to make modifications to the file or directory.
The setting which determines what permissions are applied to a newly created file or directory is called a umask and is configured in the /etc/bashrc file. Traditionally, on UNIX systems the umask is set to 022, which allows only the user who created the file or directory to make modifications. Under this scheme, all other users, including members of the creator's group are not allowed to make any modifications. However, under the UPG scheme, this “group protection” is not necessary since every user has their own private group.