What is a group?
A group is a collection of accounts or users in Linux that carry similar permissions or privileges. Administration of users in an enterprise level can get quite complicated and messy at times. Its always recommended not to allocate permissions and privileges in user level.
Why we need a group?
The main purpose of the groups is to define a set of privileges like read, write, or execute permission for a given resource that can be shared among the users within the group. For example, if you have 10 users with different privilege level it might be ok to manage. But, it can get quite complicated if the users go beyond 10-20 plus. Also assigning permissions to user’s individually is time consuming and redundant every time you create a new user. It also leads to security issues.
Group allow us to set permission on the group level instead of setting the permission on individual level. Users can be listed in different groups. Once you define the permissions/privileges for each group you can just add users to particular group.
There are two types of groups :
- Primary or login group – is the group that is assigned to the files that are created by the user. Usually, the name of the primary group is the same as the name of the user. Each user must belong to exactly one primary group.
- Secondary or supplementary group – is the group used to grant certain privileges to a set of users. A user can be a member of zero or more secondary groups.
Listing the groups:
Groups command will list all the groups currently logged in user belongs to
List all groups in the system
To get groups for a specific user you can use
List all the members in a group
getent group user
How to create a group?
Groups can be created using
groupadd command. Note: Groups created using this command will be empty groups.
$ groupadd developers
$ groupadd operations
You can add members to the group by using the useradd or usermod
usermod -a -G <group> <user>
$ usermod -a -G developer tom
You can directly add users to a group while creating a user
useradd -g <group> <user>
$ useradd -g developer tom
Or you can assign a user to multiple groups
$ useradd -g users -G developer,operations tom
Note: here users is primary group and developer and operations are secondary group.
Change the name of the group
$ groupmod -n operations devops
Delete a group
$ groupdel testing
To control a group you need not be member of that group. Control of group membership can be passed using gpasswd
$ gpasswd -A tom devops
File /etc/gshadow keeps the information about the group administrators. You can view it using vi, nano, less or tail. To remove all the administrators from a group, set an empty administrator list.
$ gpasswd -A "" devops
Get snoopy and Keep Learning…!!