Groups in Linux

What is a group?

A group is a collection of accounts or users in Linux that carry similar permissions or privileges. Administration of users in an enterprise level can get quite complicated and messy at times. Its always recommended not to allocate permissions and privileges in user level.

Why we need a group?

The main purpose of the groups is to define a set of privileges like read, write, or execute permission for a given resource that can be shared among the users within the group. For example, if you have 10 users with different privilege level it might be ok to manage. But, it can get quite complicated if the users go beyond 10-20 plus. Also assigning permissions to user’s individually is time consuming and redundant every time you create a new user. It also leads to security issues.

Group allow us to set permission on the group level instead of setting the permission on individual level. Users can be listed in different groups. Once you define the permissions/privileges for each group you can just add users to particular group.

There are two types of groups :

  • Primary or login group – is the group that is assigned to the files that are created by the user. Usually, the name of the primary group is the same as the name of the user. Each user must belong to exactly one primary group.
  • Secondary or supplementary group – is the group used to grant certain privileges to a set of users. A user can be a member of zero or more secondary groups.

Listing the groups:

Groups command will list all the groups currently logged in user belongs to

groups

List all groups in the system

$less /etc/groups

or

getent group

To get groups for a specific user you can use

groups user

List all the members in a group

getent group user

How to create a group?

Groups can be created using groupadd command. Note: Groups created using this command will be empty groups.

$ groupadd developers
$ groupadd operations 

You can add members to the group by using the useradd or usermod

usermod -a -G <group> <user>
$ usermod -a -G developer tom

You can directly add users to a group while creating a user

useradd -g <group> <user>
$ useradd -g developer tom

Or you can assign a user to multiple groups

$ useradd -g users -G developer,operations tom
Note: here users is primary group and developer and operations are secondary group.

Change the name of the group

$ groupmod -n operations devops

Delete a group

$ groupdel testing

To control a group you need not be member of that group. Control of group membership can be passed using gpasswd

$ gpasswd -A tom devops  

File /etc/gshadow keeps the information about the group administrators. You can view it using vi, nano, less or tail. To remove all the administrators from a group, set an empty administrator list.

$ gpasswd -A "" devops

Get snoopy and Keep Learning…!!

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *