Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Managing Groups

The process of managing groups includes creating new groups, modifying existing groups, and deleting groups. These operations require the privilege provided by the root account.

Managing groups can also include the process of adding a user to a group or removing a user from a group. Typically, these operations require the privilege provided by the root account, but if group administrators are created, then a group administrator can also perform these tasks for specific groups.

Creating Groups

Create a new group by using the groupadd command, like so:

root@onecoursesource:~# groupadd -g 5000 payroll
root@onecoursesource:~# tail -1 /etc/group
payroll:x:5000:

Modifying Groups

The most typical change an administrator would make to a group, besides adding and removing members, is to change the group name. The reason for this change may be because the original name isn’t descriptive enough, so another name would be better.

To change a group’s name, use the groupmod command with the -n option, as shown here:

root@onecoursesource:~# tail -1 /etc/group
payroll:x:5000:
root@onecoursesource:~# groupmod -n payables payroll
root@onecoursesource:~# tail -1 /etc/group
payables:x:5000:

Deleting Groups

Deleting a group is accomplished by executing the groupdel command. However, before deleting a group, the administrator should search the filesystem for all files owned by the group and change the ownership to another group. If this step isn’t taken, then files owned by that group end up being owned just by the GID of the group, making group permissions worthless. Here’s an example:

root@onecoursesource:~# ls -l /tmp/example
-rw-r--r-- 1 root payables 0 Sep 15 16:07 /tmp/example
root@onecoursesource:~# groupdel payables
root@onecoursesource:~# ls -l /tmp/example
-rw-r--r-- 1 root 5000 0 Sep 15 16:07 /tmp/example

See Figure 6-4 for information on how to search for files by group ownership.

Figure 6-4

Figure 6-4 Text Support™—How to Find a File by Group Ownership and Change the Ownership

Adding Users to Groups

The -G option to the usermod command is used to add a user to a group. However, be careful because by default this option will override existing group membership. Here’s an example:

root@onecoursesource:~# id student
uid=1002(student) gid=1002(student)
groups=1002(student),60(games),1001(ocs)
root@onecoursesource:~# usermod -G adm student
root@onecoursesource:~# id student
uid=1002(student) gid=1002(student) groups=1002(student),4(adm)

To add a user to a group while maintaining the user’s current group membership, use the -a option in conjunction with the -G option:

root@onecoursesource:~# id student
uid=1002(student) gid=1002(student)
groups=1002(student),60(games),1001(ocs)
root@onecoursesource:~# usermod -G adm -a student
root@onecoursesource:~# id student
uid=1002(student) gid=1002(student)
groups=1002(student),4(adm),60(games),1001(ocs)

Group Administrators

By default, the only person who can add or remove users from a group is the person who is logged in as the root user. To allow a user to manage a group, you need to add them as a group administrator by using the -A option to the gpasswd command:

root@onecoursesource:~# grep games /etc/gshadow
games:::student
root@onecoursesource:~# gpasswd -A student games
root@onecoursesource:~# grep games /etc/gshadow
games::student:student

Now the student user can add users to the games group by using the -a option to the gpasswd command:

student@onecoursesource:~$ gpasswd -a bo games
Adding user bo to group games
student@onecoursesource:~$ grep games /etc/group
games:x:60:student,bo

Using the -d option to the gpasswd command, the student user can remove users from the games group:

student@onecoursesource:~$ grep games /etc/group
games:x:60:student,bo
student@onecoursesource:~$ gpasswd -d bo games
Removing user bo from group games
student@onecoursesource:~$ grep games /etc/group
games:x:60:student
  • + Share This
  • 🔖 Save To Your Account