This tutorial explains Linux group management in detail with practical examples. Learn the differences between primary group and secondary group and how to create new group, change group name, change GID and delete group step by step.
In Linux there are two types of group; primary group and secondary group. Primary group is also known as private group. Primary group is compulsory. Every user must be a member of a primary group and there can be only one primary group for each member. Secondary group is optional. As per requirement, a user can be added in a single secondary group or in multiple secondary groups.
Historically, Linux used to add new users in a group that represents their general category such as administrators, students, sales, developer, etc. To enhance the file system security, this convention was later replaced by a more secure convention. In new convention, new user is added in its own personal group. Let’s understand it in more detail.
Each file in Linux has default group permission. Whenever a user creates file, default group permission automatically applies on it.
In classic convention, since multiple users belong to same group, the group members automatically get group permission on each other’s files. For example, there are three users in students group; John, Sandy and Carla. Default group permission is read. Now let’s suppose, user John creates a new file. Since the user Sandy and Carla belong to John’s group, they automatically get read permission on John’s file. Form security’s point of view, this default behavior is not good. So, later it was replaced by a new convention.
In new convention, each user belongs to its own private group and by default in private group no other members are added. For example, for three users; John, Sandy and Carla Linux creates three separate groups; John, Sandy and Carla and adds each user in its own group respectively. Since each private group contains only owner as member, default group permission can’t be abused. In new convention the user Sandy and Carla don’t belong to John’s private group; therefore they will not be able to read the file created by John.
If require, we can create secondary group to allow members to access each other’s files. For example, if we want to allow user John and Sandy to access certain files, we can create a secondary group and add both users in that group. Later we can configure the security settings of those files for that group. Same way if we want to allow user John and Carla to access another set of files, we can create another secondary group and can add both users in that group.
This tutorial is the sixth part of the tutorial “Linux user and group management step by step explained with practical examples”. The other parts of this tutorial are following: –
This tutorial is the first part of the article. It explains what a user account is and how it is managed in the Linux system.
This tutorial is the second part of article. It explains the /etc/passwd file and how it is formatted in detail.
This tutorial is the third part of article. It explains the /etc/shadow file and how it is formatted in detail.
This tutorial is the fourth part of the article. It explains how to create users in Linux at command prompt step by step.
This tutorial is the fifth part of the article. It explains how to modify user’s attributes with 15+ practical examples.
Managing groups mainly involves three tasks; creating groups, modifying groups and deleting groups. To perform these operations, following commands are used.
|groupadd||Adds a new group|
|groupmod||Modifies an existing group’s attributes.|
|groupdel||Deletes an existing group|
Let’s understand each operation in detail with examples.
Adding a new group
To add a new group, access root shell and run following command.
Replace groupname with your group name. For example to create a new group named rhcestudent, use following command: –
By default Linux picks the next available GID in sequence. For example, if currently used GID is 1000 then new group will get GID 1001.
To use a custom GID, we have to specify it with –g option. For example, following command will create a new group named rhcegroup with GID 5000.
#groupadd –g 5000 rhcegroup
Following figure shows both examples.
Verifying the creation of group
Group information is stored in the file /etc/group. In this file, information of each group is stored in an individual line.
Just like existing entries, new group\’s information is stored in an individual line at end of the existing lines.
We can use tail command to view the specific number of lines from a file. Above we added two groups, to verify their creation we can use following command.
#tail -2 /etc/group
This command will display last two lines form the file /etc/group. Alternative we can also use grep command
to get the detail of specific group. For example, following command will display information of the group rhcegroup.
#grep rhcegroup /etc/group
Following figure shows above commands with output.
Modifying group attributes
To change the group name, use following command: –
#groupmod –n [New Group Name] [Old Group Name]
For example, following command changes the group name rhcegroup to group name rhcelab.
#groupmod –n rhcelab rhcegroup
Just like group name, we can also change GID of group. To change it, use following command: –
#groupmod –g [New Group GID] [Group Name]
For example, following command changes GID of the group rhcegroup to 7000.
#groupmod –g 7000 rhcegroup
Following figure shows above commands with output.
Deleting or removing group
To delete a group, use following command: –
#groupdel [Group Name]
For example, following command delete group rhcegroup.
Following figure shows above operation.
That’s all this part. In next part, we will learn how to manage user’s password. If you like this tutorial, please don’t forget to share it through you favorite social platform.
Full Version EX300 Dumps
Try EX300 Dumps Demo