Part-2 User and Group Administration

Part-2 Group Administration

Each user is a member of at least one group, called a primary group. In addition, a user can be a member of an unlimited number of secondary groups. Group membership can be used to control the files that a user can read and edit. For example, if three users are working on the same project you might put in the same group so they can both edit a particular file that other users cannot access.

A user’s primary group is defined in the /etc/passwd file and secondary groups are defined in the /etc/group file. The  Primary group is important because files created by this user will inherit that group affiliation.

Refer below link, For user administration;

Part1 User and Group Administration

Some Important Points related to Groups:

  • The group name and GID are stored in /etc/group.
  • Each user is given their own private group.
  • They can also be added to their groups to gain additional access.
  • All users in the group can share files that belong to the group.
  • Users are assigned to groups with unique group ID numbers (GID).

1.) Using default options create a group.

To create a group the syntax is,

#groupadd <Groupname>

[[email protected] ~]# groupadd storagegrp
[[email protected] ~]# cat /etc/group | grep storagegrp
storagegrp:x:1014:
[[email protected] ~]#

Note: To verify the group is created or not check in /etc/group file.

2.) Create a group with user specified group id(GID).

#groupadd -g <GID> <Groupname>

[[email protected] ~]# groupadd -g 1020 networkgrp
[[email protected] ~]# cat /etc/group | grep networkgrp
networkgrp:x:1020:
[[email protected] ~]#

3.) Override /etc/login.defs defaults.
When we assigning the automatic group id(GUI), it uses the GID_MIN, and GID_MAX value specified in the
/etc/login.defs file.

[[email protected] ~]# cat /etc/login.defs | egrep 'GID_MIN|GID_MAX'
GID_MIN                  1000
GID_MAX                 60000

If you want to set your own values, you can specify that using “-K” option as shown below.

#groupadd testgrp1 -K GID_MIN=8000 -K GID_MAX=8020

[[email protected] ~]# groupadd testgrp1 -K GID_MIN=8000 -K GID_MAX=8020
[[email protected] ~]# cat /etc/group | grep testgrp1
testgrp1:x:8000:
[[email protected] ~]# groupadd testgrp2 -K GID_MIN=8000 -K GID_MAX=8020
[[email protected] ~]# cat /etc/group | grep testgrp2
testgrp2:x:8001:
[[email protected] ~]#

Note: As show Example, groupadd command created the account testgrp1 and testgrp2 with group id 8000 and 8001 respectively, which is between the values 8000 – 8020 that we specified in the command line.

Modifying the Properties of the group.

To modify the group properties the syntax is;

#groupmod <option> <arguments> <groupname>

The Options are:

  • “-g”           Change the group ID to GID.
  • “-n”           Change the name to NEW_GROUP.
  • “-o”           Allow to use a duplicate (non-unique) GID.

1) Change the GID of the group.

#groupmod -g <GID> <Groupname>

[[email protected] ~]# cat /etc/group | grep testgrp1
testgrp1:x:8000:
[[email protected] ~]# groupmod -g 1021 testgrp1
[[email protected] ~]# cat /etc/group | grep testgrp1
testgrp1:x:1021:
[[email protected] ~]#

As shown above example, The GID of “testgrp1” group was 8000 and now changed to 1021 GID.

2) Change the name of the group.

#groupmod -n <New Name> <Existing Name>

[[email protected] ~]# groupmod -n Apache testgrp1
[[email protected] ~]# cat /etc/group | grep Apache
Apache:x:1021:
[[email protected] ~]#

As above example, The name of “testgrp1” group changed to “Apache”.

3) Allow to use duplicate GID.

#groupmod -g 1021 -o storagegrp

[[email protected] ~]# cat /etc/group | grep storagegrp
storagegrp:x:1014:
[[email protected] ~]# cat /etc/group | grep  Apache
Apache:x:1021:
[[email protected] ~]# groupmod -g 1021 -o storagegrp
[[email protected] ~]# cat /etc/group | grep storagegrp
storagegrp:x:1021:
[[email protected] ~]#

As Above Example, We have allow to use duplicate GID of storagegrp group.

Adding multiple users to the group with various attributes.

You can use “gpasswd” command to use to adding multiple users to a group. The syntax id;

#gpasswd <option> <arguments> <Groupname>

The Option are:

  • “-M”              Set the list of members of GROUP.
  • “-A”               Set the list of administrators for GROUP.
  • “-a”                Add USER to GROUP.
  • “-d”                Remove USER from GROUP.

1.) Add Multiple Users to the group.

#gpasswd -M <User1>,<User2>,<User3> <Groupname>

[[email protected] ~]# gpasswd -M anil,sahil,sam,amit,nagios storagegrp
[[email protected] ~]# cat /etc/group | grep storagegrp
storagegrp:x:1021:anil,sahil,sam,amit,nagios
[[email protected] ~]#

As shown above, All users are now the member of “storagegrp” group.

2) Making a user as a administrator.

#gpasswd -A <Username> <Groupname>

[[email protected] ~]# gpasswd -A anil storagegrp
[[email protected] ~]# cat /etc/gshadow | grep storagegrp
storagegrp:!:anil:anil,sahil,sam,amit,nagios
[[email protected] ~]#

Note:When an account is administrator it will show ! (Exclamation mark) in /etc/gshadow file.

3) Adding a single user using gpasswd command.

#gpasswd -a <Username> <Groupname>

[[email protected] ~]# gpasswd -a puppet storagegrp
Adding user puppet to group storagegrp
[[email protected] ~]# cat /etc/gshadow | grep storagegrp
storagegrp:!:anil:anil,sahil,sam,amit,nagios,puppet
[[email protected] ~]#

4) Remove a user from the group.

#gpasswd -d <Username> <Groupname>

[[email protected] ~]# cat /etc/gshadow | grep storagegrp
storagegrp:!:anil:anil,sahil,sam,amit,nagios,puppet
[[email protected] ~]# gpasswd -d puppet storagegrp
Removing user puppet from group storagegrp
[[email protected] ~]# cat /etc/gshadow | grep storagegrp
storagegrp:!:anil:anil,sahil,sam,amit,nagios
[[email protected] ~]#

As shown above Example, “puppet” user has been remove from “storagegrp” group.

Deleting a Group
To delete the group the syntax used is;

#groupdel <Groupname>

[[email protected] ~]# groupdel storagegrp
[[email protected] ~]# cat /etc/gshadow | grep storagegrp
[[email protected] ~]#

Also Read: Part1 User and Group Administration

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Rajesh Dwivedi Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Rajesh Dwivedi
Guest
Rajesh Dwivedi

Hii,
how we can create a multiple users with using single password for all users.

Thanks