Part-2 User and Group Administration

Part-2 Group Administration

Each user is a member of at least one group, called a primary group. In addition, a user can be a member of an unlimited number of secondary groups. Group membership can be used to control the files that a user can read and edit. For example, if three users are working on the same project you might put in the same group so they can both edit a particular file that other users cannot access.

A user’s primary group is defined in the /etc/passwd file and secondary groups are defined in the /etc/group file. The  Primary group is important because files created by this user will inherit that group affiliation.

Refer below link, For user administration;

Part1 User and Group Administration

Some Important Points related to Groups:

  • The group name and GID are stored in /etc/group.
  • Each user is given their own private group.
  • They can also be added to their groups to gain additional access.
  • All users in the group can share files that belong to the group.
  • Users are assigned to groups with unique group ID numbers (GID).

1.) Using default options create a group.

To create a group the syntax is,

#groupadd <Groupname>

[root@server1 ~]# groupadd storagegrp
[root@server1 ~]# cat /etc/group | grep storagegrp
[root@server1 ~]#

Note: To verify the group is created or not check in /etc/group file.

2.) Create a group with user specified group id(GID).

#groupadd -g <GID> <Groupname>

[root@server1 ~]# groupadd -g 1020 networkgrp
[root@server1 ~]# cat /etc/group | grep networkgrp
[root@server1 ~]#

3.) Override /etc/login.defs defaults.
When we assigning the automatic group id(GUI), it uses the GID_MIN, and GID_MAX value specified in the
/etc/login.defs file.

[root@server1 ~]# cat /etc/login.defs | egrep 'GID_MIN|GID_MAX'
GID_MIN                  1000
GID_MAX                 60000

If you want to set your own values, you can specify that using “-K” option as shown below.

#groupadd testgrp1 -K GID_MIN=8000 -K GID_MAX=8020

[root@server1 ~]# groupadd testgrp1 -K GID_MIN=8000 -K GID_MAX=8020
[root@server1 ~]# cat /etc/group | grep testgrp1
[root@server1 ~]# groupadd testgrp2 -K GID_MIN=8000 -K GID_MAX=8020
[root@server1 ~]# cat /etc/group | grep testgrp2
[root@server1 ~]#

Note: As show Example, groupadd command created the account testgrp1 and testgrp2 with group id 8000 and 8001 respectively, which is between the values 8000 – 8020 that we specified in the command line.

Modifying the Properties of the group.

To modify the group properties the syntax is;

#groupmod <option> <arguments> <groupname>

The Options are:

  • “-g”           Change the group ID to GID.
  • “-n”           Change the name to NEW_GROUP.
  • “-o”           Allow to use a duplicate (non-unique) GID.

1) Change the GID of the group.

#groupmod -g <GID> <Groupname>

[root@server1 ~]# cat /etc/group | grep testgrp1
[root@server1 ~]# groupmod -g 1021 testgrp1
[root@server1 ~]# cat /etc/group | grep testgrp1
[root@server1 ~]#

As shown above example, The GID of “testgrp1” group was 8000 and now changed to 1021 GID.

2) Change the name of the group.

#groupmod -n <New Name> <Existing Name>

[root@server1 ~]# groupmod -n Apache testgrp1
[root@server1 ~]# cat /etc/group | grep Apache
[root@server1 ~]#

As above example, The name of “testgrp1” group changed to “Apache”.

3) Allow to use duplicate GID.

#groupmod -g 1021 -o storagegrp

[root@server1 ~]# cat /etc/group | grep storagegrp
[root@server1 ~]# cat /etc/group | grep  Apache
[root@server1 ~]# groupmod -g 1021 -o storagegrp
[root@server1 ~]# cat /etc/group | grep storagegrp
[root@server1 ~]#

As Above Example, We have allow to use duplicate GID of storagegrp group.

Adding multiple users to the group with various attributes.

You can use “gpasswd” command to use to adding multiple users to a group. The syntax id;

#gpasswd <option> <arguments> <Groupname>

The Option are:

  • “-M”              Set the list of members of GROUP.
  • “-A”               Set the list of administrators for GROUP.
  • “-a”                Add USER to GROUP.
  • “-d”                Remove USER from GROUP.

1.) Add Multiple Users to the group.

#gpasswd -M <User1>,<User2>,<User3> <Groupname>

[root@server1 ~]# gpasswd -M anil,sahil,sam,amit,nagios storagegrp
[root@server1 ~]# cat /etc/group | grep storagegrp
[root@server1 ~]#

As shown above, All users are now the member of “storagegrp” group.

2) Making a user as a administrator.

#gpasswd -A <Username> <Groupname>

[root@server1 ~]# gpasswd -A anil storagegrp
[root@server1 ~]# cat /etc/gshadow | grep storagegrp
[root@server1 ~]#

Note:When an account is administrator it will show ! (Exclamation mark) in /etc/gshadow file.

3) Adding a single user using gpasswd command.

#gpasswd -a <Username> <Groupname>

[root@server1 ~]# gpasswd -a puppet storagegrp
Adding user puppet to group storagegrp
[root@server1 ~]# cat /etc/gshadow | grep storagegrp
[root@server1 ~]#

4) Remove a user from the group.

#gpasswd -d <Username> <Groupname>

[root@server1 ~]# cat /etc/gshadow | grep storagegrp
[root@server1 ~]# gpasswd -d puppet storagegrp
Removing user puppet from group storagegrp
[root@server1 ~]# cat /etc/gshadow | grep storagegrp
[root@server1 ~]#

As shown above Example, “puppet” user has been remove from “storagegrp” group.

Deleting a Group
To delete the group the syntax used is;

#groupdel <Groupname>

[root@server1 ~]# groupdel storagegrp
[root@server1 ~]# cat /etc/gshadow | grep storagegrp
[root@server1 ~]#

Also Read: Part1 User and Group Administration

Leave a Reply

1 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
1 Comment authors
Rajesh Dwivedi Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of
Rajesh Dwivedi
Rajesh Dwivedi

how we can create a multiple users with using single password for all users.