Assigning Users to Groups

In any Unix environment, a user can be a member of two different kinds of groups: the primary group and all others. Every user must be a member of a primary group. If one user on your system does not have a primary group setting, no one will be able to log in anymore, so membership in a primary group is vital. By default, on a SUSE Linux system, all users are added to the group users. Users can be a member of more than just the primary group and will automatically have access to the rights granted to these other groups. The most important difference between a primary group and the other groups is that the primary group will automatically become a group owner of a new file a user creates. In Chapter 6, I will discuss file permissions and ownership in detail, but just to give you a short idea of how it works, I'll offer an example here.

Imagine a user has the group users set as his primary group and is also a member of the group sales. Now the user wants to create a file to which only members of the group sales have access. If he creates just a file, the default group users will become the group owner of the file, and all users who are members of this group will have access to the file. Therefore, the user needs to deploy the newgrp command to set his primary group to sales on a temporary basis. If the user creates the file after executing newgrp sales, the group sales will be the owner of that file and of all the other files the user creates until he executes newgrp users to switch the primary group setting back to users.

As you can see, group membership in a stand-alone Linux file system environment is way less sophisticated than it is in a Novell or Microsoft network environment. This sounds primitive but hardly ever causes any problems because permissions are just set at another level, such as when the user is accessing the server through a Samba share (see Chapter 15 for more on that).

You now know the relation between the primary group and the other groups of which a user is a member. In the "Managing Groups" section, you will learn how to apply this knowledge.

Was this article helpful?

0 0

Post a comment