Using Commands for Group Management

Basically, you can use three commands to manage the groups in your environment:

• groupadd: Use this to add new groups to the /etc/group file.

• groupdel: Use this to remove a group from your system.

• groupmod: Use this to change properties of an existing group.

So as you can see, group management follows the same patterns as user management. There is also some overlap. For example, you can use usermod as well as groupmod to make a user a member of some group. The basic structure for using the groupadd command is simple: groupadd somegroup, where somegroup, of course, is the name of the group you want to create. Also, the options are mainly self-explanatory; for example, it probably doesn't surprise you that you can use the option -g gid to specify the unique GID you want to use for this group. Probably just one option is difficult to understand, and that's the option -p for password. Because what on Earth would you ever need a group password for?

In the preceding section, you learned the difference between the primary group of a user and the other groups a user can be a member of. By default, a user takes advantage of all the permissions of all the groups he is a member of, but when creating a new file, the primary group will automatically become the group owner of that file (see the next chapter in this book for much more information about ownership). Now what if the user wants to create a new file but doesn't want the default primary group users to become its owner? In that case, the user can use the newgrp command to set the primary group to some other group on a temporary basis. For newgrp to work, the user needs some permissions to the group to which he wants to change. Most of the time, the user can do it, because he is listed as a member of the given group in the group configuration file /etc/group. If the user is not a member of the group, the newgroup command will prompt for a password, and that's what you might need a group password for.

The funny thing about group passwords is that you don't use groupadd -p to add this password. This is because this old option requires a password string that is already encrypted. Instead, use passwd -g groupname to add a password to a group.

Was this article helpful?

0 0

Post a comment