lsg16.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<P>Each line in the file has four fields separated by colons. Two colons together mean that the field is empty and has no value specified. Each line in the file follows this format:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">group name:group password:group ID:users</FONT></PRE>



<P>Each group has a line of its own in the file. The fields in the /etc/group file (from left to right) are as follows:



<BR>



<UL>



<UL>



<P>The group name is a unique name, usually of eight characters or less.



<BR>



</UL></UL>



<UL>



<UL>



<P>The password field is usually left as an asterisk or blank, but a password can be assigned that a user must enter to join the group. Not all versions of Linux or UNIX use this field, and it is left in the file for backwards compatibility reasons.



<BR>



</UL></UL>



<UL>



<UL>



<P>The group ID (GID) is a unique number for each group, which is used by the operating system.



<BR>



</UL></UL>



<UL>



<UL>



<P>The users field contains a list of all user IDs that belong to that group.



<BR>



</UL></UL>



<P>Every Linux system has a number of default groups that belong to the operating system; these groups are usually called bin, mail, uucp, sys, and so on. You can see the system-dependent groups in the default /etc/group file shown previously. In that file, all but the last two entries are system groups. Never allow a user to belong to one of these groups as it gives them access permissions that can be the same as root's. Only system logins should have access to these operating system groups.



<BR>



<BR>



<A NAME="E69E119"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Understanding Default System Groups</B></FONT></CENTER></H4>



<BR>



<P>You may have noticed in the startup /etc/group file shown previously that a lot of groups are defined. These groups are used to set file permissions and access rights for many utilities. It's worth taking a quick look at some of the most important groups and their functions:



<BR>



<UL>



<UL>



<P>The root/wheel/system group is usually used to allow a user to employ the su command to gain root access. This group owns most system files.



<BR>



</UL></UL>



<UL>



<UL>



<P>The daemon group is used to own spooling directories (mail, printer, and so on).



<BR>



</UL></UL>



<UL>



<UL>



<P>The kmem group is used for programs that need to access kernel memory directly (including ps).



<BR>



</UL></UL>



<UL>



<UL>



<P>The sys group owns some system files. On some systems, this group behaves the same as kmem.



<BR>



</UL></UL>



<UL>



<UL>



<P>The tty group owns all special files dealing with terminals.



<BR>



</UL></UL>



<P>The default group for the SlackWare Linux version /etc/group file shown previously is called users and has a GID of 100. Many systems have the default group called group, as this is the standard convention on most UNIX systems.



<BR>



<BR>



<A NAME="E69E120"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Adding a Group</B></FONT></CENTER></H4>



<BR>



<P>To add a group, you can edit the information in the /etc/group file manually using any ASCII editor, or you can use a shell utility like addgroup or groupadd that does the process for you. Most system administrators find it easier to do the changes manually, as you can see the entire group file at the time you are editing it. Not all versions of Linux have an addgroup or groupadd utility.



<BR>



<P>To manually add a group to the /etc/group file, first make a backup copy of the file. Use any ASCII editor and add one line to the file for each new group you want to create. Make sure you follow the syntax of the file carefully, as incorrect entries prevent users from belonging to that group. In the following examples, two new groups have been created:



<BR>



<PRE>



<FONT COLOR="#000080">accounts::51:bill



scanner::52:yvonne</FONT></PRE>



<P>The two groups have GIDs of 51 and 52; like user IDs, the GIDs should be assigned sequentially for convenience. The users that are in the group are appended. In these cases, only one user is in each group. You see how to assign multiple users to a group in the next section. The groups do not have to be in order of GID or group name, although it's convenient to have the file ordered by GID. You can add new lines anywhere in the file.



<BR>



<P>Check the /etc/group file for file permissions and ownership after you have made changes to it. The file should be owned by root and have a group owner of root (or system, depending on the group with GID 0). The file permissions should prevent anyone but root from writing to the file.



<BR>



<BR>



<A NAME="E69E121"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Adding a User to New Groups</B></FONT></CENTER></H4>



<BR>



<P>Users can belong to many groups, in which case their user IDs should be on each group line that they belong to in the file /etc/group. Each user name on a line in the /etc/group file is separated by a comma. There is no limit to the number of users that can belong to a group in theory, but in practice the line length of the Linux system (255 characters) acts as an effective limiter. There are ways around this limit, but few systems require it.



<BR>



<P>The following excerpt from a /etc/group file shows several groups with multiple members:



<BR>



<PRE>



<FONT COLOR="#000080">accounts::52:bill,yvonne,tim,roy,root



prgming:53:bill,tim,walter,gita,phyliss,john,root



cad:54:john,doreen,root



scanner:55:john,root,tim</FONT></PRE>



<P>The user names on each line do not have to be in any particular order. Linux will search along each line to find the user names it wants.



<BR>



<P>A user can be a member of only one group at a time while logged in, so users must use the command newgrp to change between groups they are members of. The starting group a user belongs to when they log in is given by the GID field in the /etc/passwd file.



<BR>



<BR>



<A NAME="E69E122"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Deleting a Group</B></FONT></CENTER></H4>



<BR>



<P>If you decide you don't want a particular group to exist anymore, remove the group name from the /etc/group file. Also check the /etc/passwd file to see whether any users have that group ID as their startup GID, and change it to another group that they are members of. If you don't change the GIDs, the user won't be able to log in because they have no valid group membership. You should also scan the entire filesystem for files and directories that are owned by that group and change them to another group. Failure to make this change may prevent access to that file or directory. Some Linux versions have shell scripts that remove group lines from the /etc/group file for you. The utility is generally called delgroup or groupdel. Most versions of Linux don't bother with this utility.



<BR>



<BR>



<A NAME="E68E93"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Using the su Command</B></FONT></CENTER></H3>



<BR>



<P>Sometimes you will want to execute a command as another user. If you are logged in as superuser and want to create files with bill's permissions and ownership set, it is easier to log in as bill than work as root and reset all the parameters. Similarly, if you are logged in as a user and need to be superuser for a little while, you would have to log out and back in to make the change. An alternative is the su command.



<BR>



<P>The su command changes your effective user name and grants you the permissions that user name has. The su command takes the username you want to change to as an argument. For example, if you are logged in as a typical user and want to be root, you can issue the command



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">su root</FONT></PRE>



<P>and the Linux system will prompt you for the root password. If you supply it correctly, you will be root until you press Ctrl+D to log out of that account and back to where you started. Similarly, if you are logged in as root and want to be a user, you can issue the command with the user name, such as:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">su tparker</FONT></PRE>



<P>You won't be prompted for a password when changing from root to another user as you have superuser powers. When you press Ctrl+D, you are root again. If you are logged in as a normal user and want to switch to another non-root login, you have to supply the password, though.



<BR>



<BR>



<A NAME="E68E94"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Summary</B></FONT></CENTER></H3>



<BR>



<P>This chapter looked at the basics of the /etc/passwd and /etc/group files, the two files connected with user access to Linux. As you have seen, a system administrator can easily modify these simple files to add users and groups at any time. Always bear in mind that these are vital files that should be edited carefully and have their permissions checked after each edit.<A NAME="I2"></A>



<P ALIGN=LEFT>



























</td>
</tr>
</table>
<!-- begin footer information -->


</body></html>