/etc/group Defines the default system group entries for system groups that support some system-wide tasks, such as printing, network administration, or electronic mail. Many of these groups have corresponding entries in the /etc/passwd file. Because most of the linux systems use a UPG scheme, a new entry is automatically created in /etc/group when a new user is added. The group name is the same as the username.
Interpreting an /etc/group File Entry
This picture below provides an example of a default /etc/group file entry. Each entry in the /etc/group file contains four fields. A colon separates each field. The following is the format for an entry:
Each entry in the /etc/group file contains four fields: The description and requirement for each field are as follows:
|groupname||Contains the name assigned to the group.|
|group-password (x)||x in this field indicates that shadow passwords are used.|
|GID||Contains the group’s GID number.|
|username-list||List of users that are members of the group|
Each group can have multiple users. Users can also belong to more than one group. The GID stored in the user’s entry in /etc/passwd is the user’s primary group.
Group Account Administration
1. Use the groupadd command to add a group account:
# groupadd [options] group_name
Example: To add a user (tom) to a group (students):
# gpasswd –a tom students
2. Use the groupmod command to modify a group account:
# groupmod [options] group_name
3. Use the gpasswd command to administer group accounts:
# gpasswd [options] group_name
4. Use the groupdel command to delete a group account. The syntax is:
# groupdel group_name
You can remove groups even if there are members in the group. You cannot remove the primary group of any existing user. You must remove the user before removing the group.
5. Use the gpasswd command to administer /etc/group and /etc/gshadow. Every group can have administrators, members, and a password. The syntax is:
# gpasswd [options] group_name
The groups command
The groups command displays the groups that a user belongs to. The following example illustrates that user oracle belongs to two groups, oracle (primary group) and students (secondary group):
# grep oracle /etc/passwd oracle:x:1000:1000:Oracle DBA:/home/oracle/bin/bash
# grep oracle /etc/group oracle:x:1000: students:x:1056:student1,student2,oracle
The groups command (logged on as oracle) verifies these group memberships.
$ whoami oracle $ groups oracle students
The newgrp command
The newgrp command executes a new shell and changes a user’s real group identification. The following example illustrates the group ID before and after running the command. It also illustrates that a new shell is executed.
$ id uid=1000(oracle) gid=1000(oracle) groups=1000(oracle),1066(students)...
Note that the gid equals 1000(oracle).
$ ps PID TTY TIME CMD 20279 pts/0 00:00:00 bash 20411 pts/0 00:00:00 ps
$ newgrp students
$ id uid=1000(oracle) gid=1066(students) groups=1000(oracle),1066(students)...
Note that the gid now equals 1066(students). Also note that a new shell was executed:
$ ps PID TTY TIME CMD 20279 pts/0 00:00:00 bash 20464 pts/0 00:00:00 bash 20486 pts/0 00:00:00 ps