Can you explain me the format of /etc/group user group file under Linux / UNIX operating systems?
/etc/group is a text file which defines the groups to which users belong under Linux and UNIX operating system. Under Unix / Linux multiple users can be categorized into groups. Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals. This method, amongst others, also enables the Superuser to delegate some administrative tasks to normal users.
/etc/group file
It stores group information or defines the user groups i.e. it defines the groups to which users belong. There is one entry per line, and each line has the following format (all fields are separated by a colon (:)
cdrom:x:24:vivek,student13,raj _____ _ _ _____ | | | | | | | | 1 2 3 4
Where,
- group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.
- Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.
- Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.
- Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.
More About User Groups
Users on Linux and UNIX systems are assigned to one or more groups for the following reasons:
- To share files or other resource with a small number of users
- Ease of user management
- Ease of user monitoring
- Group membership is perfect solution for large Linux (UNIX) installation.
- Group membership gives you or your user special access to files and directories or devices which are permitted to that group
(Fig.01: Understanding groups)
User tom is part of both 'Web developers' and 'Sales' group. So tom can access files belongs to both groups.
Task: View Current Groups Settings
Type any one of the following command:
$ less /etc/group
OR
$ more /etc/group
Task: Find Out the Groups a User Is In
Type the following command:
$ groups {username}
$ groups
$ groups vivek
Sample outputs:
vivek : vivek adm dialout cdrom plugdev lpadmin netdev admin sambashare libvirtd
Task: Print user / group Identity
Use the id command to display information about the given user.
Display only the group ID, enter:
$ id -g
$ id -g user
$ id -g vivek
OR
$ id -gn vivek
Display only the group ID and the supplementary groups, enter:
$ id -G
$ id -G user
$ id -G vivek
OR
$ id -Gn vivek
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 16 comments… read them below or add one }
On the money. The detail was clear and straight forward. I quickly found the answer to the problem that we were facing in our production test environment.
Clear and good.
wonderful
perfect!! just what i need ;)
Great, Thanks!
But one more question remains:
Does /etc/group allow wildcards (probably not) or is it possible to allow all group members of one group to be part of another?
I have the problem, that different linux installations (which are all needed unfortunately) provide different groups and user authentification is central from NIS …
Will a blank line in the /etc/group file cause a system read problem? I know on some UNIX platforms, a blank line in the password file causes problems. Thanx
It may cause a problem. It is better to remove a blank line. But I never tested it… YMMV.
Can a group be a member of another group?
What is the default permission for /etc/group
If I add my Group ID or Account name to admin/root in /etc/group, will it work. If not how can I do the same.
But why exactly do some in my group file have and x, or nothing at all in the password field? What’s the purpose?
how can i allow the root user of another machine to view the files that are only set to be viewed by the users that are in /etc/group which is set on another machine?
for example can we just add root@host to my nis group so when that machine comes up in initialization access those files and execute them?
are there any commands that can show / list all members of a group (using hp-ux)? thanks
Good, but did not mention what the ‘x’ means in the password.
The ‘x’ means that password is stored in /etc/gshadow, not in /etc/group.. It’s the same way as in /etc/passwd, if you gave x in password field, it means that the user’s password is stored in /etc/shadow.
Very good explanation!!