Linux - Users and Groups
Belonging to a group and having a unique identification number
All Linux users on a particular system have a user ID, belong to a group and have a unique identification number referred to as a userid (UID). Groups are usually assigned to logically tie users together for common security, privileges and device/file access purposes. We are discussing the very group referred to in the 'g' or 'group' in file permissions. A University's server may assign all teachers and professors to a group, graduate students to another group, and undergraduates to a third group. Users and groups are primary mechanism used to regulate security and access in a Linux system. Files and devices are granted access based on a user ID or group ID.
Each user is part of one login group. This is the user's default group at the time of login and any files he creates will refer to this group via the 'g' bit. The user may also belong to any number of additional groups and change their default group temporarily or permanently.
Linux users gain access to the system only after the root user (the system administrator(s)) creates user accounts. The root user or superuser is a privileged user who has unrestricted access to all commands and files on a system regardless of their permissions. The superuser's userid is created during installation and is usually 'root'. Access to the root account is restricted by the root password. Only the root user may add new groups and users. Use the su (switch user) command without any parameters to login as the superuser before attempting to create users. The new accounts define the user's environment and level of access. New users may be created by:
- adding entries in the /etc/passwd file for the user
- creating a home directory named after the username (/home/<user_name>
- Assigning a default login shell
- manually copying 'skeleton' versions of the dotfiles to the home directory
Alternatively, the adduser command may be used; this command does all of the above. Each user is assigned a User Name (login), which is associated with a unique UID. A user may be part of many groups but only one of these is defined as the login group. The UID is used to keep track of the user while the GID (group ID) is used to identify the login group. Right after account creation, users are assigned to a User Private Group (UPG) - a unique group ID with the same value as the user ID. This may be changed later.
# adduser <user_name> # adduser -d /home/LinuxUser -m -s /bin/bash LinuxUser
A commonly used option is the -d option that specifies the home directory and the -s option that sets the default login shell. The next step is to create a password for the user and to enter the password and confirmation when prompted:
# passwd <user_name>
The groupadd command may be used to add a group. This command adds a single line to the /etc/group file. After the group is created, users should be added to the group by adding usernames to the end of the line corresponding to the group in the /etc/group file.
# groupadd userGroup1
User accounts are defined in /etc/passwd and groups are defined in /etc/group. All users may read these files; try a 'cat /etc/passwd | more' to take a look at the file. Each line in the file corresponds to a user and has the following format:
user_name:x:user_number:group_number:comments:/home_dir:default_shell LinuxUser:x:179:500:Greg:/home/user1:/bin/bash
The following is the format of each line in the /etc/group file:
group_name:x:group_number:<comma_delimited_list_of_user_names> userGroup1:x:500:LinuxUser floppy:x:19:LinuxUser, LinuxUser1
Note that the user 'LinuxUser' is logged in via the 'userGroup1' group but is also part of the 'floppy' group. If he needs some privileges that only the members of the 'floppy' group are granted, he may change his current group by issuing the following command:
[ LinuxUser ] ~$ newgrp floppy
The exit command will take the user back to his default group. The newgrp command actually starts a new shell and logs the user into the group by changing the group ID. Environmental variables that are not exported are reset and system variables are reset to the default values. The shell's configuration dotfile should contain definitions for all the Environmental variables that need to be carried over when groups are changed. A user may change the group associated with a file by issuing the following command:
newgrp <group_name> <file_name>
Normally, all files created by a user are assigned to his current group. A user may choose to change the default group of the file by using the chgrp command. A professor may log into a system with default group 'department' that everyone in the department belongs to. He may edit and save an exam question sheet and change its group to point to the 'professors' group. Obviously, default read permissions on the file will also have to be changed separately.
[ LinuxUser ] ~$ chgrp professors exam_questions.txt
The following is a list of standard system groups and IDs in a typical Linux distribution:
| Group ID | GID |
| root | 0 |
| bin | 1 |
| daemon | 2 |
| sys | 3 |
| adm | 4 |
| tty | 5 |
| disk | 6 |
| lp | 7 |
| mem | 8 |
| 12 | |
| man | 15 |
| floppy | 19 |
| rpm | 37 |
| apache | 48 |
| ftp | 50 |
| users | 100 |
