Linux Group Configuration in Bash
From bib. source
Like the management of user accounts […], managing groups requires an understanding of the configuration files and commands used to govern groups. Groups simplify the process of granting access to resources to multiple users.
That is, just like with user management on Linux, group management involves the use of a set of primary commands that , among other things, manipulate the data in specific configuration files. In the case of groups, the relevant file is at path /etc/group (Garn 2022, 43). Each line in this file is a colon-separated list, in which the position of a datum determines its meaning, and this constitutes the syntax of the file (Ibid):
| position / field | meaning |
|---|---|
| 0 | The name of the group |
| 1 | The password, whose value is typically an “x” to represent that the actual password is stored elsewhere for the user for whom this is a primary group (namely in /etc/shadow) |
| 2 | The group ID, or GID, a number–usually unique–representing the group to the system |
| 3 | A comma-separated list of user accounts that have membership in the group, and for whom this is not a primary group |
Linux Group Management Commands
The three essential primary commands for group management are (Garn 2022, 44):
- The
groupaddprimary command, used to create new groups with unique GIDs or group names - The
groupdelprimary command, used to remove existing groups - The
groupmodprimary command, used to modify an existing group
These commands are generally pretty straightforward. The groupadd primary command takes a name for the group as an argument, while primary command groupmod can do something like change a group name using the n command option (Ibid). For example:
groupmod -n $NEW_GROUP_NAME $OLD_GROUP_NAMEFinally, the groupdel primary command, similarly to groupadd, takes a group name as argument–although in this case it is the name of an existing group. It is important to note that (Ibid):
From bib. source
[…] you cannot remove the primary group of an existing user. You must remove the user account first by using the
userdelcommand.
Finally, removing a group with groupdel after the user account for whom it was the primary group has been removed does not delete other user accounts for whom the group was supplementary (Ibid).
Alternatives to
groupdelandgroupaddThe
groupaddcommand finds an alternative inaddgroup, which runs an interactive prompt for adding a new group. Thedelgroupalternative togroupdelhas a similar differentiation.
Interaction with user account management
There is one operation which is missing here from our set of primary commands, and that is adding a user account to a group, or making a user account a group member. That’s because this actually counts as user account management, and thus involves instead using the usermod primary command, with relevant command flags a and G (Garn 2022, 45):
usermodcommand optionGspecifies a group to which the user account will be addedusermodcommand flagaspecifies that all other group memberships should be maintained, such that this group should only be “appended” to the list of groups the user belongs to
For example, to add user account jdeng to group sales:
usermod -aG sales jdengRegardless, on user account creation using useradd primary command, there is a group that is automatically created for the user account–usually with the same name as the user account–for which it is initially the only member, and this group is called the user account’s primary group. All other groups the user may be a member of are called supplementary groups.
Getting information about groups
The primary commands useful for getting information on users is as follows groups, which displays all group memberships of the user account of the name its taken as argument (Garn 2022, 39).
Another useful primary command is getent, which, so long as it uses group as a subcommand, displays the entry for the group whose group name matches its argument that exists in /etc/group.
group_management system_administration group_deletion group_creation group_modification kernel operating_system exit_code exit_codes primary_command primary_instruction management command_line command-line command_lines command-lines command_line_interface command_line_interfaces lists data lines semantics filepath file_path filepaths file_paths command_option command_options command_flag command_flags Linux
bibliography
- Garn, Damon. The Official CompTIA Linux+ Student Guide (Exam XK0-005). 1.0. Downers Grove, IL: CompTIA, 2022.