In our last post Managing Users and group part1. We saw various aspects of user creation in Linux system. In this page we try to understand things come across while creating Linux Groups and their relevance.

How groups are important

In any operating system Groups are used for many purpose, Mostly use to categorize Users, access control list, permission over system resources. It always provide easy platform to work in huge infrastructure or with required predefined access.
Freshly installed operating system always have some groups that have access to some resource, have special permission, control over resources which has access to their member.
It is always easy to grant and revoke access to groups as it get effect on all its users instead of work on individual users.

Creation of group

In Linux we have many group that were created during Linux installation, these are mostly used to provide access on system resource and process to their members, which make system more secure and categorize to help while implementation of application.

In “/etc/login.defs” file, system mentioned GID used to maintain for system and non-system groups.

# Min/max values for automatic gid selection in groupadd
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               201
SYS_GID_MAX               999

So whenever we create and group, it will automatically assigned GID as per variables used in above output.Let’s create some groups.

User private groups

In Linux machines, Every user has its own private group which has same name as of User, this also called user private group (UPG)scheme. This make safe to assign default permission on newly created file and directories.

[root@srv7 ~]# useradd u1
 User creation also crated one same name group
[root@srv7 ~]# groups u1
u1 : u1

[root@srv7 ~]# grep u1 /etc/passwd 

[root@srv7 ~]# grep u1 /etc/group

In above mentioned output, user creation also created same name group with same user member.

Non-private Groups

Groups can be create that are not tagged to any user initially, we need add users for them with usermod command or could also add while creating users with -G option.

Addition of Group
# groupadd g1
Addition of group with one secondary group
# useradd -G g1 u1
New user has two group
# groups  u1
u1 : u1 g1
Addition of User
# useradd u2

# groups u2
u2 : u2
User Modification with addition of group
# usermod -G g1 u2

# groups u2
u2 : u2 g1

This way we can create user with group membership and can use to maintain to use of system resources.

Group Directories

Many Organization create linux/unix group for department’s team members, So all team members can save and access their data on single storage and could assign group permission to all team members easily. So all user user of same group could create and access this directory. But when any user create any file or directory inside that Group directory that will have group ownership of its primary group which create issues for other users, for same you can assign setgid bit that maintain common group ownership of group directory.With setgid bit any users save its own data in Group directory with secondary group of team owned that directory.

We can also manage this directory without root user, we have facility that way any normal user can can manage group administration. We can set password and administrator for group like below.

Group Password

As wrote above we can set group password, which used to manage group membership like mentioned below.

# gpasswd Sales
Changing the password for group Sales
New Password: 
Re-enter new password: 

Group Membership

This password is used through any normal user to became group member.

[kamal@centos7-box ~]$ groups 
[kamal@centos7-box ~]$ newgrp Sales
[kamal@centos7-box ~]$ groups
Sales kamal

This way any user could take group membership benefits anytime with group password. But sure if we take about security we never suggest to share group password publicly, for same reason we could manage assigning Group administrators for these groups.

Group Administrator

As wrote above we could assign group administrator which could manager group membership for their team mates, we could make Team leader User account as Group Administrator for Team’s Group so when ever any new member join team, Team Leader could add new members in Linux secondary group that they could also avail group data.
We tried to show same in below mentioned examples.

Add Steve as group Administrator
[root@centos7-box ~]# gpasswd -A steve IT
Steve is still not member of this group
[root@centos7-box ~]# groups steve 
steve : steve

Steve could Add and remove Mahesh to this group

Mahesh has no secondary group 
[steve@centos7-box ~]$ groups mahesh
mahesh : mahesh
Steve add Mahesh to this group
[steve@centos7-box ~]$ gpasswd -a mahesh IT
Adding user mahesh to group IT

[steve@centos7-box ~]$ groups mahesh
mahesh : mahesh IT

r=lightgreen>Steve remove Mahesh from this group
[steve@centos7-box ~]$ gpasswd -d mahesh IT
Removing user mahesh from group IT

With above command and output, its quite clear that in Linux commands we have complete power and features to make Linux user and group administration effective and easy. There could many more commands and ways to your stuff. We will cover some of them again in next post