< Day Day Up > |
You can manage groups using either shell commands or window utilities like the Red Hat User Manager.
The system file that holds group entries is called /etc/group. The file consists of group records, with one record per line and its fields separated by colons. A group record has four fields: a group name, a password, its ID, and the users who are part of this group. The Password field can be left blank. The fields for a group record are as follows:
Group name The name of the group, which must be unique
Password With shadow security implemented, this field is an x, with the password indicated in the /etc/gshadow file.
Group ID The number assigned by the system to identify this group
Users The list of users that belong to the group, separated by commas
Here is an example of an entry in an /etc/group file. The group is called engines, the password is managed by shadow security, the group ID is 100, and the users who are part of this group are chris, robert, valerie, and aleina.
engines:x:100:chris,robert,valerie,aleina
As in the case of the /etc/passwd file, it is best to change group entries using a group management utility like groupmod, groupadd, or the Red Hat User Manager. All users have read access to the /etc/group file. With shadow security, secure group data such as passwords are kept in the /etc/gshadow file, to which only the root user has access.
A new user can be assigned to a special group set up for just that user and given the user's name. Thus the new user dylan is given a default group also called dylan. The group dylan will also show up in the listing of groups. This method of assigning default user groups is called the User Private Group (UPG) scheme. UPG is currently used on Red Hat systems. The supplementary groups are additional groups that the user may want to belong to. Traditionally, users were all assigned to one group named users that would subject all users to the group permission controls for the users group. With UPG, each user has its own group, with its own group permissions.
As with users, you can create a home directory for a group. To do so, you simply create a directory for the group in the /home directory and change its group to that of the group, along with allowing access by any member of the group. The following example creates a directory called engines and changes its group to that of the engines group:
mkdir /home/engines chgrp engines /home/engines
Then the read, write, and execute permissions for the group level should be set with the chmod command, discussed later in this chapter:
chmod g+rwx /home/engines
Any member of the engines group can now access the /home/engines directory and any shared files placed therein. This directory becomes a shared directory for the group. You can, in fact, use the same procedure to make other shared directories at any location on the file system.
Files within the shared directory should also have their permissions set to allow access by other users in the group. When a user places a file in a shared directory, the user needs to set the permissions on that file to allow other members of the group to access it. A read permission will let others display it, write lets them change it, and execute lets them run it (used for scripts and programs). The following example first changes the group for the mymodel file to engines. Then it copies the mymodel file to the /home/engines directory and sets the group read and write permission for the engines group.
$ chgrp engines mymodel $ cp mymodel /home/engines $ chmod g+rw /home/engines/mymodel
You can add, remove, and modify any groups easily with the Red Hat User Manager. First, access the Red Hat User Manager by clicking the Users & Groups icon in the System Settings window, listed in the Start Here window. Then click the tabbed panel labeled Groups in the Red Hat User Manager window. This will list all your current groups. There will be three fields for each entry: Group Name, Group ID, and Group Members.
To add a group, just click the Add Group button. This opens a small window where you can enter the group name. The new group will be listed in the User Manager's Groups listing. To add users as members of the group, select the group's entry and click the Properties button. This opens a window with tabbed panels for Group Data and Group Users. The Group Users panel lists all current users with check boxes. Click the check boxes for the users you want to be members of this group. If you want to remove a user as member, click the check box to remove its check. Click OK to effect your changes. If you want to remove a group, just select its entry in the User Manager's Groups panel and then click the Delete button.
You can also manage groups with the groupadd, groupmod, and groupdel commands. These command line operations let you quickly manage a group from a terminal window.
With the groupadd command, you can create new groups. When you add a group to the system, the system places the group's name in the /etc/group file and gives it a group ID number. If shadow security is in place, changes are made to the /etc/gshadow file. The groupadd command only creates the group category. You need to add users to the group individually. In the following example, the groupadd command creates the engines group:
# groupadd engines
You can delete a group with the groupdel command. In the next example, the engines group is deleted:
# groupdel engines
You can change the name of a group or its ID using the groupmod command. Enter groupmod -g with the new ID number and the group name. To change the name of a group, you use the -n option. Enter groupmod -n with the new name of the group, followed by the current name. In the next example, the engines group has its name changed to trains:
# groupmod -n trains engines
< Day Day Up > |
This HTML Help has been published using the chm2web software. |