How to add to group when name has a space?

Question

Is it possible to add a name as a group member when the name has a space? For example "foo bars" is the name and I want it to add to the group called "reindeers".

This group is created in AD and it is quite common for names to have spaces. I won't be able to change the name.

Apologies if this has already been asked here. I just could not find any references. I did find solutions/discussions to adding a username with a space in the sudoers config file by replacing the space with a "_" instead, or escaping the space with a backslash. Not sure if this works with regards to adding it to a group.

Thanks, Mrky

You want to add a group (that has a space in it) into another group? How does that work on unix? — thrig, Nov 01 '17 at 04:22
@thrig I know, right? I can't even add a username like "foo bars" coz of restrictions. And even if I could, I would not do that. It's just bad practice. Alas, this is not just up to me. How do I explain this to clients? I want to exhaust all other options where possible before going back to them and probably get into an argument. — markyxyz, Nov 01 '17 at 04:27
Why, for the sake of Church of Emacs, would somebody like to have a username (or group name) with space in it? — cezar, Nov 01 '17 at 07:27

score 13 · Accepted Answer · answered Nov 01 '17 at 08:40

Group and user names aren’t allowed to contain the space character on POSIX-style systems; see Command line login failed with two strings ID in Debian Stretch for references (the restrictions apply to groups as well as users).

In your case you might be able to work around the limitation by managing your groups in AD rather than in /etc/group. But I’d recommend trying to convince the powers that be to drop spaces entirely...

djhurio · Answer 2 · 2018-02-06T12:49:12.287

3

I had a similar problem with group name "domain users" coming from AD. For chown I was able to use group id number instead of group name. For example:

sudo chown -R user1:118600513 /home/user1

where 118600513 is the id for a group "domain users".

edited Feb 06 '18 at 12:49

answered Feb 06 '18 at 10:40

djhurio

141

Using the GID might work for chown (since the group name doesn't really exist at that level), but I don't think this answers the question of how manage user-to-group membership with names like that. – ilkkachu Feb 06 '18 at 10:45
@ilkkachu, thanks! I have updated my answer. But you are right - probably it does not help OP. – djhurio Feb 06 '18 at 12:50

score 0 · Answer 3 · edited Sep 07 '18 at 23:32

I spent an entire day searching the same topic. Here's what I found and tested on Debian 9 + Samba AD DC 4.5.12

In order to set sharing folder permission, a somewhat local unix group or user must be present. Option 1: Create Group with gid I failed to map the gid after creation by net groupmap, but was able to map them at the time of creation by

groupadd localgroupnamewithoutspace
cat /etc/group
samba-tool group add "Groupname with Space" --nis-domain=mydomain --gid-number=corresponding gid we just saw in /etc/group
chgrp localgroupnamewithoutspace /path/of/share
chmod 0770 /path/of/share

Option 2: Look up gid of AD group Unix group doesn't allow space, so set group of directory to gid will work. However, when doing ls -al it will show gid number not AD group or Unix group name. This could potentially be a problem if multiple groups are nested and assigned in the same large sharing parent directory.

wbinfo --name-to-sid "AD Group name with space"
wbinfo --sid-to-gid "copy from the ouput above"

it should look like this and you only need this part S-1-5-21-53980404-2501955692-3283166571-512 then use the gid number when setting permission by chgrp, chmod.

Noted, The above only takes care of AD group and Unix group mapping, the actual ACL and group member permission still requires to have proper SeDiskOperatorPrivilege setup, and then configured through Windows Client with account has SeDiskOperatorPrivilege in File Explorer and ADUC.

edited: typo

score 0 · Answer 4 · answered Aug 17 '18 at 06:09

0

I did not try this for group but for user info that is gecos info as in usermod command add " " i.e inverted commas with space in between.

usermod username -c User" "Name

answered Aug 17 '18 at 06:09

Yogi

1

1

In UNIX parlance, inverted commas are probably more widely known as double quotes. – Jim L. Nov 30 '21 at 23:13

score 0 · Answer 5 · answered Nov 30 '21 at 21:12

0

You can use \ to escape the space char. example:domain\ users

answered Nov 30 '21 at 21:12

blindguy

101

score 0 · Answer 6 · answered Nov 30 '21 at 23:10

This is not quite a direct answer, but if reindeers is an AD group, then it would seem that user foo bars would need to be added to that group on the domain controller, so that other domain members will be able to recognize foo bars as a member of the group.

But generally, no special handling is necessary for spaces in user or group names, other than double-quoting.

# finger "test user"
Login: test user                Name: Test User
Directory: /nonexistent         Shell: /usr/sbin/nologin
No Mail.
No Plan.
# id "test user"
uid=99563(test user) gid=99563(test user) groups=99563(test user),9999(test group)
# su -m "test user"
$ id
uid=99563(test user) gid=99563(test user) groups=99563(test user),9999(test group)
$ whoami
test user
$ touch /tmp/test; ls -l /tmp/test; 
-rw-r--r--  1 test user  wheel  0 Nov 30 15:00 /tmp/test
$ chgrp "test group" /tmp/test; ls -l /tmp/test
-rw-r--r--  1 test user  test group  0 Nov 30 15:00 /tmp/test
$ find /tmp -group "test group" -ls
 38023    1 -rw-r--r--   1 test user   test group      0 Nov 30 15:00 /tmp/test

Nick · Answer 7 · 2023-01-21T14:51:12.470

0

Update: It was pointed to me that the question is about username having space, not group name... But since Google points this answer for "how to add user to a group that has space in name" (and frankly I understood it also this way), I'll still leave this snipped.

add a group name without space: groupadd mybestfriends
add users to it: usermod -a -G mybestfriends friend1
edit /etc/group and add spaces: nano /etc/group change line: mybestfriends:x:1003:friend1 to: my best friends:x:1003:friend1
manipulate group with its GID : usermod -a -G 1003 friend2

For now I didn't see no side effects, but YMMV.

Don't forget sudo where applicable.

edited Jan 21 '23 at 14:51

answered Jan 20 '23 at 13:15

Nick

101

The question is about usernames with spaces: how to add a user, whose login contains a space (“foo bars”), to a group (“reindeers”). – Stephen Kitt Jan 20 '23 at 23:00
Hot damn! You're right! This answer shows at 1st pos in Google for "how to make a group with spaces"... Maybe I will make a note. Unless I should delete it? What do you think? – Nick Jan 21 '23 at 14:20

score 0 · Answer 8 · answered Dec 12 '23 at 22:43

if using sssd to do this AD integration and reference this group + its group membership, sssd has a cute directive in sssd.conf:

override_space = -

This affects the display output only. So "AD Group" now shows up as ad-group and "AD User" would show up as ad-user. Then it's trivial to do useradd, write sudoers rules, etc. Because those AD groups and users no longer have a space in them.

How to add to group when name has a space?

8 Answers8

Linked