7

Whenever I search for how to create groups, examples always point to chapter 8 (i.e. shell) commands. When I look through lists of common sys calls (i.e. the ones listed in the Wikipedia page), I see commands to set and get group IDs, but no specifics on how they're created.

I found some code that seems to acquire a file system lock on the /etc/groups file, but some systems (i.e. Android) don't have this file.

How does the operating system know understand what groups are? Is it purely metadata on files and process entries?

aaronstacy
  • 474
  • 2
    It would probably be a series of read and write calls to files or other data stores, as creating users and groups is mostly a matter of updating these. – Kusalananda Mar 19 '23 at 08:51

2 Answers2

36

The kernel doesn't know what groups are. It just knows group id's. It isn't necessary to "create" a group for the kernel, you just assign a groupid (All this is also true of users).

Now, the full operating system (beyond the kernel) does care about groups and users. Typically these are translated back and forth between names (group, login) and id's by looking them up in /etc/group and /etc/passwd but other options are also available as listed in /etc/nssswitch.conf; Ultimately the library calls (not syscalls) getpwent (and other getpw*) and getgrent (and getgr*) do the translation through whatever is configured to be the source of credentials.

So the reason you can only find shell commands to create users and groups is because that's the way it is done. There is no syscall, because the kernel doesn't keep track of that info.

(Technically, there are also GUI interfaces to create them, but that's not really different than the shell commands.)

Some uses of the Linux kernel (android) dynamically create users and groups. Again, this is managed by the user mode android supervisory system, not by the kernel.

user10489
  • 6,740
  • pedantic answer: write() – Joshua Mar 20 '23 at 21:12
  • Write isn't sufficient, and the rest of the syscalls that the adduser shell command does are also necessary so... – user10489 Mar 20 '23 at 22:09
  • 1
    I wonder whether it might be useful to mention such system calls as setgid/setegid/setregid which are typically called by a login process (login / sshd / X display manager / PAM module / etc.) to actually set the groups (forgot what syscall sets supplementary groups), chown/fchown/lchown for filesystem, etc. (Not saying it necessarily is, just wondering.) – Daniel Schepler Mar 20 '23 at 22:43
  • Those syscalls are tangentially interesting to this question, but the OP asked about creating groups, not setting credentials. I think those would be very appropriate for a separate question. – user10489 Mar 20 '23 at 23:47
1

Is it purely metadata on files and process entries?

Yes, the kernel does not know or care what users or groups exist or their names. It does however care what users and groups a process belongs to. A process is normally associated with one user ID, but can in some circumstances by associated with more than one. A process is also associated with a primary group and a list of secondary groups.

When you log in, the login system assigns your user id and associated groups to your process based on whatever authentication data sources your system is using. On a regular standalone system this is the files /etc/passwd and /etc/group, however on managed systems other data sources may be configured.

On modern (non-android) Linux systems, this process is typically controlled by a mechanism known of as PAM (plugable authentication modules).

This is why, after being added to a new group you have to log out and back in or use a tool like "newgrp".

plugwash
  • 4,352