Questions tagged [group]

All about Unix groups and access control.

Under Unix each process and each resource belongs to a group. A group is internally represented by a group identifier (GID). The translation between group names and GIDs is stored in the file /etc/group. This is a simple line-oriented database, where each record contains four fields: group name, group password, GID, and a comma-delimited list of users who have GID as secondary group (see below). The use of group passwords is discouraged. Following the pattern of /etc/passwd and /etc/shadow an according file /etc/gshadow was established.

The group membership of a process is stored in the file /etc/passwd; this is also a line-oriented database where each record contains among other things the user name, the UID and the primary GID of the according user account. Unlike resources a process may belong to additional groups. These are stored in the fourth field of /etc/group, i.e. a user belongs to each group for which his username is included in the fourth field of the according entry.

A typical entry in /etc/group looks like this:

wheel:*:10:root,joe,fred

In this example the users root, joe, and fred have the group wheel as one of their secondary groups.

It is custom to reserve GIDs 0 to 99 for system groups and 100 to 499 or 999 to functional group accounts such as services, see /etc/login.defs on Linux distributions that use the shadow suite. A special group is wheel. If configured, only members of that group may use su and do certain other things. Traditionally this group had GID 0 but it has become custom to assign this group GID 10.

Files and other resources can have only one group. The group membership of a file is stored in its inode.

The groups a process is in and the group a resource belongs to have influence on access control decisions. Suppose a process tries to access a resource: If

the UID of the resource does not match the (effective) UID of the process
the GID of the resource does match the (effective) GID or one of the secondary GIDs of the process

then the group access right of the resource apply.

Common problems

617 questions

votes

1 answer

How to change primary group?

I have a user like this: uid=501(ironsand) gid=500(foo) groups=500(foo),10(wheel),497(git),501(ironsand) And to change primary group to ironsand like gid=501(ironsand), I typed this command: sudo usermod -g ironsand ironsand It changed groups…

group

asked Aug 20 '14 at 10:11

ironsand

5,205

votes

3 answers

Change gid of a specific group

I'd like to change group id of a specific group. There are so may solution for changing the gid of a file or directories. But that's not what I want. Is there a way to do that?

group

asked Mar 09 '12 at 13:01

mibzer

1,032

votes

4 answers

How to run a process with a specific group?

I have to start an application with my own user rights, but the group must be different. So, instead of: $ ps -eo "user,group,args" | grep qbittorrent morfik morfik /usr/bin/qbittorrent it should be for example: $ ps -eo "user,group,args" |…

group

asked Feb 03 '14 at 01:36

Mikhail Morfikov

10,549

votes

1 answer

id command doesn't show all user's groups

I did a usermod to add the current user user in a group, but when I run id -Gn it only shows the main user's group: [user@computer ~]$ id -Gn user But when I specify the user, it works normally: [user@computer ~]$ id -Gn user user newgroup Do you…

group

asked Aug 10 '14 at 15:09

Notiggsam

votes

2 answers

What system calls create users and groups?

Whenever I search for how to create groups, examples always point to chapter 8 (i.e. shell) commands. When I look through lists of common sys calls (i.e. the ones listed in the Wikipedia page), I see commands to set and get group IDs, but no…

group

asked Mar 19 '23 at 03:05

aaronstacy

votes

1 answer

Why does uucp take group 10?

According to YoLinux, group ID 10 typically belongs to wheel. And on my Arch Linux installation, sure enough there in /etc/group is wheel:10. However, on my Ubuntu machine instead I'm greeted with uucp. A quick search turns up the Ubuntu man page of…

group

asked Aug 27 '14 at 02:07

Wayne Werner

11,713

votes

3 answers

Delete non-unique group with group ID as primary group of a user

So say I have two groups with names testing1 and testing2. Both groups have the same group ID of 2000. Then I add a user named testing-user with GID of 2000. Along the way I want to delete group testing2, but I cannot because when I try I get the…

group

asked Jun 21 '14 at 23:43

Greg

votes

2 answers

How can I set the supplementary groups of a process?

I can see the supplementary groups of a process by running cat /proc/$PID/status and looking at the Groups: line. How can I modify this value for a process? I know that these values are normally configured by user in the /etc/group file, but changes…

group

asked Sep 12 '21 at 20:03

jrpear

votes

2 answers

Meaning of the colon and x in getent group

I came across the command getent group sudo to list sudoers in sudo group and I got the output sudo:x:27:lion now I wounder what is the meaning of :x:, colon and 27 ... also I see same symbols in /etc/passwd... so what do these symbols mean ?

group

asked May 18 '16 at 20:13

WLION

votes

1 answer

Should I assign gid explicitly when I create a group?

I thought gid is automatically assigned when I create a group. But I found a chef receipt file that assigns a number 403 to gid directly. https://github.com/treasure-data/chef-td-agent/blob/master/recipes/default.rb Does it not cause a overlapping…

group

asked Feb 16 '14 at 00:27

ironsand

5,205

vote

1 answer

Group not listed in groups command

On Ubuntu 22.04, I've installed docker, added myself to the docker group with sudo usermod -a -G docker user, and logged out/in. However, I still get "permission denied" errors when running docker commands. In /etc/group, I…

group

asked Jul 21 '22 at 13:39

Daniel Walker

vote

1 answer

Unix group becomes everyone when assigned to a group ID that does not exist

Can you please assist why the ID is assigned to a group named everyone? # id entitlement uid=315(entitlement) gid=200(everyone) groups=200(everyone) Below commands do not return anything: # cat /etc/group | grep everyone # cat /etc/group | grep…

group

asked Oct 07 '21 at 16:24

Joshua Cuesta

vote

1 answer

/etc/group content

If I am not wrong, the file /etc/group shows the list of the groups and for each one are listed the users that are members as secondary group only. I created some users in order to do some test. The strange behavior is that my user is listed in my…

group

asked Jan 20 '18 at 13:08

intore

vote

1 answer

Troubleshooting joining a group in Mint in VirtualBox

I am trying to join my user to the vboxsf group to access a VirtualBox shared folder from inside my Linux Mint virtual machine. However I'm encountering a problem that I can't troubleshoot. I've edited /etc/groups to add my user to the appropriate…

group

asked Jul 13 '14 at 17:49

user394

14,404
21
67
93

votes

2 answers

Which type of group is it when to create them?

There are two type of group concept in linux :primary vs secondary groups,it is simple to create a new group: sudo groupadd gname Now i want to know the new created group gname belongs to which type of group?Is there a way to inter-convert between…

group

asked Aug 23 '20 at 12:53

showkey

2 Next