Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells

The /etc/group file

News Authentication Recommended Links The /etc/group file Unix permissions model UID policy
System Groups Primary Group Wheel Group User Private Groups Managing user accounts in Perl Solaris RBAC
Admin Horror Stories System Accounts Unix History Groups administration tutorial Humor Etc

The /etc/group file contains the database that lists every group on your computer and its corresponding GID. Its format is similar to the format used by the /etc/passwd  file. Here is an /etc/group  file from RHEL 5.5:

# cat /etc/group 
root:x:0:root 
bin:x:1:root,bin,daemon 
daemon:x:2:root,bin,daemon 
sys:x:3:root,bin,adm 
adm:x:4:root,adm,daemon 
tty:x:5: 
disk:x:6:root 
lp:x:7:daemon,lp 
mem:x:8: 
kmem:x:9: 
wheel:x:10:root,joeadmin 
mail:x:12:mail 
news:x:13:news 
uucp:x:14:uucp 
man:x:15: 
games:x:20: 
gopher:x:30: 
dip:x:40: 
ftp:x:50: 
lock:x:54: 
nobody:x:99: 
users:x:100: 
nscd:x:28: 
floppy:x:19: 
vcsa:x:69: 
audio:x:63:gdm 
utmp:x:22: 
rpc:x:32: 
mailnull:x:47: 
smmsp:x:51: 
pcap:x:77: 
utempter:x:35: 
slocate:x:21: 
ntp:x:38: 
sshd:x:74: 
rpcuser:x:29: 
nfsnobody:x:4294967294: 
dbus:x:81: 
avahi:x:70: 
haldaemon:x:68: 
avahi-autoipd:x:101: 
distcache:x:94: 
apache:x:48: 
webalizer:x:67: 
squid:x:23: 
oprofile:x:16: 
xfs:x:43: 
gdm:x:42: 
sabayon:x:86: 
stapdev:x:102: 
stapusr:x:103: 
screen:x:84: 
joeadmin:x:324547: 
dba:x:5001:oracle 
oinstall:x:5002:oracle 
ovwebgrp:x:5003: 
opcgrp:x:78:

Here is a sample /etc/group like that defines the group wheel

wheel:*:10:root,joeadmin

Like /etc/passwd the /etc/group is an ASCII file. Each record appears on a single line and is the following format:

Field Contents

Description

wheel

The group name

*

The group's "password". In modern Unixes this field is not used, but functionality is preserved creating a security hole. Every group can have administrator (typically the user for whom this group is primary), members and a password. See gpasswd. System administrator can use -A option to define group administrator(s) and -M option to define members and has all rights of group administrators and members.

Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.

newgrp  command can be used to change the current primary group ID of the use during the current session. If the optional - flag is given, the user's environment will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains unchanged. 

10

The group's GID

root,joeadmin

The list of the users who are in the group

The groups command displays group memberships for the user. The command format for the groups command is:

groups  [username] 

For example, to see which groups you are a member of, perform the command groups 

To list the groups to which a specific user is a member, use the groupscommand with the user’s name, such as user5, as an argument.

Several groups are called system groups and are used for the partitioning file space on binary files, system files like drivers and so on. In Red Hat there are four such groups, although Red hat does not use group bin  as a primary group for executables (but many installed on Red Hat commercial application do that)

bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon

Generally Red Hat is using the idea of User Private Groups so the number of groups in initial install in much larger then in older Unixes like Solaris, AIX or HP-UX. For example, HP-UX /etc/group file is pretty minimalistic:

root::0:root
other::1:root,hpdb
bin::2:root,bin
sys::3:root,uucp
adm::4:root,adm
daemon::5:root,daemon
mail::6:root
lp::7:root,lp
tty::10:
nuucp::11:nuucp
users::20:root
nogroup:*:-2:
smbnull::101:
cimsrvr::102:
sshd::103:
hpsmh::104:
dba::500:
oinstall::501:oracle
tftp::105:
log::333: 

For Linux with kernel 2.6.3+ each user can belong to 64K groups. On Solaris each user can also belong to up to 15 additional groups, known as secondary groups.

The following is an example of the Solaris /etc/group  file:

root::0:root
other::1:
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
uucp::5:root,uucp
mail::6:root
tty::7:root,adm
lp::8:root,lp,adm
nuucp::9:root,nuucp
staff::10:
daemon::12:root,daemon
sysadmin::14:
smmsp::25:smmsp
nobody::60001:
noaccess::60002:
nogroup::65534:

In Solaris GID numbers 0 to 99, 60001, 60002 and 65534 are reserved for system group entries. User defined groups range from 100 to 60000. The maximum number of group members is set by the kernel parameter called ngroups_max. You can set this parameter in the /etc/system  file to allow for a maximum of 32 groups. Not all applications will be able to reference group memberships greater than 16. NFS is a notable example.

Generally like with ports the lower the number the more powerful group is. Groups such as bin, adm, daemon and sys are often called System Groups. The most powerless groups is called nobody,  nogroup and nfsnobody. User and group nobody  typically do not own any files at all. It GID is usually the highest number supported by particular OS. It is often defined as negative number (meaning subtract 1 from max GID), for example

nogroup:*:-2:

nfsnobody:x:4294967294:

In is prudent to use the wheel group for the set of server system administrators, who can switch to root. It can be provided with additional powers using PAM. Typically only members of this group can su to root. See Wheel Group

The other potentially useful trick is to assign group for files that are often edited by sysadmins to wheel. In this case editing of system files (typically owned by group root in linux) can be done from sysadmin private account, without switching to root. There is a certain danger here as access control to those file now is spread amount members of wheel group, so using sudo is a better solution. Please note that using sudo entails the same problem; the only important difference is that sudo provides additional logs.

While you can edit /etc/groups directly via vi or other editor there are special commands that permit adding groups, deleting groups and modifying group membership in this file.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News

Solaris to Linux Migration: A Guide for System Administrators

User ID and group ID differences

There are differences in the UIDs and GIDs used for the various users defined on the system by default. Table 11-1 lists UID differences. Table 11-2 lists the GID differences.

Table 11-1

User
Solaris UID:GID
Red Hat UID:GID
SUSE UID:GID
Comment
root 0:1 0:0 0:0 Superuser
daemon 1:1 2:2 2:2 N/A
bin 2:2 1:1 1:1 N/A
sys 3:3 N/A N/A N/A
adm 4:4 3:4 N/A Admin
uucp 5:5 10:14 10:14 uucp admin
nuucp 9:9 N/A N/A uucp admin
smmsp 25:25 51:51 N/A SendMail Message Submission Program
listen 37:4 N/A N/A Network admin
lp 71:8 4:7 4:7 Line printer admin
nobody 60001:60001 99:99 65534:65533 Nobody
noaccess 60002:60002 N/A N/A No access user
nobody4 65534:65534 N/A N/A SunOS™ 4.x Nobody
sync N/A 5:0 N/A
shutdown N/A 6:0 N/A
halt N/A 7:0 N/A
mail N/A 8:12 8:12
news N/A 9:13 9:13
operator N/A 11:0 N/A
games N/A 12:100 12:100
gopher N/A 13:30 N/A
man N/A N/A 13:62 Man pages viewer
ftp N/A 14:50 40:49 FTP user
squid N/A 23:23 31:65534 Squid proxy server
pvm N/A 24:24 N/A Parallel processing pkg
named N/A 25:25 44:44
at N/A N/A 25:25 Batch daemon
postgres N/A 26:26 26:26 PostgreSQL server
mysql N/A 27:27 60:2 mySQL server
ncsd N/A 28:28 N/A ncsd daemon
mdom N/A N/A 28:28 Mailing list agent
rpcuser N/A 29:29 N/A RPC service user
wwwrun N/A N/A 30:8 WWW daemon Apache
rpc N/A 32:32 N/A Portmapper™ RPC user
amanda N/A 33:6 37:6 Amanada backup suite
netdump N/A 34:34 104:104 netdump
rpm N/A 37:37 N/A Package manager
ntp N/A 38:38 74:65534
canna N/A 39:39 N/A Canna service users
irc N/A N/A 39:65534 IRC daemon
mailman N/A 41:41 72:67 GNU mailing list mgr
gdm N/A 42:42 50:15 GNOME desktop
xfs N/A 43:43 N/A X11 Font Server
mailnull N/A 47:47 N/A
apache N/A 48:48 N/A Apache
wnn N/A 49:49 N/A Wnn input server
ldap N/A 55:55 76:70 LDAP user
vscan N/A N/A 65:103 Virus scanner
webalizer N/A 67:67 N/A Webalizer
pop N/A N/A 67:100 POP server
haldaemon N/A 68:68 N/A HAL daemon
vcsa N/A 69:69 N/A Virtual console memory owner
snort N/A N/A 73:68 Snort network monitor
sshd N/A 74:74 71:65 Privilege-separated SSH
radvd N/A 75:75 N/A Router advertisement daemon
cyrus N/A 76:12 96:12 Cyrus IMAP server
pcap N/A 77:77 N/A Network monitor user
fax N/A 78:78 N/A mgetty fax spool
dbus N/A 81:81 N/A System message bus
postfix N/A 89:89 51:51 Mail server
quagga N/A 92:92 101:101 Quagga routing suite
exim N/A 93:93 N/A Spam/virus pkg
radiusd N/A 95:95 102:102 Radius user
dovecot N/A 97:97 N/A IMAP/POP3 server
ident N/A 98:98 N/A
htt N/A 100:101 N/A IIIMF Htt
stunnel N/A N/A 100:65534 SSL tunnel daemon
dhcpd N/A N/A 103:65534 DHCP daemon
nfsnobody N/A 65534:65534 N/A

User ID differences

Table 11-2 Group ID differences

Group Solaris Red Hat SUSE
root 0 0 0
other 1 N/A N/A
bin 2 1 1
sys 3 3 3
adm 4 4 N/A
uucp 5 14 14
mail 6 12 12
tty 7 5 5
lp 8 8 7
nuucp 9 N/A N/A
staff 10 N/A N/A
daemon 12 2 2
sysadmin 14 N/A N/A
smmsp 25 N/A N/A
nobody 60001 99 65533
noaccess 60002 N/A N/A
nogroup 65534 N/A 65534
disk N/A 6 6
mem N/A 8 N/A
www N/A N/A 8
kmem N/A 9 9
wheel N/A 10 10
news N/A 13 13
man N/A 15 N/A
shadow N/A N/A 15
dialout N/A N/A 16
audio N/A N/A 17
floppy N/A 19 19
games N/A 20 40
cdrom N/A N/A 20
slocate N/A 21 N/A
console N/A N/A 21
utmp N/A 22 22
squid N/A 23 N/A
pvm N/A 24 N/A
named N/A 25 44
at N/A N/A 25
postgres N/A 26 26
mysql N/A 27 N/A
nscd N/A 28 N/A
mdom N/A N/A 28
rpcuser N/A 29 N/A
gopher N/A 30 N/A
rpc N/A 32 N/A
public N/A N/A 32
video N/A N/A 33
netdump N/A 34 N/A
rpm N/A 37 N/A
ntp N/A 38 N/A
canna N/A 39 N/A
dip N/A 40 N/A
mailman N/A 41 67
xok N/A N/A 41
gdm N/A 42 N/A
trusted N/A N/A 42
xfs N/A 43 N/A
modem N/A N/A 43
mailnull N/A 47 N/A
apache N/A 48 N/A
wnn N/A 49 N/A
ftp N/A 50 49
smmsp N/A 51 N/A
lock N/A 54 N/A
ldap N/A 55 70
maildrop N/A N/A 59
man N/A N/A 62
pkcs11 N/A N/A 64
sshd N/A N/A 65
webalizer N/A 67 N/A
haldaemon N/A 68 N/A
snort N/A N/A 68
vcsa N/A 69 N/A
ntadmin N/A N/A 71
sshd N/A 74 N/A
radvd N/A 75 N/A
pcap N/A 77 N/A
fax N/A 78 N/A
dbus N/A 81 N/A
postfix N/A 89 51
postdrop N/A 90 N/A
quagga N/A 92 101
exim N/A 93 N/A
radiusd N/A 95 102
dovecot N/A 97 N/A
ident N/A 98 N/A
users N/A 100 100
htt N/A 101 N/A
quaggavt N/A 102 N/A
vscan N/A N/A 103
dump N/A N/A 104
nfsnobody N/A 65534 N/A

Recommended Links



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: September 12, 2017