- Create a file as a different user and group
- How to create, delete, and modify groups in Linux
- Training & certification
- Create and modify groups
- Change the group ID
- Great Linux resources
- Rename a group
- Add and remove users from a group
- How To Create Groups In Linux?
- List Groups
- Create Group with groupadd Command
- “Group Allready Exists” Error
- Create Group with Specific GID (Group ID)
- “GID allready exists” Error
- Create System Group
- Create Group with Password
- Add User To The Group
Create a file as a different user and group
I have a bash script that has to rsync to download files writing them locally, and then needs to set the owner to apache, and the group to a particular user group (that apache is not a member of). Is there a way to create those files with those ownerships as they’re being written by the rsync process, without having to go through and change them after the fact using chown? There are so many files that the time it takes to go through them later is prohibitive. I have to do this for multiple user groups, so I shouldn’t be adding apache to these groups, and certainly can’t make all of them the default group. In other words: is there a way root can create a file as user X and group Y when X is not a member of Y? I’ve tried using runuser, but I’m unable to set the group (presumably because apache doesn’t belong to the group). I know you can use chmod to change permissions and add any user/group combination. What I’m asking is if there is a way to open a file for writing and use any user/group combo while creating it. Attempt using sudo:
[root@centos7 tmp]# groups angelo angelo : angelo wheel [root@centos7 tmp]# groups apache apache : apache [root@centos7 tmp]# sudo -u angelo -g apache touch angelo-file Sorry, user root is not allowed to execute '/bin/touch angelo-file' as angelo:apache on centos7 [root@centos7 tmp]# ls -ld angelo-file ls: cannot access angelo-file: No such file or directory [root@centos7 tmp]# sudo -u angelo -g angelo touch angelo-file [root@centos7 tmp]# ls -ld angelo-file -rw-r--r-- 1 angelo angelo 0 Nov 12 03:13 angelo-file That question is asking about the filesystem. You can chmod the file to give any user/group you want. I want to know if you can open a file descriptor acting as any user/group combo. If it is possible, then I haven’t found out how.
I mean using normal Linux tools or commands. I would accept an answer that could verify that you could only do this in C because no tools exist. But I also wouldn’t be surprised if you can’t even do it in C and this is not an available request through the API. sudo with -g will work if the user is a member of the group, but seems to be disallowed if not.
How to create, delete, and modify groups in Linux
Groups are an essential part of the Linux permission structure and a powerful way to manage file access on your system.
In Linux, groups are collections of users. Creating and managing groups is one of the simplest ways to deal with multiple users simultaneously, especially when dealing with permissions. The /etc/group file stores group information and is the default configuration file.
[ Keep your most commonly used commands handy with the Linux commands cheat sheet. ]
Linux admins use groups to assign access to files and other resources. Every group has a unique ID listed in the /etc/group file, along with the group name and members. The first groups listed in this file are system groups because the distribution maintainers preconfigure them for system activities.
Each user may belong to one primary group and any number of secondary groups. When you create a user on Linux using the useradd command, a group with the same name as the username is also created, and the user is added as the group’s sole member. This group is the user’s primary group.
Training & certification
Create and modify groups
To add a group in Linux, use the groupadd command:
When a group is created, a unique group ID gets assigned to that group. You can verify that the group appears (and see its group ID) by looking in the /etc/group file.
If you want to create a group with a specific group ID (GID), use the —gid or -g option:
$ sudo groupadd -g 1009 demo1If group ID 1009 is already allocated to another group, you’re alerted that the GID is unavailable and the operation aborts. Rerun it with a different group ID number:
$ sudo groupadd -g 1010 demo1Change the group ID
You can change the group ID of any group with the groupmod command and the —gid or -g option:
$ sudo groupmod -g 1011 demo1Great Linux resources
Rename a group
You can rename a group using groupmod with the —new-name or -n option:
$ sudo groupmod -n test demo1Verify all these changes from the /etc/group file.
Add and remove users from a group
Suppose you have existing users named user1 and user2, and you want to add them to the demo group. Use the usermod command with the —append —groups options ( -a and -G for short):
$ sudo usermod --append --groups demo user1 $ sudo usermod -aG demo user2Look in the /etc/group file or use the id command to confirm your changes:
$ id user1 uid=1005(user1) gid=1005(user1) groups=100(users),1009(demo)To remove a specific user from a group, you can use the gpasswd command to modify group information:
$ sudo gpasswd --delete user1 demoAlternatively, manually edit the /etc/group file and remove the user from any number of groups.
How To Create Groups In Linux?
Linux and its distributions provide the groups in order to manage and organize users. The most popular use case for the Linux groups is setting read, write, and execute privileges of the files and directories according to the group. By using Linux groups a file can be shared with the other group users by setting specific access privileges. The Linux groups also used the sudo command to configure sudoers privileges. The groupadd command is used to add a new group in Linux.
List Groups
Before adding a group list existing groups is a good habit. There are different ways to list existing groups. The bash “env groups” command can be used to list existing groups like below.
The output is like below. The group names listed with the shell and group ID information.
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,ismail tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:ismail floppy:x:25: tape:x:26: sudo:x:27:ismail .
Create Group with groupadd Command
In order to add group the groupadd command is used. This command requires root privilege as this a system related change. The sudo command should be added to add a group as a regular user. The groupadd command has the followion syntax.
- OPTION is used to provide some options or group add operation. This is optional.
- NAME is the group name we want to add. This is required.
Now lets a brand new group named “linuxtect”.
If the addition is completed succesfully there will be no output. The new group named will be added to the end of the /etc/group file where we can check like below.
The group list like below. We can see that the linuxtect group is at the bottom. The GID (group ID) of the linuxtect is 1003.
. sambashare:x:133:ismail systemd-coredump:x:999: mlocate:x:134: lightdm:x:135: nopasswdlogin:x:136: xrdp:x:137: ali:x:1001: ahmet:x:1002: wireshark:x:138: mysql:x:139: linuxtect:x:1003:
“Group Allready Exists” Error
While adding a new group we may get the following “group already exists” error. As we can expect provided group name already exists and used.
groupadd: group 'linuxtect' adready exists
We can suppress this message and force the group creation which will overwrite the previous group with the -f option. The -f option is used to force group creation even errors.
Alternatively the –force option can be used too. The –force is the long form of the -f option.
Create Group with Specific GID (Group ID)
GID or Group ID or Group identifier is used to identify the group with a number. Every group has a different GID. By default when a new group is created with the groupadd command a unique GID is generated and assigned into the new group. The system groups generally have GID between 0 – 1000 and user created group IDs start from 1000 and increased. But we can specify a specific group ID for the groupadd command. The -g option is used to specify and set group ID for the new group.
sudo groupadd -g 1111 linuxtect“GID allready exists” Error
If specified GID already exists and used by another group we will get the “groupadd: GID ‘1111’ already exists” error. We can prevent or solve this error by making the GID non-unique with the -o option like below.
sudo groupadd -o -g 1111 linuxtectCreate System Group
Some Linux groups are called a system group. System group is used to manage system users and privileges which are generally not used by the regular users. System groups used to create backups, system maintenance, accessing devices, etc. System groups use the GID between 0 and 1000 which is defined in login.defs configuration file. We can also create a system group. In order to create a system group with the groupadd command, the -r option is used.
Alternatively the –system option can be used to create a system group which is the long form of the -r option.
Create Group with Password
Like a regular user a group can be used with a password. Even it may seem more secure it is not practical and every user should know the password. But if you wan you can create a gorup with a password by using the -p option like below. After the -p option the group password is specified.
sudo groupadd -p s3cr3tpass linuxtectAdd User To The Group
A user can be added to the group with the usermod command. The -a option is used to add the user into the group which is specified with the -G option. In the following example, we will add the user ismail into the group named linuxtect.
sudo usermod -a -G linuxtect ismail