Linux user default groups

Users and groups

Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.

Overview

A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.

Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.

Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».

Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.

Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.

Permissions and ownership

The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.

A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.

Читайте также:  Network troubleshoot in linux

Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:

total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux

The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.

total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared

In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command:

Источник

Default groups for user in Ubuntu?

Installed HP Linux Imaging and Printing by using install script and something crashed. Now I’m only member of my own group and lp . Which are the default groups for users in for example Ubuntu 12.10? Same as this? Out of curiosity, is there some place where this information is logged? For example, some log file showing which groups my user was on previous boot? Is this information, (which groups are default), documented somewhere?

2 Answers 2

A) Short answer

Default groups; say for user123, on fresh install — (use command groups in a terminal):

user123 adm cdrom sudo dip plugdev lpadmin sambashare 

To get/view defaults. Would probably work for various others too; do:

sudo grep user-setup /var/log/installer/syslog 

B) Restoring default groups

(Adding this to make it more complete)

1. Identifying the groups

I always set root password, but if you haven’t use a live CD, live USB, other install etc. to get to the file.

If you have set root password (by i.e.):

and have lost sudo privileges do:

su - root grep user-setup /var/log/installer/syslog 
. user-setup: pwconv: failed to change the mode of /etc/passwd- to 0600 . user-setup: Shadow passwords are now on. . user-setup: Adding user `user123' . . user-setup: Adding new group `user123' (1000) . . user-setup: Adding new user `user123' (1000) with group `user123' . . user-setup: Creating home directory `/home/user123' . . user-setup: Copying files from `/etc/skel' . . user-setup: addgroup: The group `lpadmin' already exists as a system group. Exiting. . user-setup: Adding group `sambashare' (GID 124) . . user-setup: Done. . user-setup: Adding user `user123' to group `adm' . . user-setup: Adding user user123 to group adm . user-setup: Done. . user-setup: Adding user `user123' to group `cdrom' . . user-setup: Adding user user123 to group cdrom . user-setup: Done. . user-setup: Adding user `user123' to group `dip' . . user-setup: Adding user user123 to group dip . user-setup: Done. . user-setup: Adding user `user123' to group `lpadmin' . . user-setup: Adding user user123 to group lpadmin . user-setup: Done. . user-setup: Adding user `user123' to group `plugdev' . . user-setup: Adding user user123 to group plugdev . user-setup: Done. . user-setup: Adding user `user123' to group `sambashare' . . user-setup: Adding user user123 to group sambashare . user-setup: Done. . user-setup: adduser: The group `debian-tor' does not exist. . user-setup: Adding user `user123' to group `sudo' . . user-setup: Adding user user123 to group sudo . user-setup: Done. . ubiquity: Removing user-setup . . ubiquity: Purging configuration files for user-setup . 
su - root grep "user-setup: Adding user user123 to group" /var/log/installer/syslog | cut -d' ' -f11 
adm cdrom dip lpadmin plugdev sambashare sudo 

(No idea why dip suddenly has become a default group by install. Something to do with dialout being removed?)

Читайте также:  Установка драйверов wifi linux mint 19

2.a Updating groups — using «built-in» root access

So do, as root, to add groups to user, i.e. user user123 :

usermod -a -G adm,cdrom,lpadmin,sudo,sambashare,dip,plugdev user123 
adm Monitor system logs cdrom Use CD-ROM drives lpadmin Configure printers sudo administer the system, . sambashare Share files with the local network dip Connect to the Internet using a modem plugdev Access external storage devices 

Some extras you might need: (check what you have by root@YOURPC:~# id -nG user123 )

dialout ttyS*/Serial/COM1,COM2 . vboxusers Virtual Box user123 Your own group 

If you want; double-check /etc/group , i.e. (here with some extras):

root@YOURPC:~# grep user123 /etc/group adm:x:4:user123 audio:x:29:user123,timidity,pulse video:x:44:user123 lp:x:7:user123 dialout:x:20:user123 cdrom:x:24:user123 sudo:x:27:user123 dip:x:30:user123 plugdev:x:46:user123 lpadmin:x:107:user123 user123:x:1000: sambashare:x:124:user123 vboxusers:x:127:user123 autologin:x:1001:user123 

As an alternative one can boot in to rescue mode and

mount -o remount,rw / usermod -G adm,cdrom,lpadmin,sudo,sambashare,dip,plugdev user123 

Log out and log in. Groups should be updated.

2.b Updating groups — using root access from Live-CD etc.

xxx here is where your file-system is mounted when running a live edition, i.e. /media/foo .

Manually edit the file /xxx/etc/group using vigr and add user as in previous listing.

Or; only add user to sudo; as in:

Boot into your installation and update by executing the usermod command with sudo :

sudo usermod -a -G adm,cdrom,lpadmin,sudo,sambashare,dip,plugdev user123 

Log out and log in. Groups should be updated.

Double Note: admin is no longer part of Ubuntu as of 11.10 in favour of sudo .

Источник

How can I change a user’s default group in Linux?

I’ve just finished reading the user administration book in the Linux/Unix Administrator’s handbook, but some things are still a little hazy. Basically useradd seems straight forward enough:

useradd -c "David Hilbert" -d /home/math/hilbert -g faculty -G famous -m -s /bin/sh hilbert 
  1. Would this command still work if the groups faculty and famous did not exist? Would it just create them?
  2. If not, what command do I use to create new groups?
  3. If I remove the user hilbert and there are no other users in those groups, will they still exist? Should I remove them?
  4. After I run the useradd command above, how do I remove David from the famous group, and reassign his primary group to hilbert which does not yet exist?
Читайте также:  Linux для нетбуков samsung

5 Answers 5

The usermod command will allow you to change a user’s primary group, supplementary group or a number of other attributes. The -g switch controls the primary group.

  1. If you specify a group, groupname , that does not exist during the useradd stage, you will receive an error — useradd: unknown group groupname
  2. The groupadd command creates new groups.
  3. The group will remain if you remove all users contained within. You don’t necessarily have to remove the empty group.
  4. Create the hilbert group via groupadd hilbert . Then move David’s primary group using usermod -g hilbert hilbert . (Please note that the first hilbert is the group name and the second hilbert is the username. This is important in cases, where you are moving a user to a group with a different name)

You may be complicating things a bit here, though. In many Linux distributions, a simple useradd hilbert will create the user hilbert and a group of the same name as the primary. I would add supplementary groups specified together using the -G switch.

thanks. if i do usermod -g hilbert hilbert will that remove hilbert’s other groups? If so, how would I keep those other groups?If not, wow would I remove him from his other groups?

@MIck’s answer gets my upvote because he points out that you need to use -a with -G (otherwise any group you leave off will be removed)

You need to read the man usermod which explains what happens with the various options:

will replace your login group from ‘faculty’ to ‘hilder’, as long as the group ‘hilder’ exists. If it doesn’t exist then you first need to create it with groupadd.

When you use the -G option you should also use the -a option to append new groups to the current list of supplementary groups that user ‘hilder’ belongs. Without the -a option you will replace current supplementary groups with a new group set. Therefore use this cautiously.

To change a user’s primary group in Linux:

  • usermod -g new_group user_name
  • terminate alluser_name‘s active sessions

To test your changes run id and look at the value of gid=

If the command runs without errors but the gid hasn’t change you’ve missed the bold part of step 2.

answer #1 is good, still you could also choose to issue the following to add a new group:

The downside of editing /etc/group directly is that you will have to come up with an unused GID (group ID number).

The following will allow you to change the primary group of a user. # nano /etc/passwd

You locate the line of the user, and change the GID (group number, look it up in /etc/group ), keep in mind that the syntax is as follows:

There is no downside I can think of to this approach (provided you know the GID), it is what I frequently use for local users, mainly because I use many different UNIX systems with differing usermod , adduser , and useradd command options.

It is a bit more manual, however does the job. Note that you can use vi iso nano to edit the files, if you know vi .

Источник

Оцените статью
Adblock
detector