Linux what is etc group

What is the purpose of `/etc/group-`

On a standard Linux distribution (e.g. Ubuntu) there is usually /etc/group and /etc/group- , where the second one is only readable by root. man group only describes /etc/group . Thus my question: What is the purpose of /etc/group- ?

2 Answers 2

It is a backup of the previous copy of the file that is version of the file before the last change. It is kept because it is very important file. You can delete it, but backups are a «good thing».

You can easily verify it. Try

# groupadd test # diff /etc/group /etc/group- 

There are other files also that are backed up the same way viz. /etc/passwd- /etc/shadow- .

All the user and group management utilities like useradd, usermod, userdel, groupmod, groupdel etc. create/update these backup files after successful execution of the command.

Ok, I guess this would be another reason to modify /etc/group via group-commands and not directly editing it.

I agree with @Sachin Divekar’s answer that this is a «backup file» but I needed more information as to how the file is created and how its permissions are set. On CentOS6, running usermod to change group membership was (re)creating /etc/group- with permissions of 0644 instead of «only readable as root» as described in the original question.

usermod (and all the other user/group management utilities mentioned by @Sachin Divekar) is part of the shadow-utils package (I found the sources for shadow-4.1.5.1) and after digging through the sources I found a #create_backup method in commonio.c (see it at github.com) that is used by all the user/group utilities. The backup file is named after the source file postfixed with a «-» (in this case, ‘/etc/group-‘), and the permissions of the backup file are set to the permissions of the source file &’ed with 0664.

This explains why—when /etc/group is chmod 0644—after running gpasswd or usermod to modify local group membership, /etc/group- is created if it doesn’t already exist and it is chmodded to 0644.

Источник

/etc/group Структура файла — что означает (формат записей). Данные о группа Linux

Файл /etc/group содержит имена групп, присутствующих в ОС Linux, и списки членов каждой группы.

Пример записи /etc/group

Например, в файле /etc/group может содержаться такая строка:

• в системе имеется группа daemon с идентификатором равным 2.
• В данную группу входят пользователи (трое):
  root, bin и daemon.

Структура /etc/group

Каждая запись файла /etc/group представляет одну группу и содержит 4 поля:

1. Имя группы. По умолчанию при создании нового пользователя создается также его группа с таким же именем, как и регистрационное имя пользователя.
2. Зашифрованный пароль или символ $х$, указывающий на использование файла /etc/gshadow;
3. Идентификатор группы. (число)
4. Список членов, разделенный запятыми без пробелов. : одноименный с названием группы пользователь может существовать в системе и входить в эту группу, но не быть перечисленным в этом списке. Сведения о том, что он в неё входит можно получить из /etc/passwd (об этом сказано ниже).

Также могут оказаться полезными следующие сведения:

• Как и в файле /etc/passwd, поля разделяются двоеточиями.
• Длина имени группы не должна превышать 8 символов из соображений совместимости, хотя в ОС Linux такого ограничения нет.
• Несмотря на наличие поля пароля (с помощью которого пользователи могут присоединиться к группе, выполнив команду newgrp) пароль задается редко. В большинстве случаев в это поле вводятся звездочки, но можно оставить его пустым.
• Команда newgrp не сменит группу без пароля, если только пользователь не указан как член этой группы.
• Если в файле /etc/passwd пользователь объявлен членом определенной группы, а в файле /etc/group -нет, пользователь все равно включается в группу. На этапе регистрации членство в группе проверяется по обоим файлам, но лучше согласовывать их содержимое.

Key Words for FKN + antitotal forum (CS VSU):

Источник

What is ETC Group file in Linux?

The /etc/group is a text file which defines the groups to which users belong under Linux and UNIX operating system. Under Unix / Linux multiple users can be categorized into groups. This method, amongst others, also enables the Superuser to delegate some administrative tasks to normal users.

What is group password in Linux?

A group password in Linux allows a user to temporarily (in a subshell) gain extra permissions of a group, after successfully entering the group password. Some of the disadvantages are: Sharing a password is not good; a password should be personal. You can also solve this by adding the user to a secondary group.

What is ETC shadow used for?

/etc/shadow is used to increase the security level of passwords by restricting all but highly privileged users’ access to hashed password data. Typically, that data is kept in files owned by and accessible only by the super user.

What is a group password?

The idea with a group password is that if you needed to gain access to a particular group (one that you weren’t listed as being a member of), you could do so using the newgrp command, and be challenged with a password to gain access to these alternative groups.

What is the use of group password?

Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.

What does Linux shadow file contain?

The /etc/shadow file stores actual password in encrypted format and other passwords related information such as user name, last password change date, password expiration values, etc,. It’s a text file and readable only by the root user and is therefore less of a security risk.

What is hidden in etc shadow?

To prevent this, the hashed passwords were eventually moved into a file readable only by root (and occasionally a privileged group of administrators), /etc/shadow . This hides the hashes from normal users of the system while keeping them available for user authentication purposes.

What is ETC in bash?

When Bash is invoked as an interactive login shell, or as a non-interactive shell with the –login option, it first reads and executes commands from the file /etc/profile, if that file exists. profile, in that order, and reads and executes commands from the first one that exists and is readable.

How do you set a password for a group in Linux?

Linux Groups Can Have Paswords To set up a new group with a password you can use the groupadd command with the -p parameter. Just to make things slightly tricky -p does not take a cleartext password but takes one already encrypted by crypt(3). The easiest way to create one of these is using openssl.

Popular

Источник

Understanding /etc/group file

/etc/group Defines the default system group entries for system groups that support some system-wide tasks, such as printing, network administration, or electronic mail. Many of these groups have corresponding entries in the /etc/passwd file. Because most of the linux systems use a UPG scheme, a new entry is automatically created in /etc/group when a new user is added. The group name is the same as the username.

Interpreting an /etc/group File Entry

This picture below provides an example of a default /etc/group file entry. Each entry in the /etc/group file contains four fields. A colon separates each field. The following is the format for an entry:

groupname:group-password:GID:username-list

Each entry in the /etc/group file contains four fields: The description and requirement for each field are as follows:

Field	Purpose
groupname	Contains the name assigned to the group.
group-password (x)	x in this field indicates that shadow passwords are used.
GID	Contains the group’s GID number.
username-list	List of users that are members of the group

Each group can have multiple users. Users can also belong to more than one group. The GID stored in the user’s entry in /etc/passwd is the user’s primary group.

Group Account Administration

1. Use the groupadd command to add a group account:

# groupadd [options] group_name

Example: To add a user (tom) to a group (students):

2. Use the groupmod command to modify a group account:

# groupmod [options] group_name

3. Use the gpasswd command to administer group accounts:

# gpasswd [options] group_name

4. Use the groupdel command to delete a group account. The syntax is:

You can remove groups even if there are members in the group. You cannot remove the primary group of any existing user. You must remove the user before removing the group.

5. Use the gpasswd command to administer /etc/group and /etc/gshadow. Every group can have administrators, members, and a password. The syntax is:

# gpasswd [options] group_name

The groups command

The groups command displays the groups that a user belongs to. The following example illustrates that user oracle belongs to two groups, oracle (primary group) and students (secondary group):

# grep oracle /etc/passwd oracle:x:1000:1000:Oracle DBA:/home/oracle/bin/bash

# grep oracle /etc/group oracle:x:1000: students:x:1056:student1,student2,oracle

The groups command (logged on as oracle) verifies these group memberships.

$ whoami oracle $ groups oracle students

The newgrp command

The newgrp command executes a new shell and changes a user’s real group identification. The following example illustrates the group ID before and after running the command. It also illustrates that a new shell is executed.

$ id uid=1000(oracle) gid=1000(oracle) groups=1000(oracle),1066(students).

Note that the gid equals 1000(oracle).

$ ps PID TTY TIME CMD 20279 pts/0 00:00:00 bash 20411 pts/0 00:00:00 ps

$ id uid=1000(oracle) gid=1066(students) groups=1000(oracle),1066(students).

Note that the gid now equals 1066(students). Also note that a new shell was executed:

$ ps PID TTY TIME CMD 20279 pts/0 00:00:00 bash 20464 pts/0 00:00:00 bash 20486 pts/0 00:00:00 ps

Note : The newgrp command does not recognize group ID numbers and you can only change your real group name to a group that you are a member of. Running the command without an argument sets the real group identification to the user’s primary group.

Some more articles you might also be interested in …

Источник