Skip to main content

Managing Supplementary Groups

A group must exist before a user can be added to that group. Several command-line tools are used to manage local group accounts.
groupadd Creates Groups
  • groupadd groupname without options uses the next available GID from the range specified in the /etc/login.defs file.
  • The -g GID option is used to specify a specific GID. 
    [student@serverX ~]$ sudo groupadd -g 5000 ateam

    Note

    Given the automatic creation of user private groups (GID 1000+), it is generally recommended to set aside a range of GID numbers to be used for supplementary groups. A higher range will avoid a collision with a system group (GID 0-999).
  • The -r option will create a system group using a GID from the range of valid system GID numbers listed in the /etc/login.defs file. 
    [student@serverX ~]$ sudo groupadd -r appusers
groupmod Modifies Existing Groups
  • The groupmod command is used to change a group name to a GID mapping. The -n option is used to specify a new name. 
    [student@serverX ~]$ sudo groupmod -n javaapp appusers
  • The -g option is used to specify a new GID. 
    [student@serverX ~]$ sudo groupmod -g 6000 ateam
groupdel Deletes a Group
  • The groupdel command will remove a group. 
    [student@serverX ~]$ sudo groupdel javaapp
  • A group may not be removed if it is the primary group of any existing user. As with userdel, check all file systems to ensure that no files remain owned by the group.
usermod Alters Group Membership
  • The membership of a group is controlled with user management. Change a user's primary group with usermod -g groupname. 
    [student@serverX ~]$ sudo usermod -g student student
  • Add a user to a supplementary group with usermod -aG groupname username. 
    [student@serverX ~]$ sudo usermod -aG wheel elvis

    Important

    The use of the -a option makes usermod function in "append" mode. Without it, the user would be removed from all other supplementary groups.


Guided Exercise: Managing Groups Using Command-line Tools

In this exercise, you will add users to newly created supplementary groups.
Outcomes
  • The shakespeare group consists of users juliet, romeo, and hamlet.
  • The artists group consists of users reba, dolly, and elvis.
Before You Begin
Start your Amazon EC2 instance and use ssh to log in as the user ec2-user. It is assumed that ec2-user can use sudo to run commands as root.
Steps
  1. Become the root user at the shell prompt.
    [ec2-user@ip-192-0-2-1 ~]$ sudo su -
  2. Create a supplementary group called shakespeare with a group ID of 30000.
    [root@ip-192-0-2-1 ~]# groupadd -g 30000 shakespeare
  3. Create a supplementary group called artists.
    [root@ip-192-0-2-1 ~]# groupadd artists
  4. Confirm that shakespeare and artists have been added by examining the /etc/group file. 
    [root@ip-192-0-2-1 ~]# tail -5 /etc/group
reba:x:1004:
dolly:x:1005:
elvis:x:1006:
shakespeare:x:30000:
artists:x:30001:
  5. Add the juliet user to the shakespeare group as a supplementary group.
    [root@ip-192-0-2-1 ~]# usermod -G shakespeare juliet
  6. Confirm that juliet has been added using the id command. 
    [root@ip-192-0-2-1 ~]# id juliet
uid=1001(juliet) gid=1001(juliet) groups=1001(juliet),30000(shakespeare)
  7. Continue adding the remaining users to groups as follows:
    • Add romeo and hamlet to the shakespeare group.
      [root@ip-192-0-2-1 ~]# usermod -G shakespeare romeo
[root@ip-192-0-2-1 ~]# usermod -G shakespeare hamlet
    • Add reba, dolly, and elvis to the artists group.
      [root@ip-192-0-2-1 ~]# usermod -G artists reba
[root@ip-192-0-2-1 ~]# usermod -G artists dolly
[root@ip-192-0-2-1 ~]# usermod -G artists elvis
    • Verify the supplemental group memberships by examining the /etc/group file. 
      [root@ip-192-0-2-1 ~]# tail -5 /etc/group
reba:x:1004:
dolly:x:1005:
elvis:x:1006:
shakespeare:x:30000:juliet,romeo,hamlet
artists:x:30001:reba,dolly,elvis
  8. This concludes this exercise. Log out and stop your Amazon EC2 instance.


Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

The Seven-Step Model of Migration

Irrespective of the migration approach adopted, the Seven-step Model of Cloud Migration creates a more rational point of view towards the migration process and offers the ability to imbibe several best practices throughout the journey Step 1: Assess Cloud migration assessments are conducted to understand the complexities in the migration process at the code, design and architectural levels. The investment and the recurring costs are also evaluated along with gauging the tools, test cases, functionalities and other features related to the configuration. Step 2: Isolate The applications to be migrated to the cloud from the internal data center are freed of dependencies pertaining to the environment and the existing system. This step cuts a clearer picture about the complexity of the migration process. Step 3: Map Most organisations hold a detailed mapping of their environment with all the systems and applications. This information can be used to distinguish between the ...
Post a Comment
Read more

Cloud Computing architecture

Cloud computing architecture refers to all components and sub-components that together form the structure of the cloud computing system. This architecture can be divided into three parts for better understanding – front end, back end and middleware. Each part of the cloud architecture has its own set of functionalities and protocols that work together to deliver on-demand services to user-facing hardware as well as software. In general, the architecture is evolved out of large distributed network applications over the last two decades. Hence it supports any system where resources can be pooled and partitioned as required. The general cloud architecture is capable of running multiple software applications running on multiple virtual hardware in multiple locations to efficiently render on-demand services to the users. The users could be using these software applications from their desktop or laptop or mobile or tablets. Usually, whatever the user is looking at – through t...
Post a Comment
Read more

connection oriented

connection-oriented:- connection-oriented  describes a means of transmitting data in which the devices at the end points use a preliminary  protocol  to establish an end-to-end connection before any data is sent. Connection-oriented protocol service is sometimes called a "reliable" network service, because it guarantees that data will arrive in the proper sequence. Transmission Control Protocol ( TCP ) is a connection-oriented protocol. For connection-oriented communications, each end point must be able to transmit so that it can communicate. The alternative to connection-oriented transmission is the  connection-less  approach, in which data is sent from one end point to another without prior arrangement. Connection-less protocols are usually described as  stateless  because the end points have no protocol-defined way to remember where they are in a "conversation" of message exchanges. Because they can keep track of a conversation, connection-or...
Post a Comment
Read more

tag