Skip to main content

Managing Supplementary Groups

A group must exist before a user can be added to that group. Several command-line tools are used to manage local group accounts.
groupadd Creates Groups
  • groupadd groupname without options uses the next available GID from the range specified in the /etc/login.defs file.
  • The -g GID option is used to specify a specific GID. 
    [student@serverX ~]$ sudo groupadd -g 5000 ateam

    Note

    Given the automatic creation of user private groups (GID 1000+), it is generally recommended to set aside a range of GID numbers to be used for supplementary groups. A higher range will avoid a collision with a system group (GID 0-999).
  • The -r option will create a system group using a GID from the range of valid system GID numbers listed in the /etc/login.defs file. 
    [student@serverX ~]$ sudo groupadd -r appusers
groupmod Modifies Existing Groups
  • The groupmod command is used to change a group name to a GID mapping. The -n option is used to specify a new name. 
    [student@serverX ~]$ sudo groupmod -n javaapp appusers
  • The -g option is used to specify a new GID. 
    [student@serverX ~]$ sudo groupmod -g 6000 ateam
groupdel Deletes a Group
  • The groupdel command will remove a group. 
    [student@serverX ~]$ sudo groupdel javaapp
  • A group may not be removed if it is the primary group of any existing user. As with userdel, check all file systems to ensure that no files remain owned by the group.
usermod Alters Group Membership
  • The membership of a group is controlled with user management. Change a user's primary group with usermod -g groupname. 
    [student@serverX ~]$ sudo usermod -g student student
  • Add a user to a supplementary group with usermod -aG groupname username. 
    [student@serverX ~]$ sudo usermod -aG wheel elvis

    Important

    The use of the -a option makes usermod function in "append" mode. Without it, the user would be removed from all other supplementary groups.


Guided Exercise: Managing Groups Using Command-line Tools

In this exercise, you will add users to newly created supplementary groups.
Outcomes
  • The shakespeare group consists of users juliet, romeo, and hamlet.
  • The artists group consists of users reba, dolly, and elvis.
Before You Begin
Start your Amazon EC2 instance and use ssh to log in as the user ec2-user. It is assumed that ec2-user can use sudo to run commands as root.
Steps
  1. Become the root user at the shell prompt.
    [ec2-user@ip-192-0-2-1 ~]$ sudo su -
  2. Create a supplementary group called shakespeare with a group ID of 30000.
    [root@ip-192-0-2-1 ~]# groupadd -g 30000 shakespeare
  3. Create a supplementary group called artists.
    [root@ip-192-0-2-1 ~]# groupadd artists
  4. Confirm that shakespeare and artists have been added by examining the /etc/group file. 
    [root@ip-192-0-2-1 ~]# tail -5 /etc/group
reba:x:1004:
dolly:x:1005:
elvis:x:1006:
shakespeare:x:30000:
artists:x:30001:
  5. Add the juliet user to the shakespeare group as a supplementary group.
    [root@ip-192-0-2-1 ~]# usermod -G shakespeare juliet
  6. Confirm that juliet has been added using the id command. 
    [root@ip-192-0-2-1 ~]# id juliet
uid=1001(juliet) gid=1001(juliet) groups=1001(juliet),30000(shakespeare)
  7. Continue adding the remaining users to groups as follows:
    • Add romeo and hamlet to the shakespeare group.
      [root@ip-192-0-2-1 ~]# usermod -G shakespeare romeo
[root@ip-192-0-2-1 ~]# usermod -G shakespeare hamlet
    • Add reba, dolly, and elvis to the artists group.
      [root@ip-192-0-2-1 ~]# usermod -G artists reba
[root@ip-192-0-2-1 ~]# usermod -G artists dolly
[root@ip-192-0-2-1 ~]# usermod -G artists elvis
    • Verify the supplemental group memberships by examining the /etc/group file. 
      [root@ip-192-0-2-1 ~]# tail -5 /etc/group
reba:x:1004:
dolly:x:1005:
elvis:x:1006:
shakespeare:x:30000:juliet,romeo,hamlet
artists:x:30001:reba,dolly,elvis
  8. This concludes this exercise. Log out and stop your Amazon EC2 instance.


Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

Special Permissions in linux

The setuid permission on an executable file means that the command will run as the user owning the file, not as the user that ran the command. One example is the passwd command: [student@desktopX ~]$ ls -l /usr/bin/passwd -rw s r-xr-x. 1 root root 35504 Jul 16 2010 /usr/bin/passwd In a long listing, you can spot the setuid permissions by a lowercase s where you would normally expect the x (owner execute permissions) to be. If the owner does not have execute permissions, this will be replaced by an uppercase S . The special permission setgid on a directory means that files created in the directory will inherit their group ownership from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories to automatically change a file from the default private group to the shared group, or if files in a directory should be...
Post a Comment
Read more

The Seven-Step Model of Migration

Irrespective of the migration approach adopted, the Seven-step Model of Cloud Migration creates a more rational point of view towards the migration process and offers the ability to imbibe several best practices throughout the journey Step 1: Assess Cloud migration assessments are conducted to understand the complexities in the migration process at the code, design and architectural levels. The investment and the recurring costs are also evaluated along with gauging the tools, test cases, functionalities and other features related to the configuration. Step 2: Isolate The applications to be migrated to the cloud from the internal data center are freed of dependencies pertaining to the environment and the existing system. This step cuts a clearer picture about the complexity of the migration process. Step 3: Map Most organisations hold a detailed mapping of their environment with all the systems and applications. This information can be used to distinguish between the ...
Post a Comment
Read more

RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version

import tweepy /usr/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version!   RequestsDependencyWarning) Traceback (most recent call last):   File "<stdin>", line 1, in <module>   File "/usr/local/lib/python2.7/dist-packages/tweepy/__init__.py", line 14, in <module>     from tweepy.api import API   File "/usr/local/lib/python2.7/dist-packages/tweepy/api.py", line 12, in <module>     from tweepy.binder import bind_api   File "/usr/local/lib/python2.7/dist-packages/tweepy/binder.py", line 11, in <module>     import requests   File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 97, in <module>     from . import utils   File "/usr/lib/python2.7/dist-packages/requests/utils.py", line 26, in <module>     from ._internal_utils import to...
Post a Comment
Read more

tag