Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

FreeBSD Handbook
Prev Chapter 13 Users and Basic Account Management Next

13.8 Groups

A group is simply a list of users. Groups are identified by their group name and GID (Group ID). In FreeBSD (and most other UNIX® like systems), the two factors the kernel uses to decide whether a process is allowed to do something is its user ID and list of groups it belongs to. Unlike a user ID, a process has a list of groups associated with it. You may hear some things refer to the “group ID” of a user or process; most of the time, this just means the first group in the list.

The group name to group ID map is in /etc/group. This is a plain text file with four colon-delimited fields. The first field is the group name, the second is the encrypted password, the third the group ID, and the fourth the comma-delimited list of members. It can safely be edited by hand (assuming, of course, that you do not make any syntax errors!). For a more complete description of the syntax, see the group(5) manual page.

If you do not want to edit /etc/group manually, you can use the pw(8) command to add and edit groups. For example, to add a group called teamtwo and then confirm that it exists you can use:

Example 13-7. Adding a Group Using pw(8)

# pw groupadd teamtwo
# pw groupshow teamtwo
teamtwo:*:1100:

The number 1100 above is the group ID of the group teamtwo. Right now, teamtwo has no members, and is thus rather useless. Let's change that by inviting jru to the teamtwo group.

Example 13-8. Setting the List of Members of a Group Using pw(8)

# pw groupmod teamtwo -M jru
# pw groupshow teamtwo
teamtwo:*:1100:jru

The argument to the -M option is a comma-delimited list of users who are to be in the group. From the preceding sections, we know that the password file also contains a group for each user. The latter (the user) is automatically added to the group list by the system; the user will not show up as a member when using the groupshow command to pw(8), but will show up when the information is queried via id(1) or similar tool. In other words, pw(8) only manipulates the /etc/group file; it will never attempt to read additionally data from /etc/passwd.

Example 13-9. Adding a New Member to a Group Using pw(8)

# pw groupmod teamtwo -m db
# pw groupshow teamtwo
teamtwo:*:1100:jru,db

The argument to the -m option is a comma-delimited list of users who are to be added to the group. Unlike the previous example, these users are added to the group and do not replace the list of users in the group.

Example 13-10. Using id(1) to Determine Group Membership

% id jru
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)

As you can see, jru is a member of the groups jru and teamtwo.

For more information about pw(8), see its manual page, and for more information on the format of /etc/group, consult the group(5) manual page.

Prev Home Next
Limiting Users Up Security

 
 
  Published under the terms of the FreeBSD Document Project