As we all know, Linux is a multi-user system, where each user is assigned their own operation rights.
However, if you think about a company’s organizational structure, there are often many members at the same level with the same rights, such as “see the files of the department they belong to.” Similarly, on Linux, many users have common permissions.
In Linux, users can be managed by user group. That is, permissions are assigned to user groups. After a user is added to a user group, the user has the permissions of the user group. User groups provide a more efficient way to allocate rights for unified management.
There are two types of Linux user groups: primary group and additional group.
The main groups:
The initial group is also called an initial group. The rules are as follows:
-
When a user is created, if the primary group to which the user belongs is not specified, the system creates a group with the same user name as the primary group of the user
-
When a user creates a file, the owning group of the file is the primary group of the current user
-
When using the useradd command, you can specify a primary group with the -g parameter. In this case, a primary group with the same name will not be created by default
-
A user can belong to only one primary group
-
The primary group of a user cannot be deleted
-
A user cannot be removed from a primary group, but can be changed from a primary group
-
If the primary group of a deleted user has no other users, the primary group will be automatically deleted
Additional set of
Other groups can be switched after login. The rules are as follows:
-
You can specify additional groups with the -g argument when using the useradd command
-
Users can belong to zero or more additional groups
-
Additional groups and primary groups of users can be the same
-
Additional groups can be deleted regardless of whether they belong to the user
-
You can add or remove any user to an additional group
-
When a user is deleted, the affiliated group to which the user belongs is not affected
Operation demo
- To view
/etc/passwdfile
There is one record for each user, including 7 fields: user name, password (hidden x), user ID, user group ID, user description, user home directory, and user default shell
cat /etc/passwd
user1:x:1002:1002::/home/user1:/bin/bash
Copy the code- To view
/etc/groupfile
One record for each group, with four fields: name, password, group ID, and list of users in the group (only users who use this group as an additional group are displayed)
cat /etc/group
user1:x:1002:
Copy the code- Example Modify the primary group of a user
usermod -g group1 user1
cat /etc/passwd
user1:x:1002:1003::/home/user1:/bin/bash
Copy the code- Add a user to an affiliate group
You are advised to use the gpasswd command instead of the usermod command, because the usermod -g command will clear all the previous subordinate groups if the subordinate groups of all users are not written
groupadd group2
gpasswd -a user1 group2
Adding user user1 to group group2
cat /etc/group
group2:x:1004:user1
Copy the code- The primary group of a user cannot be deleted
groupdel user1
groupdel: cannot remove the primary group of user 'user1'
Copy the code- Delete the subordinate group directly
Cat /etc/group group2:x:1004:user1 groupdel group2 cat /etc/group No record exists in /etc/groupCopy the code- When creating a user, specify the primary group and additional group to which the user belongs
-g: indicates the primary group to which the user belongs. -g: indicates the additional group to which the user belongs. -m: indicates that the primary directory is not created
useradd -g group1 -G group2 -M user3
cat /etc/passwd
user3:x:1003:1003::/home/user3:/bin/bash
cat /etc/group
group2:x:1004:user3
Copy the codeLinux Passwd Command examples (landoflinux.com)