In this lesson, we will explore how to manage groups on a Linux/Unix system. This involves creating groups, adding and removing users from groups, and deleting groups. Additionally, we will delve into the structure of the /etc/group and /etc/gshadow files.

Creating a Group

groupadd (Create New Group) Let's start by creating a new group named developers:

sudo groupadd developers  # Creates a new group

The /etc/group File

Each line in the /etc/group file represents a single group on the system and is divided into four fields separated by colons (:). The format is as follows:

groupName:password:groupID:userList

1. groupName:
   • This field specifies the name of the group. It is the identifier used when assigning group permissions or adding users to groups.
2. password:
   • This field traditionally held the encrypted password for the group. However, in modern systems, this field is usually set to x, indicating that the actual encrypted password is stored in the /etc/gshadow file for enhanced security.
3. groupID (GID):
   • This field holds the unique numeric ID assigned to the group. This Group ID (GID) is used by the system to manage group permissions and memberships.
4. userList:
   • This field contains a comma-separated list of usernames who are members of the group. If a user is added to a group, their username will appear in this list. Othewise this will remain empty.

Let's search the /etc/group file for our developers group:

grep "developers" /etc/group

And the output of that command:

developers:x:1003:

In this example:

1. developers:
   • This is the name of the group. In this case, the group is called "developers."
2. x:
   • This entry in the password field indicates that the actual encrypted password for the group is stored in the /etc/gshadow file for better security, as opposed to being stored directly in the /etc/group file.
3. 1003:
   • This is the unique Group ID (GID) assigned to the "developers" group. The system uses this numeric identifier for managing group permissions and memberships.
4. (The last field is empty):
   • The absence of any usernames in the last field, which is meant for listing the members of the group, indicates that there are currently no users assigned to the "developers" group.

Adding a User to a Group

usermod (Modify User Group Membership) Now, let’s add a user named john_doe to the developers group:

sudo usermod -aG developers john_doe  # Adds john_doe to the developers group

Now that we have added the user above, we can group /etc/group for "developers" and we will see the user listed there:

grep "developers" /etc/group
# developers:x:1003:john_doe

Removing a User from a Group

gpasswd (Manage Group Memberships) If we need to remove john_doe from the developers group, we can do so with the following command:

sudo gpasswd -d john_doe developers  # Removes john_doe from the developers group

The /etc/gshadow File

The /etc/gshadow file contains secure group account information. Each line in the file represents a group and contains four fields separated by colons (:).

groupName:password:adminList:userList

• groupName: The name of the group.
• password: The encrypted password of the group.
• adminList: A comma-separated list of group administrators.
• userList: A comma-separated list of users who are members of the group.

This file is important because it contains the admin list for the group and group passwords if you have them enabled.

Deleting a Group

delgroup (Delete Group) Finally, let’s delete the developers group:

sudo delgroup developers

We covered:

• groupadd: Create new groups.
• usermod: Modify user group memberships.
• gpasswd: Manage group memberships.
• Understanding the /etc/group and /etc/gshadow files for group information and management.
• delgroup: Delete groups.

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access