home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 22.12 A Directory that People Can Access but Can't List Chapter 22
File Security, Ownership, and Sharing
Next: 22.14 Add Users to a Group to Deny Permission
 

22.13 Groups and Group Ownership

Group membership is an important part of UNIX security. All users are members of one or more groups, as determined by your entry in /etc/passwd (36.3 ) and the /etc/group file.

To find out what groups you belong to, " grep (27.1 ) for" your entry in /etc/passwd :

% grep mikel /etc/passwd


mikel:sflghjraloweor:50:100:Mike Loukides:/home/mikel:/bin/csh

[If that didn't work, try a command like ypcat passwd | grep mike1 . -JP  ] The fourth field (the second number) is your primary group ID . Look up this number in the /etc/group file:

% grep 100 /etc/group


staff:*:100:root

Or use ypcat group | grep 100 . -JP  ] My primary group is staff . Therefore, when I log in, my group ID is set to 100. To see what other groups you belong to, use the groups command if your UNIX version has it. Otherwise, look for your name in /etc/group :

% grep mikel /etc/group


power:*:55:mikel,jerry,tim
weakness:*:60:mikel,harry,susan

[Or ypcat group | grep mike1 . -JP  ] I'm also a member of the groups power and weakness , with group IDs 55 and 60.

With BSD UNIX, you're always a member of all your groups. This means that I can access files that are owned by the staff , power , and weakness groups, without doing anything in particular. Under System V UNIX, you can only be "in" one group at a time, even though you can be a member of several. (I suppose this is like social clubs; you can belong to the Elks and the Odd Fellows, but you can only wear one silly hat at a time.) If you need to access files that are owned by another group, use the newgrp command:

% newgrp 

groupname

(System V even lets you change to groups that you don't belong to. In this case, you have to give a group password . Group passwords are rarely used - usually, the password field is filled with a * , which effectively says that there are no valid passwords for this group.)

On most systems, there are groups for major projects or departments, groups for system administration, and maybe one or two groups for visitors. Some BSD-based systems have a wheel group; to become root (1.24 ) , you must belong to wheel . Many systems make terminals writable only by the owner and a special group named tty ; this prevents other users from sending characters to your terminal without using an approved setgid (1.23 ) program like write (1.33 ) .

- ML


Previous: 22.12 A Directory that People Can Access but Can't List UNIX Power Tools Next: 22.14 Add Users to a Group to Deny Permission
22.12 A Directory that People Can Access but Can't List Book Index 22.14 Add Users to a Group to Deny Permission

The UNIX CD Bookshelf NavigationThe UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System