Users and groups... [Solved]

If you are new to Linux or new to Sabayon Linux and just not sure where to post, here ya go. Post without fear of being told to RTFM :-)

Moderator: Moderators

Users and groups... [Solved]

Postby ReemZ » Thu Apr 29, 2010 18:41

OK, I'm searching my arse off here and can't seem to find ánything that comes close to answering my question here.
I'm stíll not completely sure about the difference between the primary group of a certain user and the secondary groups user may belong to, and I have no idea how or where to find more information on what all those groups actually represent.
Thing is, my own user (reemz, UID=1000), which I created at install of SL5, has 'users' (GID=100) as primary group (or at least so /etc/passwd tells me) and is member of two dozens more, where the newly created user 'carrie' with UID=1001 (my girlfriend) is only member of group 'carrie' (GID=1001), none other.

Code: Select all
reemz@Sm0kerZ-ParadiZe ~ $ groups
disk wheel floppy uucp cron audio cdrom dialout video games cdrw usb users haldaemon scanner plugdev entropy pulse-access pulse-rt pulse vboxusers crontab polkituser
(I thought my primary group would show first in that list btw, but ok)

What I would like to know is the following:
1. Should I, or should I not, create a group 'reemz' for myself and make it my primary group?
2. Should I, or should I not, make 'users' the primary group for user 'carrie'?
3. Where can I find more info on what all those groups represent, so I will know what group to add what user to?

Basically what I want is a second account on this box for my girlfriend, I don't want us to be able to touch (or even read) each others files (of course I can su but that's beside the point), and I plan to create another, highly restricted, guest account.
Yes, I have read the man pages for useradd/usermod/related stufzz, I've google my arse off, found more forums than I care to remember and zero usable info.

Anyone got a pointer?
Last edited by ReemZ on Fri Jan 27, 2012 21:40, edited 1 time in total.
Handtekening? Zeg...ik ga niet op m'n monitor schrijven!
ReemZ
Old Dear Hen
 
Posts: 701
Joined: Mon Oct 27, 2008 10:50
Location: Here! No, here! Over heeeeeeere!

Re: Users and groups...

Postby sanaris » Thu Apr 29, 2010 21:31

Knowledge of primary group is useful in "chown" command.
There is no difference between primary and secondary group, as a group rights. If there is no meaning to create additional rights for new group "newgrp", then absence of this group is normal.

The primary group is the group that any files they create will belong to by default.
sanaris
Young Hen
 
Posts: 23
Joined: Thu Oct 08, 2009 19:18

Re: Users and groups...

Postby Fitzcarraldo » Sat May 01, 2010 21:03

ReemZ wrote:What I would like to know is the following:
1. Should I, or should I not, create a group 'reemz' for myself and make it my primary group?
2. Should I, or should I not, make 'users' the primary group for user 'carrie'?
3. Where can I find more info on what all those groups represent, so I will know what group to add what user to?

1. Why would you want to do that? Are you thinking that this would inhibit your girlfriend from reading your files? If so, I don't think you need to do that (see further on).
2. I think you should, although, to be honest, I don't know whether this is essential for the proper functioning of a user account in SL.
3. Many of the groups have self-explanatory names (membership of group 'vboxusers' is necessary for the proper functioning of VirtualBox; membership of group 'entropy' is necessary to be able to use Entropy; membership of group 'audio' is necessary for the proper functioning of audio; membership of group 'cdrom' is necessary to be able to use the CDROM drive, and so on), and the others you'll have to research by googling, I'm afraid.

ReemZ wrote:Basically what I want is a second account on this box for my girlfriend, I don't want us to be able to touch (or even read) each others files (of course I can su but that's beside the point), and I plan to create another, highly restricted, guest account.

I suppose what you could do is create a new user account 'carrie' for your girlfriend and make that account a member of exactly the same groups that you belong to (that's what I do when I add a new user), but then make sure the two home directories don't have read access for the group 'users' (although I don't know if there are any applications that require the group 'users' to have read permission for a member's home directory). As you can see from the actual example below, if this is done then the two users cannot read anything in each other's home directory:

Code: Select all
$ pwd
/home
$ whoami
herzog
$ ls -la
total 44
drwxr-xr-x  8 root         root   4096 May  1 20:02 .
drwxr-xr-x 23 root         root   4096 Jul 15  2008 ..
drwxr-xr-x 67 herzog       users  4096 May  1 20:09 herzog
drwx--x--x 21 fitzcarraldo users  4096 May  1 20:10 fitzcarraldo
drwxr-xr-x  2 root         root   4096 Mar 30 20:10 ftp
-rw-r--r--  1 root         root      0 Nov 19  2005 .keep
drwx------  2 root         root  16384 Mar 30 20:10 lost+found
drwxr-xr-x  5 mythtv       root   4096 Mar 30 20:10 mythtv
drwxr-xr-x  5 p2p          root   4096 Mar 30 20:10 p2p
$ chmod g-r herzog
$ ls -la
total 44
drwxr-xr-x  8 root         root   4096 May  1 20:02 .
drwxr-xr-x 23 root         root   4096 Jul 15  2008 ..
drwx--xr-x 67 herzog       users  4096 May  1 20:09 herzog
drwx--x--x 21 fitzcarraldo users  4096 May  1 20:10 fitzcarraldo
drwxr-xr-x  2 root         root   4096 Mar 30 20:10 ftp
-rw-r--r--  1 root         root      0 Nov 19  2005 .keep
drwx------  2 root         root  16384 Mar 30 20:10 lost+found
drwxr-xr-x  5 mythtv       root   4096 Mar 30 20:10 mythtv
drwxr-xr-x  5 p2p          root   4096 Mar 30 20:10 p2p
$ su fitzcarraldo
Password:
$ whoami
fitzcarraldo
$ ls -la herzog
ls: cannot open directory herzog: Permission denied
$ exit
$ whoami
herzog
$ ls -la fitzcarraldo
ls: cannot open directory fitzcarraldo: Permission denied
$

Notice in the example above that the group permission for directory /home/fitzcarraldo/ was already x-- when I started quoting the console output, whereas the group permission for directory /home/herzog/ was xr- when I started quoting the console output. I then changed the group permission for directory /home/herzog/ to x-- and user fitzcarraldo could not access the directory any more. As the group permission for directory /home/fitzcarraldo/ was already x--, the user herzog could not access that directory either.

Of course there are other ways of achieving the same effect. You could simply create two new groups, let's call them reemzgroup and carriegroup, make only user reemz a member of reemzgroup, make only user carrie a member of carriegroup, and then each user could right-click on any file or directory they wanted, click on Properties in the drop-down menu and then click on the Permissions tab and change the Group to the group that only they are a member of (obviously you would select the group reemzgroup whereas Carrie would select the group carriegroup). All sounds a bit complicated when explaining it, but it's much easier when you actually do it. Best thing for you to do is to try these out yourself to see the effect.
User avatar
Fitzcarraldo
Sagely Hen
 
Posts: 7978
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom


Return to Beginners|Newbies Area

Who is online

Users browsing this forum: No registered users and 2 guests

cron