To add a new group to the system, type
the following at a shell prompt as
root:groupadd[options]group_name
|
Option
|
Description
|
-f, --force |
When used with
-g gid and gid already exists, groupadd will choose another unique gid for the group. |
-g gid |
Group ID for the group, which must be unique and
greater than 499.
|
-K, --key key=value |
Override
/etc/login.defs defaults. |
-o, --non-unique |
Allow to create groups with duplicate.
|
-p, --password password |
Use this encrypted password for the new group.
|
-r |
Create a system group with a GID less than 500.
|
Creating Group Directories
System administrators usually like to
create a group for each major project and assign people to the group when they
need to access that project's files. With this traditional scheme, file
managing is difficult; when someone creates a file, it is associated with the
primary group to which they belong. When a single person works on multiple
projects, it becomes difficult to associate the right files with the right
group. However, with the UPG scheme, groups are automatically assigned to files
created within a directory with the setgid bit set. The setgid bit makes managing
group projects that share a common directory very simple because any files a
user creates within the directory are owned by the group which owns the
directory.
For example, a group of people need to
work on files in the
/opt/myproject/ directory. Some people are trusted to
modify the contents of this directory, but not everyone.
1. As
root, create
the /opt/myproject/ directory by typing the following at a
shell prompt:mkdir /opt/myproject
2. Add the
myproject group to the system:groupadd myproject
3. Associate the contents of the
/opt/myproject/ directory with the myproject group:chown root:myproject /opt/myproject
4. Allow users to create files within the
directory, and set the setgid bit:
chmod 2775 /opt/myproject
At this point, all members of the
myproject group can create and edit files in the /opt/myproject/ directory without the administrator
having to change file permissions every time users write new files. To verify
that the permissions have been set correctly, run the following command:~]# ls -l /opt
total 4
drwxrwsr-x. 3 root myproject 4096 Mar 3 18:31 myproject
For information about
various utilities for managing users and groups, refer to the following manual
pages:
o
chage(1) — A command to modify password
aging policies and account expiration.
o
gpasswd(1) — A command to administer the /etc/group file.
o
groupadd(8) — A command to add groups.
o
grpck(8) — A command to verify the /etc/group file.
o
groupdel(8) — A command to remove groups.
o
groupmod(8) — A command to modify group
membership.
o
pwck(8) — A command to verify the /etc/passwd and /etc/shadow files.
o
pwconv(8) — A tool to convert standard
passwords to shadow passwords.
o
pwunconv(8) — A tool to convert shadow
passwords to standard passwords.
o
useradd(8) — A command to add users.
o
userdel(8) — A command to remove users.
o
usermod(8) — A command to modify users.
For information about
related configuration files, see:
o
group(5) — The file containing group information
for the system.
o
passwd(5) — The file containing user
information for the system.
o
shadow(5) — The file containing passwords
and account expiration information for the system.