Of Stack

Implementation of Effective User Group and Initial User Group in Linux

  • 2021-07-09 09:50:03
  • OfStack

Look at the/etc/group file under 1 first: 


[root@localhost /]# cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
...

Every 1 line of this file represents 1 user group, and the fields are separated by colons. There are 4 fields, which are:

= = User group name = = = = User Group Password = =: Usually does not need to be set, this setting is usually used for "User Group Administrator". ==GID==: User Group ID = = Supported account names for this user group = =: 1 account can join multiple user groups. If a user wants to join a user group, just add the user name of that user to this field.

Initial user group

In the/etc/passwd, the fourth field (GID) of the 1 line corresponding to the user is the initial user group. When a user logs in to the system, he immediately has the relevant permissions of this initial user group. 


[root@localhost /]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
...

Valid user group

A valid user group indicates what user group the user is in at this time. Before switching the active user group, the active user group is the initial user group.

To know the user's own current valid user groups and supported user groups (field 4 of the/etc/group file contains the user group for this user), use groups. 


[root@localhost /]# groups
root bin daemon sys adm disk wheel

In this output information, the first output user group is the current valid user group (but some systems do not).

If I use touch to create a new file, then the owner of the file is root and the user group is root (valid user group).

Switch valid user group: newgrp

Use the newgrp command to switch valid user groups. Note that only the user groups supported by the current account can be switched.

Assume that the current user supports two user groups, "test" and "foo". Then newgrp test and newgrp foo are valid. Everything else is invalid.

The principle behind this transformation is to create a new shell, and to restore to the previous user group, you need to log off the current shell with exit or Ctrl+D.

Related articles: