| Previous | Table of Contents | Next |
Users can belong to many groups, in which case their user IDs should be on each group line that they belong to in the file /etc/group. Each username on a line in the /etc/group file is separated by a comma. There is no limit to the number of users that can belong to a group, in theory, but in practice, the line length of the Linux system (255 characters) acts as an effective limiter. There are ways around this limit, but few systems will require it.
The following excerpt from a /etc/group file shows several groups with multiple members:
accounts::52:bill,yvonne,tim,roy,root prgming::53:bill,tim,walter,gita,phyliss,john,root cad::54:john,doreen,root scanner::55:john,root,tim
The usernames on each line do not have to be in any particular order. Linux searches along each line to find the usernames it wants.
A user can be a member of only one group at a time while logged in, so he must use the command newgrp to change between groups they are members of. The starting group a user belongs to when he logs in is given by the GID field in the /etc/passwd file.
If you decide you don’t want a particular group to exist anymore, you can simply remove the group name from the /etc/group file. You should also check the /etc/passwd file to see if any users have that group ID as their startup GID, and change it to another group they are members of. If you don’t change the GIDs, the users will not be able to log in because they have no valid group membership. You should also scan the entire file system for files and directories that are owned by that group and change them to another group. Failure to make this change may prevent access to the file or directory.
Some Linux versions have shell scripts that remove group lines from the /etc/group file for you. The utility is generally called delgroup or groupdel. However, most versions of Linux don’t bother with this utility.
Sometimes you want to execute a command as another user. If you are logged in as super-user and want to create files with bill’s permissions and ownership set, it is easier to log in as bill than work as root and then reset all the parameters. Similarly, if you are logged in as a user and need to be superuser for a little while, you would have to log out and back in to make the change. An alternative is the su command.
The su command changes your effective username and grants you the permissions that username has. The su command takes the username you want to change to as an argument. For example, if you are logged in as a typical user and want to be root, you can issue the following command:
su root
The Linux system prompts you for the root password. If you supply it correctly, you will be root until you issue a Ctrl+D to log out of that account and back to where you started. Similarly, if you are logged in as root and want to be a user, you can issue the command with the username, such as the following:
su tparker
You won’t be prompted for a password when changing from root to another user because you have superuser powers. When you Ctrl+D out of the login, you are back as root. If you are logged in as a normal user and want to switch to another non-root login, you have to supply the password, though.
In this chapter we’ve looked at the basics of the /etc/passwd and /etc/group files, the two files intimately connected with user access to Linux. As you have seen, these are simple files and can easily be modified by a system administrator to add users and groups at any time. Always bear in mind that these are vital files, and they should be copied to a backup filename, then edited carefully and their permissions checked after each edit. From here, you can explore the following topics:
| Previous | Table of Contents | Next |