Xref: utzoo comp.unix.questions:4767 comp.unix.wizards:5702 Path: utzoo!mnetor!uunet!lll-winken!csustan!polyslo!sdejarne From: sdejarne@polyslo.UUCP (Steve DeJarnett) Newsgroups: comp.unix.questions,comp.unix.wizards Subject: Re: Setting up groups (LONG) Message-ID: <889@polyslo.UUCP> Date: 14 Dec 87 07:43:43 GMT References: <4718@well.UUCP> <228@hub.ucsb.edu> Reply-To: sdejarne@polyslo.UUCP (Steve DeJarnett) Organization: Cal Poly State Univ,CSC Dept,San Luis Obispo,CA 93407 Lines: 62 In article <228@hub.ucsb.edu> angst%csilvax@hub.ucsb.edu (Dave Stein) writes: >In article <4718@well.UUCP>, samlb@well.UUCP (Samuel B. Bassett) writes... > >> How do you assign a user to more than one group? >> [... stuff deleted ...] >> I know how to create groups -- add an entry for the group name, >>password, group number, and a comma-delimited member list in /etc/group. > >> I know how to assign a given user to _one_ group -- put the group >>number in the 4th column of his/her/its entry in /etc/passwd. > >I don't believe this is sufficient to add a user to a group. I think you >also have to add their login name to the group line in /etc/group. I think >this field is superseded by the /etc/group file. This is not true. The group that you place in the 4th field (not column) is the user's default group. This is the group that they are in when they log in, and all files that they create will be of this group. You can add a user to more than one group by placing their name next to the corresponding group in /etc/group. On Berkeley systems, if you are in a group, you have that group's permissions always. On SysV, to obtain a group's priviledges (other than for your default group), you must type 'newgrp'. If your login name appears in the /etc/group file on the line corresponding to the group you want to switch in to, it will take effect. Otherwise, you will be prompted for a password to obtain access to that group. We don't use passwords here for group access, but I suppose you could, in lieu of adding everyone to all of the groups that they want/need to be in. >> But if I want to have users be in _two_ or more groups (so they can >> read and write files in several different areas, I don't know how to do it. > >I don't have root permission anymore, so I can't check out my answer, but >I'm pretty sure it's correct. If not, please feel free to flame me (and, >of course, correct me). > >To add a user to more than one group, you need only add the user name to >each group line in /etc/group that you want the user to be in. Where I >used to work, I was in the wheel group (group 0), in addition to about 5 >other groups. To accomplish this, I simply edited /etc/group. Note that >you must log out and log back in after you edit /etc/group, because groups >are initialized during login. Yes, as I said above, this is correct. >Here at our site, root is in almost every group. I'm sure it is similar >at your site. I question this practice somewhat, seeing as root supersedes any group considerations anyway. It is somewhat redundant (or unnecessary) for root to be in several groups. System administrators may want their accounts to be in several groups, but you can make a case that this is a bad idea because of security considerations. It's really up to each site to decide what is best for them. Hopefully this will answer your questions. Good luck. ------------------------------------------------------------------------------- | Steve DeJarnett | ...!ihnp4!csun!polyslo!sdejarne | | Computer Systems Lab | ...!{csustan,csun,sdsu}!polyslo!sdejarne | | Cal Poly State Univ. | ...!ucbvax!voder!polyslo!sdejarne | | San Luis Obispo, CA 93407 | polyslo!sdejarne@trwind.TRW.COM | ------------------------------------------------------------------------------- #include