in general:

when changing groups for users the user needs to re-login to activate the changes

per default every – Debian/Ubuntu/RedHat/CentOS create for every new user – a new group with the same name – SUSE12 does NOT.

so while under debian/ubuntu a new user with „username“ automatically belongs to a newly created group „username“ and his home is set to username:username

per default every new user in SUSE12 is member of a common group called „users“. Ask SUSE why 😀 (this allows every user basically to „look into“ all other user’s home directory – not sure if this is wise and why)

on SUSE12 the /home/username is set to username:users

show all existing groups:

# list all groups of the system
cat /etc/group

show groups of current logged in user

user@suse:~> groups
users

user@suse:~> id
uid=1000(user) gid=100(users) Gruppen=100(users)

user@debian:~$ groups
user cdrom floppy audio dip video plugdev netdev

user@debian:~$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev)

[user@centos ~]$ groups
user

[user@centos ~]$ id
uid=1000(user) gid=1000(user) Gruppen=1000(user) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

show default primary group

this is the group – that when new files are created under the user – will automatically be owned by this default-primary-group of that user.

id -gn; # show default primary group

usermod -g primarygroupname username; # change default primary group

usermod -a -G users user; # add user "user" to group "users"

create new group – add new group to the system

groupadd GROUP_NAME

rename group

groupmod --new-name NEW_GROUP_NAME OLD_GROUP_NAME

delete group

groupdel GROUP_NAME

add user to group

this should work across Debian/Ubuntu/CentOS/RedHat

usermod -a -G GROUPNAME USERNAME;

# example:
usermod -a -G test user;

[root@centos ~]# groups user
user : user test

# alternatively:

[root@centos ~]# su - user; # change roles from root to user
[user@centos ~]$ groups; # checkout groups of that user, now user "user" belongs to group "test"
user test

# alternative
adduser <username> group; # add username to the group

remove user from group

gpasswd -d user group;

config file file /etc/gshadow

The /etc/gshadow file is readable only by the root user and contains an encrypted password for each group, as well as group membership and administrator information.

Just as in the /etc/group file, each group’s information is on a separate line.

Each of these lines is a colon delimited list including the following information:

  • Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group.

    Encrypted password — The encrypted password for the group. If set, non-members of the group can join the group by typing the password for that group using the newgrp command.

    If the value of this field is !, then no user is allowed to access the group using the newgrp command.

    A value of !! is treated the same as a value of ! — however, it also indicates that a password has never been set before. If the value is null, only group members can log into the group.

  • Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command.
  • Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.

Here is an example line from /etc/gshadow:

groupname:!!:administrator1,administrator2,administrator3:member1,member2,juan,bob

src: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Introduction_To_System_Administration/s3-acctsgrps-gshadow.html

setting passwords for groups

just as with user accounts – you can „login“ – become temporary member of a certain group.

holy moly. this works like this:

suse:~ # gpasswd test; # set a password for the group "test"
Passwort für die Gruppe test wird geändert.
Neues Passwort:
Passwort wiederholen:

user@suse:~> groups; # show current group membership, only 2x groups
named users
user@suse:~> newgrp test; # login to group "test"
Passwort:
user@suse:~> groups; # show current group membership, only 3x groups, try this under windows HOLY MOLY :-D
test named users
user@suse:~> exit; # logout of current group or bash or account
exit
user@suse:~> groups; # show current group membership, only 2x groups again
named users

manpages:

suse manpage newgrp: newgrp.man.txt

admin