when changing groups for users the user needs to re-login to activate the changes
per default every – Debian/Ubuntu/RedHat/CentOS create for every new user – a new group with the same name – SUSE12 does NOT.
so while under debian/ubuntu a new user with „username“ automatically belongs to a newly created group „username“ and his home is set to username:username
per default every new user in SUSE12 is member of a common group called „users“. Ask SUSE why 😀 (this allows every user basically to „look into“ all other user’s home directory – not sure if this is wise and why)
on SUSE12 the /home/username is set to username:users
show all existing groups:
show groups of current logged in user
uid=1000(user) gid=100(users) Gruppen=100(users)
user cdrom floppy audio dip video plugdev netdev
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev)
[user@centos ~]$ groups
[user@centos ~]$ id
uid=1000(user) gid=1000(user) Gruppen=1000(user) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
show default primary group
this is the group – that when new files are created under the user – will automatically be owned by this default-primary-group of that user.
usermod -g primarygroupname username; # change default primary group
usermod -a -G users user; # add user "user" to group "users"
create new group – add new group to the system
add user to group
this should work across Debian/Ubuntu/CentOS/RedHat
usermod -a -G test user;
[root@centos ~]# groups user
user : user test
[root@centos ~]# su - user; # change roles from root to user
[user@centos ~]$ groups; # checkout groups of that user, now user "user" belongs to group "test"
adduser <username> group; # add username to the group
remove user from group
config file file /etc/gshadow
The /etc/gshadow file is readable only by the root user and contains an encrypted password for each group, as well as group membership and administrator information.
Just as in the /etc/group file, each group’s information is on a separate line.
Each of these lines is a colon delimited list including the following information:
Group name — The name of the group. Used by various utility programs as a human-readable identifier for the group.
Encrypted password — The encrypted password for the group. If set, non-members of the group can join the group by typing the password for that group using the newgrp command.
If the value of this field is !, then no user is allowed to access the group using the newgrp command.
A value of !! is treated the same as a value of ! — however, it also indicates that a password has never been set before. If the value is null, only group members can log into the group.
- Group administrators — Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command.
- Group members — Group members listed here (in a comma delimited list) are regular, non-administrative members of the group.
Here is an example line from /etc/gshadow:
setting passwords for groups
just as with user accounts – you can „login“ – become temporary member of a certain group.
holy moly. this works like this:
Passwort für die Gruppe test wird geändert.
user@suse:~> groups; # show current group membership, only 2x groups
user@suse:~> newgrp test; # login to group "test"
user@suse:~> groups; # show current group membership, only 3x groups, try this under windows HOLY MOLY :-D
test named users
user@suse:~> exit; # logout of current group or bash or account
user@suse:~> groups; # show current group membership, only 2x groups again
suse manpage newgrp: newgrp.man.txt