Groups and the Group File
In addition to ownership by individual system users, filesystem objects have separate ownership settings for groups of users. This group ownership allows an additional level of user-specific access control beyond that of a file’s individual owner. Groups are similar to users in their administration and are defined in the file /etc/group. Like the passwd file, the group file contains colon-separated fields:
- Group name
Each group must have a unique name.
- Group password
Just as user accounts have passwords, groups can have passwords for their membership. If the password field is empty, the group does not require a password.
- Group ID
Each group requires a unique GID. Like a UID, a GID is a nonnegative integer.
- Group member list
The last field is a list of group members by username, separated by commas.
Together, these pieces of information define a group; colons separate the fields. Here are a few sample lines from a group file:
root:x:0:root pppusers:x:230:jdean,jdoe finance:x:300:jdean,jdoe,bsmith jdean:x:500: jdoe:x:501: bsmith:x:502:
In this example, both jdean and jdoe are members of the pppusers group (GID 230), and jdean, jdoe, and bsmith are all members of the finance group (GID 300). The remaining groups, root, jdean, jdoe, and bsmith, are single-user groups. These groups are not intended for multiple users and do not contain additional members. For security purposes, it is common to create new users with their own personal single-user group. Doing this enhances ...