sad_b0i
07-12-2001, 07:21 PM
i really want to know why one is neccessary or not neccessary thanks!!!!
Click to See Complete Forum and Search --> : what is the purpose of making a group in LINUX?
bdl
07-12-2001, 07:31 PM
The whole idea behind users and groups in UNIX is to establish a certain level of security within the filesystem. Since UNIX was bred to be a multi-user OS, the way to keep the user space seperate is through UIDs and GIDs. A certain person has specific priveleges on a system, like root can run amuck and pretty much do what they want, whereas a regular user account has limited priveleges and can usually only write to their own directories, can only access certain programs on the system, that sort of thing.
Getting to your actual question: if you belong to a group, then you have the priveleges of that particular group. You can usually view and modify files and directories that the group owns and others can join in and do the same thing. So if there are 50 users that can login to a single UNIX machine, and they all belong to the 'users' group, they can share folders and directories, share work loads and that sort of thing without comprimising security by letting them just all have access to the system.
You don't necessarily have to belong to a specific group on your own linux box, or even on a small shared machine. Normally the default group is 'users' or perhaps you'll find it's your own username, like joe:joe for both user and group. You can add groups to your own user account and thus share files, or just give yourself more permissions on the system by belonging to a seperate group that can access devices or certain files/dirs. You do have to belong to at least one group, though. Hope this is helpful.
Getting to your actual question: if you belong to a group, then you have the priveleges of that particular group. You can usually view and modify files and directories that the group owns and others can join in and do the same thing. So if there are 50 users that can login to a single UNIX machine, and they all belong to the 'users' group, they can share folders and directories, share work loads and that sort of thing without comprimising security by letting them just all have access to the system.
You don't necessarily have to belong to a specific group on your own linux box, or even on a small shared machine. Normally the default group is 'users' or perhaps you'll find it's your own username, like joe:joe for both user and group. You can add groups to your own user account and thus share files, or just give yourself more permissions on the system by belonging to a seperate group that can access devices or certain files/dirs. You do have to belong to at least one group, though. Hope this is helpful.
sad_b0i
07-12-2001, 07:57 PM
so then i will use groups only if i have more than 15 users needing to log in correct...or am i missing something with the 15 person limit...
bdl
07-12-2001, 08:34 PM
I'm not familiar with a 15 user limit; AFAIK you can have a *relatively* unlimited amount of users on the system, so long as the system resources can handle it and / or there are user limits set. I'm not certain what you mean by stating that you have to use groups if you are over a certain number of users. You always have a group, whether there are 1 user or 20 users. Whether or no the users on the system can access each others files, things like that depends on if they belong to the same group. So in other words, if you want to have 20 users on the same machine, they can all be a part of the 'users' group, or 'yourowngroupname' group, or 'blueman' group or whatever. They might just as well belong to a private group, as I mentioned in the other post; it doesnt matter, as long as they have at least one group assigned to them.
Strike
07-12-2001, 09:06 PM
Group privileges are for ... well, exactly what it sounds like. If you want only a certain subset of users to have access to something (most of the examples I can think of are devices, like /dev/dsp for sound or /dev/lp0 for local printing), then you assign them all to a group and change file permissions accordingly.
stepdad
07-12-2001, 10:15 PM
The other explainations were both good, but I thought it might help if I added a line or two to help clarify the concept.
Every file, directory and device on your linux box can be accessed by three seperate types of users.
The owner: This is normally the person that created the file/directory or installed the device in question.
The group: These are people that are given special access to the file, directory or device as specified for their group.
Others: This is everyone that is not either the owner or given access via group.
With these three different levels of security on every file, directory and device on your system you have a tremendous amount of power and flexibility. You can grant or deny access to almost every component to your system with ease.
For example, lets say your system is like mine and you have a CD-ROM in your system, as well as a CDRW. Now, in this case I want the owner of these devices (root) to have total access to both.
I set up a group CDROM to have access to the CD/DVD Drive. I setup a second group CDRW to have access to the CD Burner. Now here is where the true power of groups comes into play.
Now when I go to setup my user accounts I can grant or deny access to the CDROM and CDRW with relative ease. I decide that my wife should have access to both, so I add her user account to the CDROM and CDRW groups. She can now use both devices.
I decide that my eldest daughter should also have both, so I do the same for her. I want my second eldest daughter to be able to use the CDROM, but not the CDRW, so I can add her to the CDROM group but not the CDRW group. I decide my youngest daughter should have access to neither, so I don't add her to either group.
A few months from now the situation changes. Perhaps my oldest daughter has been using the CDRW irresponsibly. I can easily go back and remove her user account from this group so she no longer has access, and it doesn't effect any of the other users that currently do have access like myself or my wife.
This is the true power and flexibility of groups when dealing with access levels. It allows you to easily give or recind access to various devices, files or directories on your linux machine. It also allows you to give those access levels easy to remember group names so 6 months or a year from now if you decide to deny some people access to the CDROM, but still want access to that same device for people other than root you can do so easily by simply adding and subtracting users from that group.
After you experiment with groups a bit I think you will find them invaluable. They can solve a lot of problems and make maintenance a real breeze.
Good luck..
Stepdad
null
Every file, directory and device on your linux box can be accessed by three seperate types of users.
The owner: This is normally the person that created the file/directory or installed the device in question.
The group: These are people that are given special access to the file, directory or device as specified for their group.
Others: This is everyone that is not either the owner or given access via group.
With these three different levels of security on every file, directory and device on your system you have a tremendous amount of power and flexibility. You can grant or deny access to almost every component to your system with ease.
For example, lets say your system is like mine and you have a CD-ROM in your system, as well as a CDRW. Now, in this case I want the owner of these devices (root) to have total access to both.
I set up a group CDROM to have access to the CD/DVD Drive. I setup a second group CDRW to have access to the CD Burner. Now here is where the true power of groups comes into play.
Now when I go to setup my user accounts I can grant or deny access to the CDROM and CDRW with relative ease. I decide that my wife should have access to both, so I add her user account to the CDROM and CDRW groups. She can now use both devices.
I decide that my eldest daughter should also have both, so I do the same for her. I want my second eldest daughter to be able to use the CDROM, but not the CDRW, so I can add her to the CDROM group but not the CDRW group. I decide my youngest daughter should have access to neither, so I don't add her to either group.
A few months from now the situation changes. Perhaps my oldest daughter has been using the CDRW irresponsibly. I can easily go back and remove her user account from this group so she no longer has access, and it doesn't effect any of the other users that currently do have access like myself or my wife.
This is the true power and flexibility of groups when dealing with access levels. It allows you to easily give or recind access to various devices, files or directories on your linux machine. It also allows you to give those access levels easy to remember group names so 6 months or a year from now if you decide to deny some people access to the CDROM, but still want access to that same device for people other than root you can do so easily by simply adding and subtracting users from that group.
After you experiment with groups a bit I think you will find them invaluable. They can solve a lot of problems and make maintenance a real breeze.
Good luck..
Stepdad
null
sad_b0i
07-13-2001, 08:59 AM
thanks for all replies...i really got a good grip on groups now...or a really good general use of them...
thanks stepdad!!!
thanks stepdad!!!
datadan
07-13-2001, 09:15 AM
I am working on some of the same issues....
I know that CHOWN and CHMOD are two tools. As are USERMOD -G and/or -g.
However I often get nervous about what everyone NEEDS to have access to versus what they probably should not have access to. Default installs are generally
Can anyone reccomend a straight forward text on how to change permissions quickly and easily? Any what areas should really be off limits to everyone....
Thanks
I know that CHOWN and CHMOD are two tools. As are USERMOD -G and/or -g.
However I often get nervous about what everyone NEEDS to have access to versus what they probably should not have access to. Default installs are generally
Can anyone reccomend a straight forward text on how to change permissions quickly and easily? Any what areas should really be off limits to everyone....
Thanks
bdg1983
07-13-2001, 09:25 AM
There's a NHF on File Permissions (http://www.linuxnewbie.org/nhf/intel/filesys/fileperms.html) that should help you.
Very handy these NHF's.
Very handy these NHF's.
justlinux.com
Copyright Internet.com Inc. All Rights Reserved.
Copyright Internet.com Inc. All Rights Reserved.