(no commit message)

[ikiwiki.git] / docs / handbook / handbook-users-groups.mdwn

\r
\r
## 8.9 Groups \r
\r
A group is simply a list of users. Groups are identified by their group name and GID (Group ID). In DragonFly (and most other UNIX® like systems), the two factors the kernel uses to decide whether a process is allowed to do something is its user ID and list of groups it belongs to. Unlike a user ID, a process has a list of groups associated with it. You may hear some things refer to the ***group ID*** of a user or process; most of the time, this just means the first group in the list.\r
\r
The group name to group ID map is in `/etc/group`. This is a plain text file with four colon-delimited fields. The first field is the group name, the second is the encrypted password, the third the group ID, and the fourth the comma-delimited list of members. It can safely be edited by hand (assuming, of course, that you do not make any syntax errors!). For a more complete description of the syntax, see the [group(5)](http://leaf.dragonflybsd.org/cgi/web-man?command#group&section5) manual page.\r
\r
If you do not want to edit `/etc/group` manually, you can use the [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#pw&section8) command to add and edit groups. For example, to add a group called `teamtwo` and then confirm that it exists you can use:\r
\r
 **Example 8-7. Adding a Group Using pw(8)** \r
\r
    \r
    # pw groupadd teamtwo\r
    # pw groupshow teamtwo\r
    teamtwo:*:1100:\r
\r
\r
The number `1100` above is the group ID of the group `teamtwo`. Right now, `teamtwo` has no members, and is thus rather useless. Let's change that by inviting `jru` to the `teamtwo` group.\r
\r
 **Example 8-8. Adding Somebody to a Group Using pw(8)** \r
\r
    \r
    # pw groupmod teamtwo -M jru\r
    # pw groupshow teamtwo\r
    teamtwo:*:1100:jru\r
\r
\r
The argument to the `-M` option is a comma-delimited list of users who are members of the group. From the preceding sections, we know that the password file also contains a group for each user. The latter (the user) is automatically added to the group list by the system; the user will not show up as a member when using the `groupshow` command to [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#pw&section8), but will show up when the information is queried via [id(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=id&section=1) or similar tool. In other words, [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command=pw&section=8) only manipulates the `/etc/group` file; it will never attempt to read additionally data from `/etc/passwd`.\r
\r
 **Example 8-9. Using id(1) to Determine Group Membership** \r
\r
    \r
    % id jru\r
    uid#1001(jru) gid1001(jru) groups=1001(jru), 1100(teamtwo)\r
\r
\r
As you can see, `jru` is a member of the groups `jru` and `teamtwo`.\r
\r
For more information about [pw(8)](http://leaf.dragonflybsd.org/cgi/web-man?command#pw&section8), see its manual page, and for more information on the format of `/etc/group`, consult the [group(5)](http://leaf.dragonflybsd.org/cgi/web-man?command=group&section=5) manual page.\r
\r
\r
\r
CategoryHandbook\r
CategoryHandbook-usermanagement\r