sudo Sergeant 12: Group Management

tariq.ahmad — Fri, 18 Jan 2019 16:09:44 GMT

Current Revision posted to Documents by tariq.ahmad on 1/18/2019 4:09:44 PM

Join the Ben Heck team every week for amazing hacks! Watch them build and mod community-inspired projects using electronics!

Back to The Ben Heck Show homepage

sudo Sergeant

The Learning Circuit

See All Episodes

www.youtube.com/watch

In this segment Felix shows you how to see what groups are on your system, how to add new groups, how to add users to those groups, how to remove users from those groups, how to remove the groups, and, how to modify the groups. He’ll also dabble in file permissions and file ownership.

Felix talks about managing groups. He starts by checking out what groups are in the system. To check out what groups are in the system use:

$ cat /etc/group

To create a group you would use:

$ sudo groupadd dirshare

You’ve now created a group named dirshare that has no members. Now that the group is created, there are a couple of ways you can add members to the group. You can do it through the USERMOD method or through the GPASSWD method. Felix, shows you how to do both, starting with the GPASSWD method:

$ sudo gpasswd –a – technician dirshare

This adds user technician to the group dirshare. If you type in:

$ cat/etc/group

It should show you that technician is now part of this group:

dirshare:x:1006:technician

Next, Felix shows you how to add user buckethead to the group through the usermod method.

$ sudo usermod -aG dirshare buckethead

If you type in

$ cat/etc/group

It shows you that buckethead is now part of the group:

dirshare: x:1006:technician, buckethead

The distinction between the primary group that an account is associated with, and additional groups that an account may have, is that whenever a person goes and creates a document, it’s going to be owned by the person that made the file and the file is going to be associated with the primary group of the account that made the file. Felix goes over an example using a test directory. He uses this to create another directory called share:

$ pwd /home/technician/test
$ mkdir share

If you type in

$ /bin/ls –la

You can see that this directory is owned by technician and it’s in the group technician. Felix attempts to change the group of the shared directory to technician:

$ chown -R technician:dirshare ../share/

It gives him the error: Operation not permitted This brings him to his next point. When a user is added to a new group, the system doesn’t recognize that the user has been added to that group until the person has logged out and then logged back in. He logs back in and goes into the directory share. He wants to make a file that can be shared between different accounts within a directory that is in a shared group:

$ ls file.txt $ pwd /home/technician/share

To do this he is going to use a utility called EXA that he’s set up in his bash RC as an alias for LK. EXA is a modern replacement for LS, which is listing the contents of a directory. It basically colorizes everything, puts it in a grid, and makes it human readable. He wants to change the group from technician to dirshare. He’ll need to first check the permissions to make sure that both the owner can read and write and the group can read and write. To do this he’ll need to use two utilities, CHOWN and CHMOD.

$ chown -Rv technician:dirshare ../share/

changed ownership of ‘../share/file.txt’ from technician to technician:dirshare changed ownership of ‘..share/’ from technician to technician:dirshare

Now, any account that is in the dirshare can write files in this directory. Any account that is in dirshare can also read file.txt but cannot write to it because the write flag is not set. To make this file writeable you would use: $ chmod g+w file.txt Now that the permissions are set and the group is set, Felix opens up another terminal and logs in as Buckethead. He goes over what you need to do to allow Buckethead to write a file to the directory. Because buckethead is in the potatohead group, technician is unable to write to it. To allow technician to write to the file he’ll need to change the group. He goes over this along with what you need to do to remove a user from a group.

Tags: operation not permitted, ls, exa, chown, chmod, shared group, felix gardner, system administration, open source, group permissions, sudosergeant, linux