Next Up Previous Contents Index

11.3 Users, Groups and User-Private Groups

Users, Groups and User-Private Groups

Managing users and groups has traditionally been tedious. Red Hat Linux has a few tools and conventions that make user and groups easier to manage, and more useful.

The easiest way to manage users and groups is through the Users and Groups module of the control-panel (see section 9 for details on the control-panel and section 9.1 for details on the Users and Groups module).

You can also use adduser to create a new user from the command line.

11.3.1 Standard Users

Standard Users

Table 81 lists the standard users set up by the installation process (this is essentially the /etc/passwd file). The group id (GID) in this table is the primary group for the user. See section 11.3.3 for details on how groups are used.

User UID GID Home Directory Shell
root 0 0 /root /bin/bash
bin 1 1 /bin
daemon 2 2 /sbin
adm 3 4 /var/adm
lp 4 7 /var/spool/lpd
sync 5 0 /sbin /bin/sync
shutdown 6 0 /sbin /sbin/shutdown
halt 7 0 /sbin /sbin/halt
mail 8 12 /var/spool/mail
news 9 13 /var/spool/news
uucp 10 14 /var/spool/uucp
operator 11 0 /root /bin/bash
games 12 100 /usr/local/games
gopher 13 30 /usr/lib/gopher-data
ftp 14 50 /usr/rhs/ftp
nobody 99 99 /root

Figure 81: Standard Users

11.3.2 Standard Groups

Standard Groups

Table 82 lists the standard groups as set up by the installation process (this is essentially the /etc/group file).

Group GID Members
root 0 root
bin 1 root,bin,daemon
daemon 2 root,bin,daemon
sys 3 root,bin,adm
adm 4 root,adm,daemon
tty 5
disk 6 root
lp 7 daemon,lp
mem 8
kmem 9
wheel 10 root
mail 12 mail
news 13 news
uucp 14 uucp
man 15
games 20
gopher 30
dip 40
ftp 50 ftp
nobody 99
users 100

Figure 82: Standard Groups

11.3.3 User Private Groups

User Private Groups

Red Hat Linux uses a user private group (UPG) scheme, which makes UNIX groups much easier to use. The UPG scheme does not add or change anything in the standard UNIX way of handling groups. It simply offers a new convention for handling groups. Whenever you create a new user, by default, he or she has a unique group. The scheme works as follows:

User Private Group
Each user has it's own primary group, to which only it is a member.
umask = 002
The traditional UNIX umask is 022, which prevents other users and other members of a user's primary group from modifying a user's files. Since every user has their own private group in the UPG scheme, this ``group protection'' is not needed. A umask of 002 will prevent users from modifying other users' private files. The umask is set in /etc/profile.
SGID bit on Directories
If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.

Most computing sites like to create a group for each major project and assign people to the groups they need to be in. Managing files traditionally has been difficult, though, because when someone creates a file it is owned by the primary group he or she belongs to. When a single person works on multiple projects, it becomes hard to make the files owned by the group that is associated with that project. In the UPG scheme, groups are automatically assigned to files on a project-by-project basis, which makes managing group projects very simple.

Let's say you have a big project called devel, with many people editing the devel files in a devel directory. Make a group called devel, chgrp the devel directory to devel, and add the all the devel users to the devel group. Now, all the devel users will be able to edit the devel files and create new files in the devel directory, and these files will always retain their devel group. Thus, they will always be edit-able by other devel users.

If you have multiple projects like devel, and users who are working on multiple projects, these users will never have to change their umask or group when they move from project to project. The SGID bit on each project's main directory ``selects'' the proper group.

Since each user's HOME directory is owned by the user and their private group, it is safe to set the SGID bit on the HOME directory. However, by default, files are created with the primary group of the user, so the SGID bit would be redundant.

11.3.3.1 User Private Group Rationale

User Private Group Rationale

Since the UPG scheme is new, many people have questions about it, and they wonder why it is necessary. The following is the rationale for the scheme.

At this point, by making the default umask 002 and giving everyone a private default group, you can easily set up groups that users can take advantage of without doing any magic. Just create the group, add the users, and do the above chown and chmod on the group's directories.


Next Up Previous Contents Index