Each user has a so-called GID in the fourth column of his/etc/passwd, the GID is the so-called "initial Group" (Initial group)! In other words, when a user logs on to the system, it immediately has the meaning of the group's relevant permissions. For example, we mentioned above that Dmtsai the user's/etc/passwd and/etc/group and/etc/gshadow related content as follows:
[Email protected] ~]#usermod-g users Dmtsai <== First configure the secondary group.[Email protected] ~]#grep Dmtsai/etc/passwd/etc/group/etc/gshadow/etc/passwd:dmtsai:x:503:504::/home/dmtsai:/bin/bash/etc/group:users:x:100:Dmtsai <== configuration of secondary groups/ETC/GROUP:DMTSAI:X:504:<== because it is the initial group, the fourth field does not need to fill in the account/etc/gshadow:users:::Dmtsai <== configuration of secondary groups/etc/gshadow:dmtsai:!::
|
Carefully see the above table, in/etc/passwd, Dmtsai this user belongs to the group for gid=504, search for/etc/group get 504 is the group named Dmtsai! This is initial group. Because it is the initial group, the user will take the initiative when landing, do not need to write the account in the fourth field of/etc/group!
But other groups that are not initial group can be different. For the above example, I will add Dmtsai to the Users group, because the Users group is not the initial group of Dmtsai, so I have to find the users line in/etc/group this file, and Dmtsai this account to add Enter the fourth column so that Dmtsai can join the Users group.
So in this example, because my Dmtsai account supports both the Dmtsai and users two groups, I dmtsai this user when reading/writing/running a file for the group part, as long as it is a function owned by users and Dmtsai two groups. Have Oh! You know that? However, this is for existing files, if I want to create a new file or a new directory today, may I ask if the group of new files is Dmtsai or users? Oh! This will have to check the effective group at that time (effective group).
Groups: Effective and supportive group observations
How do I know all of my supported groups if I am logged in as a Dmtsai user? Very simple, direct input groups on it! Note Oh, it's groups. The result looks like this:
In this output information, you can know that dmtsai this user belongs to both Dmtsai and users this two group, and the first output of the group is a valid group (effective group). That is, my effective group is Dmtsai ~ at this time, if I use touch to create a new file, for example: "Touch Test", then the owner of the file is Dmtsai, and the group is also Dmtsai.
Touch Test ll Dmtsai 0 17:26 Test
|
Do you know what a valid group is? The function of a valid group is to create a new file! Can the effective group be transformed?
NEWGRP: Switching of active groups
So how do you change the active group? Just use NEWGRP! However, there is a limit to the use of NEWGRP, which is that the group you want to switch must be a group that you already have support for. For example, Dmtsai can switch active groups between the two groups in Dmtsai/users, but Dmtsai cannot switch the active group into SSHD! Use the following methods:
[[em Ail protected] ~]$ NEWGRP users [[email protected] ~]$ groups users dmtsai[[email protected] ~]$ touch test2 [[email protected] ~]$ ll -rw-rw-r--1 dmtsai dmtsai 0 Feb 17:26 test-rw-r--r--1 dmtsai users 0 Feb 17:33 test2 |
At this point, Dmtsai's active group becomes users. We're going to talk about NEWGRP This command, which can change the current user's active group, and is another shell to provide this function, so, in the above example, Dmtsai This user is currently landing with another shell, and the new shell Give Dmtsai effective GID as users. If you look at the diagram, it looks like this:
Although the user's environment configuration (such as environment variables and other data) will not affect, the users ' group permissions will be recalculated. Note, however, that because a new shell is being acquired, if you want to return to the original environment, please enter exit to return to the original shell!
In this case, that is, as long as my users have a supported group is able to switch to become a valid group! Okay, so how to get an account to join a different group is the problem. You want to join a group there are two ways, one is through the system administrator (root) to help you usermod, if Root is too busy and your system has a configuration group administrator, then you can use the group administrator to GPASSWD to help you join the group he managed!
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Linux-Active group (effective group) and initial group (initial group), GROUPS,NEWGRP