FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 27
  1. #1
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    I like to know meaning of groups in Linux

    Hi.

    After 1 year & few months of being Linuxer on Fedora, I feel myself ready now to go more deep in Linux. A step in this road, is the knowledge of meaning of groups already existing on Linux Fedora. I mean the following:

    Go to system setting, under administration select "Users & Groups". In "Group" tab, there are many groups ... I need to know what each of them mean? & what the result of adding user to each of them or removing it from any of them?

    Is there a document or link explain them?

    Best.
    Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  2. #2
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    736

    Re: I like to know meaning of groups in Linux

    First consider that UNIX is a multi-user system. There may be many people using the same computer and we don't want them to step on each other's toes.

    Users and groups is a basic UNIX divide and conquer security strategy. It is managed at the file system access level. There are also two more powerful, very similar systems in use, called Access Control Lists (ACL) and SELinux/AppArmor, that work at the kernel level.

    Between all these things, it ensures that users and processes are kept separated. The upshot is that if one user/group account gets compromised, then the damage is limited.
    --
    Have fun!
    http://www.aeronetworks.ca

  3. #3
    Join Date
    Feb 2005
    Location
    London, UK
    Posts
    565

    Re: I like to know meaning of groups in Linux

    Further to the above. If you run "ls -l" in a terminal you'll see that files have 2 types of owners, a user and group ownership. They'll also have permissions expressed as a string like rwxr-x--- or similar. These permission strings are split in to 3 permission blocks of 3 characters: "user, group, other". Using rwxr-xr-- as an example:

    - the first 3 characters (rwx) denote what the user (the person who owns the file) can do with that file, in this case rwx means they can read, write and execute the file.

    - the next 3 characters (r-x) denote what users in the owner group can do with the file, in this case read and execute, but they can't modify/write the file. So the file could be owned by both user "bob" and the group "finances", users who aren't bob but are in the finances group would be able to read/execute the file which could be useful for running a payInvoice script or similar.

    - the last 3 characters are for other users who are neither the owner nor in the group. In this case they can't read/write or execute the script, we wouldn't want them reading it and getting the accounts software login details for example.

  4. #4
    Join Date
    Oct 2010
    Location
    Canberra
    Posts
    2,708

    Re: I like to know meaning of groups in Linux

    I found this article that explains users and groups quite well:
    https://www.linode.com/docs/tools-re...ers-and-groups

  5. #5
    Join Date
    Sep 2006
    Posts
    1,442

    Re: I like to know meaning of groups in Linux

    Quote Originally Posted by ocratato
    I found this article that explains users and groups quite well:
    https://www.linode.com/docs/tools-re...ers-and-groups
    one of the easiest to understand articles for people new to the concept of permissions in Linux, many thanks indeed.
    fedoralinuxcommands.blogspot.com


    All the forces in the world are not so powerful as an idea whose time has come - Victor Hugo

  6. #6
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    4,598

    Re: I like to know meaning of groups in Linux

    Fedora includes a group titled "users". I can join that group. My wife's the other user. She can also become a member of "users". For files that I want to share with each other, I have the admin set those files to have users group.

    Sudo. Leslie:users sharedObject. Both Leslie and Wife are also enrolled in users for this to work.

    Look at /etc/group.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  7. #7
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    736

    Re: I like to know meaning of groups in Linux

    Leslie, if you make a directory called shared (or whatever) in your or your Wife's home directory and set the sticky bit on that directory and set the group of the directory to users, then any file copied there will inherit the users group and will be accessible by both of you. That may save you some hassle.
    --
    Have fun!
    http://www.aeronetworks.ca

  8. #8
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: I like to know meaning of groups in Linux

    Many thanks for all of you that post in this threat.

    But I think you misunderstand me ! My original question is:

    I have - by default - the following groups on my system: see attached 4 screenshots please.

    What each of these group mean ? What is result of adding a user to each of them ? What result of a user not member in each of them ? This is my question. For example:

    There is a group called "lock". So, what this group mean ? What result for user if added to it ? What result for a user removed from it or not being a member in this group ?

    Best.
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	1.png 
Views:	17 
Size:	22.4 KB 
ID:	27231   Click image for larger version. 

Name:	2.png 
Views:	13 
Size:	23.6 KB 
ID:	27232   Click image for larger version. 

Name:	3.png 
Views:	12 
Size:	25.6 KB 
ID:	27233   Click image for larger version. 

Name:	4.png 
Views:	13 
Size:	29.2 KB 
ID:	27234  
    Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  9. #9
    Join Date
    Sep 2009
    Posts
    2,127

    Re: I like to know meaning of groups in Linux

    Scroll down near the bottom of this archlinux wiki for some of them. Sometimes you need to be a member to get an app to work correctly. VirutalBox USB devices are one example. Of course, you need to be in wheel to run sudo.

    dd_wizard

  10. #10
    Join Date
    Oct 2007
    Location
    Freedonia
    Age
    68
    Posts
    3,037

    Re: I like to know meaning of groups in Linux

    OK, nobody here has come close to answering the question, so I'll give it a try. Let's say that you were working on an old-time Unix mainframe, along with the rest of the people in your office, and that you were working in accounting. If things were set up correctly, you would be a member of a group called "accounts," although you'd probably be a member of other groups as well. Now, the important accounting files would probably be owned by your department head, and by the accounts group, and anybody in that group would have read/write access to those files. That would mean that anybody in that group could use the files as if they owned them, and you wouldn't have to worry about syncing different copies. That's how groups were designed to be used. (In fact, there was a time when you could only be active in one group at a time, and if accounts weren't your main group, you'd have to newgrp to it in order to work on those files.)

    Now, however, most people are only working on files on their own box, and groups aren't important unless you have more than one regular user on that computer. Groups are still used, however, not just for historical reasons, but to limit the people who have access to certain files or programs. Each user has their own group, with their username as the group name for convenience, and can also be members of other groups as needed. (As mentioned above, if you need to use sudo, you need to be a member of the group "wheel.") If you want to see what groups you're a member of, just run the command groups in a terminal. If you find that you need to be a member of a special group to run a program (I have boinc running for distributed computing, as an example.) you either need to edit /etc/group as root to add yourself to that group, or use a GUI application such as system-config-users, which also requires root, to make the change.
    Registered Linux user #470359 and permanently recovered BOFH.

    Any advice in this post is worth exactly what you paid for it.

  11. #11
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: I like to know meaning of groups in Linux

    Quote Originally Posted by dd_wizard
    Scroll down near the bottom of this archlinux wiki for some of them. Sometimes you need to be a member to get an app to work correctly. VirutalBox USB devices are one example. Of course, you need to be in wheel to run sudo.

    dd_wizard
    Thank you very much for this link !! It answered most of them.

    Let go now to my target: I was thinking with a group that when a user added to it will have no permissions right (being minimum & have no any root "neither su nor sudo power).

    Does "nobody" group can do this ?? In your link no explanation about this. I searched Internet & got links saying something good but not in details.

    Let me explain further. Please look to this link:
    https://www.forums.fedoraforum.org/s...d.php?t=313858

    I like to simplified the above guide to minimum - if possible. It depend on creation of user account without su nor sudo nor GUI root access abilities & GNOME software not accessible to it.

    1) When adding new user on Fedora, it is by default have no sudo power because by default not added to wheel group, so this is O.K

    2) but by default this new user account have su power. I have to edit a file system by uncommenting a line (remove #) - see guide. It is simple step, but if user do a mistake can distroy it's system, & on upgrading Fedora to next version it will undo & user need to re-perform this step again

    3) the new user account - even after perform step of edit system file that block su - though now it has neither sudo nor su power, but still able to gain root by certain application via GUI, like firewalld for example. I have to perform special step to block that on a special package.

    4) also, new user account even if you perform step that disable it from su, & thus have no sudo nor su further, is still be able to to use GNOME software center.

    So, what will happened if I add new user account (that by default has no sudo but has su & root access via GUI), what will happened to this user if I added it to "nobody" group ??

    Does adding it to "nobody" group make it impossible to use su power from shell (terminal) of this new user without need to edit system file of Fedora ? Does this will make it unable to gain root power via GUI ? Does it will still be able to use GNOME software center ?

    In breaf, adding new user to "nobody", can make me avoid steps in (2), (3), & (4) ?

    Best.
    Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  12. #12
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    736

    Re: I like to know meaning of groups in Linux

    Groups don't have special powers. They are merely file system attributes that are checked by the kernel before opening a file.

    If a file belongs to a certain group and you don't, then you cannot read that file. Simple as that.


    As I mentioned above, there are also ACLs and SELinux which are like groups on steroids.

    It may take you a while to wrap your head around it, but don't let it worry you too much.
    --
    Have fun!
    http://www.aeronetworks.ca

  13. #13
    Join Date
    Oct 2007
    Location
    Freedonia
    Age
    68
    Posts
    3,037

    Re: I like to know meaning of groups in Linux

    One mistake in your most recent post: su is set to be executable by anybody, but you need to know the password for the account you're switching to. As an example, I'm not in the wheel group on any computer I own, so I can't use sudo. That's fine, because I'm the person who installed Linux, I know the root password because I'm the person who set it, and I can use su whenever I want.

    And, to answer part of your most recent question, if you don't want somebody messing with system files don't put them in the wheel group and don't tell them the root password.
    Registered Linux user #470359 and permanently recovered BOFH.

    Any advice in this post is worth exactly what you paid for it.

  14. #14
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    770

    Re: I like to know meaning of groups in Linux

    Quote Originally Posted by sidebrnz
    One mistake in your most recent post: su is set to be executable by anybody, but you need to know the password for the account you're switching to. As an example, I'm not in the wheel group on any computer I own, so I can't use sudo. That's fine, because I'm the person who installed Linux, I know the root password because I'm the person who set it, and I can use su whenever I want.

    And, to answer part of your most recent question, if you don't want somebody messing with system files don't put them in the wheel group and don't tell them the root password.
    Hi. my aim is to overcome viruses that targeted to Linux via WineHQ. These viruses try to take root power, so try to break passwords including su password without need me to inform them this password. I'm the only user on my PC but using groups to isolat Wine. My su password is very very very long & complex, but I search for maximum security & already achieved this via guide that I linked to you in my previous post, but I try to simplified it for peoples .......
    Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

  15. #15
    Join Date
    Feb 2005
    Location
    London, UK
    Posts
    565

    Re: I like to know meaning of groups in Linux

    Quote Originally Posted by User808
    I'm the only user on my PC but using groups to isolat Wine.
    You may be interested to read up on a "chroot jail", it would lock down the Wine more than using groups. Even if the user/group privileges are escalated somehow, Wine can't write outside the chroot jail. Obviously using a VM is another option.

Page 1 of 2 1 2 LastLast

Similar Threads

  1. Groups and Environment Groups
    By djl47 in forum Using Fedora
    Replies: 0
    Last Post: 10th December 2015, 09:32 AM
  2. Yahoo Groups dedicated to Linux
    By tech291083 in forum Wibble
    Replies: 3
    Last Post: 8th April 2013, 02:50 PM
  3. Replies: 0
    Last Post: 22nd April 2009, 02:53 PM
  4. fc9 yum failed, who can tell me what't the meaning?
    By comain in forum Using Fedora
    Replies: 5
    Last Post: 19th May 2008, 01:46 AM
  5. what is meaning of sha1sum?
    By kalpana in forum Installation, Upgrades and Live Media
    Replies: 10
    Last Post: 13th July 2005, 01:17 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •