Fedora Linux Support Community & Resources Center
  #1  
Old 10th October 2017, 08:46 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 728
linuxfedorafirefox
I like to know meaning of groups in Linux

Hi.

After 1 year & few months of being Linuxer on Fedora, I feel myself ready now to go more deep in Linux. A step in this road, is the knowledge of meaning of groups already existing on Linux Fedora. I mean the following:

Go to system setting, under administration select "Users & Groups". In "Group" tab, there are many groups ... I need to know what each of them mean? & what the result of adding user to each of them or removing it from any of them?

Is there a document or link explain them?

Best.
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #2  
Old 11th October 2017, 03:43 AM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 724
macosfirefox
Re: I like to know meaning of groups in Linux

First consider that UNIX is a multi-user system. There may be many people using the same computer and we don't want them to step on each other's toes.

Users and groups is a basic UNIX divide and conquer security strategy. It is managed at the file system access level. There are also two more powerful, very similar systems in use, called Access Control Lists (ACL) and SELinux/AppArmor, that work at the kernel level.

Between all these things, it ensures that users and processes are kept separated. The upshot is that if one user/group account gets compromised, then the damage is limited.
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #3  
Old 11th October 2017, 11:59 AM
HaydnH's Avatar
HaydnH Offline
Registered User
 
Join Date: Feb 2005
Location: London, UK
Posts: 509
windows_7chrome
Re: I like to know meaning of groups in Linux

Further to the above. If you run "ls -l" in a terminal you'll see that files have 2 types of owners, a user and group ownership. They'll also have permissions expressed as a string like rwxr-x--- or similar. These permission strings are split in to 3 permission blocks of 3 characters: "user, group, other". Using rwxr-xr-- as an example:

- the first 3 characters (rwx) denote what the user (the person who owns the file) can do with that file, in this case rwx means they can read, write and execute the file.

- the next 3 characters (r-x) denote what users in the owner group can do with the file, in this case read and execute, but they can't modify/write the file. So the file could be owned by both user "bob" and the group "finances", users who aren't bob but are in the finances group would be able to read/execute the file which could be useful for running a payInvoice script or similar.

- the last 3 characters are for other users who are neither the owner nor in the group. In this case they can't read/write or execute the script, we wouldn't want them reading it and getting the accounts software login details for example.
Reply With Quote
  #4  
Old 11th October 2017, 12:31 PM
ocratato Offline
Registered User
 
Join Date: Oct 2010
Location: Canberra
Posts: 2,650
linuxfirefox
Re: I like to know meaning of groups in Linux

I found this article that explains users and groups quite well:
https://www.linode.com/docs/tools-re...ers-and-groups
__________________
Has anyone seriously considered that it might be turtles all the way down?
That's very old fashioned thinking.
The current model is that it's holographic nested virtualities of turtles, all the way down.
Reply With Quote
  #5  
Old 11th October 2017, 01:45 PM
tech291083 Offline
Registered User
 
Join Date: Sep 2006
Posts: 1,421
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

Quote:
Originally Posted by ocratato View Post
I found this article that explains users and groups quite well:
https://www.linode.com/docs/tools-re...ers-and-groups
one of the easiest to understand articles for people new to the concept of permissions in Linux, many thanks indeed.
__________________
fedoralinuxcommands.blogspot.com


All the forces in the world are not so powerful as an idea whose time has come - Victor Hugo
Reply With Quote
  #6  
Old 11th October 2017, 05:34 PM
lsatenstein Offline
Registered User
 
Join Date: Jun 2005
Location: Montreal, Que, Canada
Posts: 4,354
linuxchrome
Re: I like to know meaning of groups in Linux

Fedora includes a group titled "users". I can join that group. My wife's the other user. She can also become a member of "users". For files that I want to share with each other, I have the admin set those files to have users group.

Sudo. Leslie:users sharedObject. Both Leslie and Wife are also enrolled in users for this to work.

Look at /etc/group.
__________________
Leslie in Montreal

Interesting web sites list
http://forums.fedoraforum.org/showth...40#post1697840
Reply With Quote
  #7  
Old 11th October 2017, 05:44 PM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 724
macosfirefox
Re: I like to know meaning of groups in Linux

Leslie, if you make a directory called shared (or whatever) in your or your Wife's home directory and set the sticky bit on that directory and set the group of the directory to users, then any file copied there will inherit the users group and will be accessible by both of you. That may save you some hassle.
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #8  
Old 11th October 2017, 09:42 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 728
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

Many thanks for all of you that post in this threat.

But I think you misunderstand me ! My original question is:

I have - by default - the following groups on my system: see attached 4 screenshots please.

What each of these group mean ? What is result of adding a user to each of them ? What result of a user not member in each of them ? This is my question. For example:

There is a group called "lock". So, what this group mean ? What result for user if added to it ? What result for a user removed from it or not being a member in this group ?

Best.
Attached Thumbnails
Click image for larger version

Name:	1.png
Views:	17
Size:	22.4 KB
ID:	27231   Click image for larger version

Name:	2.png
Views:	12
Size:	23.6 KB
ID:	27232   Click image for larger version

Name:	3.png
Views:	12
Size:	25.6 KB
ID:	27233   Click image for larger version

Name:	4.png
Views:	13
Size:	29.2 KB
ID:	27234  
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #9  
Old 11th October 2017, 10:16 PM
dd_wizard's Avatar
dd_wizard Offline
Registered User
 
Join Date: Sep 2009
Posts: 2,113
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

Scroll down near the bottom of this archlinux wiki for some of them. Sometimes you need to be a member to get an app to work correctly. VirutalBox USB devices are one example. Of course, you need to be in wheel to run sudo.

dd_wizard
Reply With Quote
  #10  
Old 12th October 2017, 01:28 AM
sidebrnz's Avatar
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 68
Posts: 3,018
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

OK, nobody here has come close to answering the question, so I'll give it a try. Let's say that you were working on an old-time Unix mainframe, along with the rest of the people in your office, and that you were working in accounting. If things were set up correctly, you would be a member of a group called "accounts," although you'd probably be a member of other groups as well. Now, the important accounting files would probably be owned by your department head, and by the accounts group, and anybody in that group would have read/write access to those files. That would mean that anybody in that group could use the files as if they owned them, and you wouldn't have to worry about syncing different copies. That's how groups were designed to be used. (In fact, there was a time when you could only be active in one group at a time, and if accounts weren't your main group, you'd have to newgrp to it in order to work on those files.)

Now, however, most people are only working on files on their own box, and groups aren't important unless you have more than one regular user on that computer. Groups are still used, however, not just for historical reasons, but to limit the people who have access to certain files or programs. Each user has their own group, with their username as the group name for convenience, and can also be members of other groups as needed. (As mentioned above, if you need to use sudo, you need to be a member of the group "wheel.") If you want to see what groups you're a member of, just run the command groups in a terminal. If you find that you need to be a member of a special group to run a program (I have boinc running for distributed computing, as an example.) you either need to edit /etc/group as root to add yourself to that group, or use a GUI application such as system-config-users, which also requires root, to make the change.
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #11  
Old 12th October 2017, 06:11 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 728
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

Quote:
Originally Posted by dd_wizard View Post
Scroll down near the bottom of this archlinux wiki for some of them. Sometimes you need to be a member to get an app to work correctly. VirutalBox USB devices are one example. Of course, you need to be in wheel to run sudo.

dd_wizard
Thank you very much for this link !! It answered most of them.

Let go now to my target: I was thinking with a group that when a user added to it will have no permissions right (being minimum & have no any root "neither su nor sudo power).

Does "nobody" group can do this ?? In your link no explanation about this. I searched Internet & got links saying something good but not in details.

Let me explain further. Please look to this link:
https://www.forums.fedoraforum.org/s...d.php?t=313858

I like to simplified the above guide to minimum - if possible. It depend on creation of user account without su nor sudo nor GUI root access abilities & GNOME software not accessible to it.

1) When adding new user on Fedora, it is by default have no sudo power because by default not added to wheel group, so this is O.K

2) but by default this new user account have su power. I have to edit a file system by uncommenting a line (remove #) - see guide. It is simple step, but if user do a mistake can distroy it's system, & on upgrading Fedora to next version it will undo & user need to re-perform this step again

3) the new user account - even after perform step of edit system file that block su - though now it has neither sudo nor su power, but still able to gain root by certain application via GUI, like firewalld for example. I have to perform special step to block that on a special package.

4) also, new user account even if you perform step that disable it from su, & thus have no sudo nor su further, is still be able to to use GNOME software center.

So, what will happened if I add new user account (that by default has no sudo but has su & root access via GUI), what will happened to this user if I added it to "nobody" group ??

Does adding it to "nobody" group make it impossible to use su power from shell (terminal) of this new user without need to edit system file of Fedora ? Does this will make it unable to gain root power via GUI ? Does it will still be able to use GNOME software center ?

In breaf, adding new user to "nobody", can make me avoid steps in (2), (3), & (4) ?

Best.
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #12  
Old 12th October 2017, 07:56 AM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 724
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

Groups don't have special powers. They are merely file system attributes that are checked by the kernel before opening a file.

If a file belongs to a certain group and you don't, then you cannot read that file. Simple as that.


As I mentioned above, there are also ACLs and SELinux which are like groups on steroids.

It may take you a while to wrap your head around it, but don't let it worry you too much.
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #13  
Old 12th October 2017, 08:03 AM
sidebrnz's Avatar
sidebrnz Offline
Registered User
 
Join Date: Oct 2007
Location: Freedonia
Age: 68
Posts: 3,018
linuxfedorafirefox
Re: I like to know meaning of groups in Linux

One mistake in your most recent post: su is set to be executable by anybody, but you need to know the password for the account you're switching to. As an example, I'm not in the wheel group on any computer I own, so I can't use sudo. That's fine, because I'm the person who installed Linux, I know the root password because I'm the person who set it, and I can use su whenever I want.

And, to answer part of your most recent question, if you don't want somebody messing with system files don't put them in the wheel group and don't tell them the root password.
__________________
Registered Linux user #470359 and permanently recovered BOFH.

Any advice in this post is worth exactly what you paid for it.
Reply With Quote
  #14  
Old 12th October 2017, 11:20 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 728
linuxsafari
Re: I like to know meaning of groups in Linux

Quote:
Originally Posted by sidebrnz View Post
One mistake in your most recent post: su is set to be executable by anybody, but you need to know the password for the account you're switching to. As an example, I'm not in the wheel group on any computer I own, so I can't use sudo. That's fine, because I'm the person who installed Linux, I know the root password because I'm the person who set it, and I can use su whenever I want.

And, to answer part of your most recent question, if you don't want somebody messing with system files don't put them in the wheel group and don't tell them the root password.
Hi. my aim is to overcome viruses that targeted to Linux via WineHQ. These viruses try to take root power, so try to break passwords including su password without need me to inform them this password. I'm the only user on my PC but using groups to isolat Wine. My su password is very very very long & complex, but I search for maximum security & already achieved this via guide that I linked to you in my previous post, but I try to simplified it for peoples .......
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #15  
Old 12th October 2017, 11:38 AM
HaydnH's Avatar
HaydnH Offline
Registered User
 
Join Date: Feb 2005
Location: London, UK
Posts: 509
windows_7chrome
Re: I like to know meaning of groups in Linux

Quote:
Originally Posted by User808 View Post
I'm the only user on my PC but using groups to isolat Wine.
You may be interested to read up on a "chroot jail", it would lock down the Wine more than using groups. Even if the user/group privileges are escalated somehow, Wine can't write outside the chroot jail. Obviously using a VM is another option.
Reply With Quote
Reply

Tags
groups , linux , meaning

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Groups and Environment Groups djl47 Using Fedora 0 10th December 2015 09:32 AM
Yahoo Groups dedicated to Linux tech291083 Wibble 3 8th April 2013 02:50 PM
is the meaning of bogomips different between 32 bit and 64 bit timcoote Using Fedora 0 22nd April 2009 02:53 PM
fc9 yum failed, who can tell me what't the meaning? comain Using Fedora 5 19th May 2008 01:46 AM
what is meaning of sha1sum? kalpana Installation, Upgrades and Live Media 10 13th July 2005 01:17 PM


Current GMT-time: 15:42 (Sunday, 22-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat