Results 1 to 7 of 7

Thread: adding users to their own group

  1. #1

    Default adding users to their own group

    When I add a user via Yast, they are being added to the group "users" as a primary group. Is there any way to add users to their own group instead of the "users" group by default? For example, if I add user "foo" s/he should be added to group "foo", not group "users".

    Also, users are automatically added to the "Dial out" and "video" groups - could any one please tell me what these groups are and whether they are needed for anything?

    Thanks.

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: adding users to their own group

    You would have to modify the YaST templates to do this, I don't know exactly where. What you are describing is a practice that started with Redhat long time ago. The reasoning is that each user would have their own group and then would be able to give access to their files in a more fine-grained fashion by admitting other users to their group or not. In practice this isn't used much, party because you have to ask root to manage the groups, and sysadmins get annoyed if you bother them for every little thing. So the practice of putting all users in the "users" group which was the original Unix practice, works fine most of the time, but it's all or nothing if you want to share with other users.

    dialout is for access to the serial modem and video for access to the frame buffer and TV cards I believe. You can see which devices are owned by those groups in /dev.

  3. #3
    Join Date
    Dec 2008
    Location
    Hamburg
    Posts
    458

    Default Re: adding users to their own group

    Hi,

    Quote Originally Posted by henders254 View Post
    When I add a user via Yast, they are being added to the group "users" as a primary group. Is there any way to add users to their own group instead of the "users" group by default? For example, if I add user "foo" s/he should be added to group "foo", not group "users".

    Also, users are automatically added to the "Dial out" and "video" groups - could any one please tell me what these groups are and whether they are needed for anything?
    To change the default group and default additional groups edit the file /etc/default/useradd. There are two lines to edit. The first one is

    Code:
    GROUP=100
    which means that the default group for the new user is the one with the group id 100. Change this to the group id of the default group you want to use. So if your group "foo" has the id 102 put 102 instead of 100.

    The second line is

    Code:
    GROUPS=video,dialout
    Those are the additional groups you assign a new user.

    The group dialout allows the user to use a dial out device like a modem. The group video gives the users access to the video device.

    hth

    Greetings

    Erik

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: adding users to their own group

    I think what the OP wants is more. He doesn't just want to change the default group. He wants an add of a new user to automatically create a group of the same name and to make that the user's primary group. So a useradd also does a groupadd. And presumably a userdel will do a groupdel.

  5. #5

    Default Re: adding users to their own group

    In the ACL system of permissions management, it is considered bad practice (and a potential security breach) for a user to not have their own group. That is from the Linux Professional Institute (LPI).

  6. #6
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,760

    Default Re: adding users to their own group

    Be easier to use a CL script then to try and change a GUI. Just add a new group with each new user added.

  7. #7
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,727
    Blog Entries
    2

    Default Re: adding users to their own group

    Quote Originally Posted by goldenbits View Post
    In the ACL system of permissions management, it is considered bad practice (and a potential security breach) for a user to not have their own group. That is from the Linux Professional Institute (LPI).
    That's just the opinion of one group of Linux users. I think they're wrong.
    Leap 42.3 & 15.1(Beta) &KDE
    FYIs from the days of yore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •