group permissions in Linux

It took me all evening to figure out that groups don’t work the same in Linux as in Solaris. You only belong to one group at a time, and you have to manually change the group using the newgrp command. Is that correct? What I want to know is, how exactly are you supposed to use this feature, and is there a way to belong to all groups? On my Solaris server I have HTML files owned by group wwwadmin, some setup files by manager, and specific software setup files assigned to different groups. Which means if I want to do various configuration changes from a Linux box I’ll have to keep doing a newgrp. This seems terribly inconvenient.

scr4,

I am not a linux guru but I just logged into one of the linux computers at work. When I type groups I get a list of groups so it seems to me that you can belong to more than one group on linux.

scr4 , you are correct. You can belong to multiple groups but not at the same time. The id command will show your current group id and all the groups you can change to. When you need to access files owned by another group, you’ll need to newgrp to that group first. This is the usual behavior for most unix-like OSes.

gazpacho , the command lists what groups you have access to, in addition to your primary group, but you do not have those group permissions until you set your current group id to one of those groups.

Eh? I’m a member of several groups and happily edit files belonging to those groups. I’ve never had to use the newgrp command. In fact, I’ve never even heard about it until this thread. I’m using Debian GNU/Linux

Breaknrun
What you are saying is different from my experience. Just now I looked at two files owned by someone else each with a different group ownership. Both files had owner read and group read permissions only. I did not have to use the newgrp command to read these files.

My SO says

Me: You are such a geek

Him: Something wrong with that?

Thanks for the help. But I’ve done some further testing and on my system (RedHat 8) I definitely have to do a newgrp to access files belonging to different groups. Does this mean that the behavior is different for each distribution? Can I change it by recompiling the kernel or something?

You’ve just encountered RedHat’s annoying “feature” called User Private Groups. Unless you disable this when adding users, whenever you add a user, a new group is created with the group name matching the new username. The new user becomes the only member of the group. If you’re using the default umask, any files created by this user can only be read and written to by this user. You can’t do a chmod +rwx on the files; it won’t work. This is frustrating for those of us unfamiliar with this scheme.

Full details are available at: http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-users-groups-private-groups.html

The idea is that you should set up a new group for every shared project or directory, e.g. a group called “devel” for developers. Then if you want any member of the devel group to have access to a directory called “source”, you set the gid bit on the “source” directory by going “chmod g+s source” and then “chgrp devel source/”. After you’ve done this, any file created in the source directory inherits the gid bit from the parent directory, and will be accessible to any member of the “devel” group - because the “devel” group owns the parent directory.

The RedHat site explains the full rationale better than I can.

Good luck.

I concur with what burntsand said. Pissed me off when I first had to use RedHat.

[Holy war]
Gimme FreeBSD anyday :wink:
[/Holy war]

My fellow geeks, I have passed legislation that outlaws BSD forever. The assault penguins will launch in five minutes.

burntsand, Debian works like that by default. Each user is setup as his own group, and to make shared directories you do the chmod trick as you described. But I still don’t have to run newgrp just to get access to the shared files.

See, crap like that is why i run Slackware. It might not be the easiest to use, but at least everything’s out in the open.

Hmm, somehow I managed to fix it so I don’t have to run newgrp every time, but I’m not sure what exactly did it. Maybe I just needed log out and back in again, or maybe I needed to use the supplied tools to set up groups instead of editing /etc/group manually. Anyway thank you all for the help.

And thank you burntsand for the link about User Private Groups. If I understand correctly, the “private” groups are dummy groups which allow you to safely use umask=002, right? I guess that makes some sense.