[TriLUG] stupid user management question
Aaron S. Joyner
aaron at joyner.ws
Thu Nov 18 17:13:36 EST 2004
Blackburn, Marvin wrote:
>I am new to the shadow password file processing and Have a question.
>How do I properly change a users primary group.
>Can I just enter it into the /etc/passwd file?
>How do the changes get propogated to /etc/shadow and /etc/gshadow?
>Any help would be appreciated.
>I am running redhat as 2.1
>"He's no failure. He's not dead yet" --William Lloyd George
To the best of my knowledge, there is no information that actually
directly pertains to a user's primary group stored in /etc/shadow,
/etc/gshadow, or even /etc/group for that matter. The name and ID of
every group is stored in the /etc/group and /etc/gshadow files, but the
only danger there is "orphaned" groups. You can safely change the
user's primary group by changing the 4th field in the /etc/passwd file.
If you are effectively removing that group entirely, you may wish to
remove it from /etc/group and /etc/gshadow, or if you want the group to
remain you can leave it in those two files with no ill effect. You will
only need to modify gpasswd and gshadow if you're getting into advanced
group management - if that's the case check out the gpasswd man page.
Having said that, there is a command which handles this type of
operation for you. You can use "usermod -g <newgroup> <userid>" to
change a user's primary group, and it will handle changing the
appropriate files. Note that if you remove a user, and are using
"usergroups" (USERGROUPS_ENAB is set in /etc/login.defs - such that all
users are created by default belonging to a single group of their own
username) then userdel will remove that group - only if there are no
other members of it. So if you follow these steps:
useradd foo # Adds a user named foo
usermod -g users foo # Changes foo's primary group to users
userdel foo # Deletes foo, and the usergroup foo that was created
when the user was
Interestingly enough, the second step above does not delete the group
foo - which I think is a nice feature. He can still belong to that
group, if you add it as an optional group for his user, but you may not
desire for that to be his *primary* group.
If that doesn't clear it up sufficiently, as always, ask more! :)
Aaron S. Joyner
PS - For the record, is your subject referring to the act of managing
them, or the users themselves? It wasn't clear.
--Your friendly BOFH
More information about the TriLUG