User Groups allow VPS v2 Virtual Server user accounts to share files with
one another. This is particularly useful for situations such as multiple
webmasters maintaining a single Web site. Groups are also used to give users
access to specific programs. A user with FTP privileges, for example, must be a
member of the ftp group.
Any user has a primary group which they belong to, and
they can also be in other groups. In the /etc/passwd
file, the Group ID (GID) is the second number. This is the user's primary
group, and any files created by the user will belong to this group by default.
The /etc/group file stores a list of all
the groups, their GID, and the members of the group.
Because each file and directory in UNIX has specific file
permissions, it is important that you set correct group file permissions. To
see a list of file permissions, go to the directory you want to view and type
# ls -l
As root, if you go into a user’s directory and create a
file, it then becomes owned by root group wheel, and you will probably need to
change the group ownership of that file. To change group ownership, type the
following:
# chown owner:group filename
where owner is the owner of the file, and group is also
the owner the file.
The wheel group (GID 0) is a special group. Any user in
the wheel group can use the su command to become the root user. For security
reasons, you should be careful about who you put in this group.
There are a number of other groups that exist to give
users access to specific programs. Some specific instances of this that you
should know about are the ftp, pop, imap, and web groups, which require a user
to be a member of the group to have access to that program. There are also
groups that exist for system uses only. If you are uncertain of the purpose of
a group, it is a good idea not to delete or add users to that group.
To edit groups, go to /etc/group
using the cd command, and invoke a text editor, such as pico or vi. You can
also use iManager. See “Editing Groups” for more information.
The following is a sample of the group file:
# $FreeBSD: src/etc/group,v 1.19.2.3 2002/06/30 17:57:17 des Exp $
#
wheel:*:0:root,gluttony,brynne
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:21:gluttony,brynne,tom,frank,bob
staff:*:20:root
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:root
bind:*:53:
www:*:80:
web:*:81:frosty,brynne,tom,frank,bob
pop:*:82:frosty,frank
imap:*:83:frosty,brynne,frank
nogroup:*:65533:
nobody:*:65534:
cyrus:*:60:
bob:*:1006:
Entries in the group file are separated by colons. The
first entry is the group name followed by the group password. Most groups do
not have a password thus the “*”. Next is
the group ID number (GID). The last entries are the users that are in the
group.
To add a user to a group, add his or her username to the
end of the list of users.
To create a new group, add the group name, group password,
and users at the end of the list of groups and save the file.
See the managing_users man page (Section 7) for more
information.
| 
