Users and groups (Српски)

From ArchWiki
Revision as of 11:07, 23 June 2010 by Kosava (Talk | contribs) (Created page with 'Category:Security (English) Category:General (English) {{i18n|Groups}} User groups are used on GNU/Linux for [[Wikipedia:Access control#Computer security|access control]…')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

User groups are used on GNU/Linux for access control – members of a group are granted access to devices and files belonging to that group. Template:Filename is the file that defines the groups on the system (Template:Codeline for details).

This article provides a list of common groups and their purpose along with an overview of group manipulation commands.

Useful groups

Users often add their non-root user to the following groups to allow access to peripherals and other hardware.

  • audio - for access to sound hardware
  • floppy - for access to a floppy (if applicable)
  • lp - for managing print jobs
  • optical - for access to optical devices such as CD and DVD drives (e.g. playing audio CDs)
  • power - used with power options (e.g. shutdown with power button)
  • storage - for managing storage devices
  • video - for video capture and hardware acceleration
  • wheel - for sudo privileges

Group list

A list of groups and their function (sorted alphabetically)
Group Affected files Purpose
adm /var/log/* Read access to log files in /var/log
audio /dev/sound/*, /dev/snd/*, /dev/misc/rtc0 Access to sound hardware.
avahi
bin /usr/bin/* Right to modify binaries only by root, but right to read or executed by anyone. (Please modify this for better understanding...)
camera Access to Digital Cameras.
clamav /var/lib/clamav/*, /var/log/clamav/*
daemon
dbus /var/run/dbus
disk /dev/sda[1-9], /dev/sdb[1-9], /dev/hda[1-9], etc Access to block devices not affected by other groups such as optical,floppy,storage.
floppy /dev/fd[0-9] Access to floppy drives.
ftp /srv/ftp
games /var/games Access to some game software.
gdm
hal /var/run/hald, /var/cache/hald
http
kmem /dev/port, /dev/mem, /dev/kmem
locate /usr/bin/locate, /var/lib/locate, /var/lib/slocate, /var/lib/mlocate Right to use updatedb command.
log /var/log/* Access to log files in /var/log,
lp /etc/cups, /var/log/cups, /var/cache/cups, /var/spool/cups Access to printer hardware
mem
mail /usr/bin/mail
network Right to change network settings such as when using a Networkmanager.
nobody Unprivileged group.
ntp
optical /dev/sr[0-9], /dev/sg[0-9] Access to optical devices such as CD,CD-R,DVD,DVD-R.
policykit
power Right to use suspend utils.
rfkill
root /* -- ALL FILES! Complete system administration and control (root, admin)
scanner /var/lock/sane Access to scanner hardware.
smmsp sendmail group
storage Access to removable drives such as USB harddrives,flash/jump drives,mp3 players.
stb-admin
sys Right to admin printers in CUPS.
thinkpad /dev/misc/nvram Right for thinkpad users using tools such as tpb.
tty /dev/tty, /dev/vcc, /dev/vc, /dev/ptmx
users Standard users group.
uucp /dev/ttyS[0-9] /dev/tts/[0-9] Serial & USB devices such as modems,handhelds,RS232/serial ports.
vboxusers /dev/vboxdrv Right to use Virtualbox software.
video /dev/fb/0, /dev/misc/agpgart Access to video capture devices, DRI/3D hardware acceleration.
vmware Right to use VMware software.
wheel Right to use sudo (setup with visudo), Also affected by PAM

Group manipulation

List groups

Display group membership with the Template:Codeline command:

$ groups [user]

If Template:Codeline is omitted, the current user's group names are displayed.

The Template:Codeline command provides additional detail, such as the user's UID and associated GIDs:

$ id [user]

To list all groups on the system:

$ cat /etc/group

Find group ownership

List files owned by a group with the Template:Codeline command:

# find / -group [group]

Manage group membership

Add users to a group with the Template:Codeline command:

# gpasswd -a [user] [group]

To remove users from a group:

# gpasswd -d [user] [group]

If the user is currently logged in, he/she must log out and in again for the change to have effect.

Manage groups

Create new groups with the Template:Codeline command:

# groupadd [group]

To delete existing groups:

# groupdel [group]