Users and groups (Српски)
User groups are used on GNU/Linux for access control – members of a group are granted access to devices and files belonging to that group. Template:Filename is the file that defines the groups on the system (Template:Codeline for details).
This article provides a list of common groups and their purpose along with an overview of group manipulation commands.
Contents
Useful groups
Users often add their non-root user to the following groups to allow access to peripherals and other hardware.
- audio - for access to sound hardware
- floppy - za pristup flopiju ukoliko postoji
- lp - za pristup stampacu
- optical - for access to optical devices such as CD and DVD drives (e.g. playing audio CDs)
- power - used with power options (e.g. shutdown with power button)
- storage - for managing storage devices
- video - za video poslove i 3d akceleraciju
- wheel - za upotrebu sudo privilegija
Group list
| Group | Affected files | Purpose |
|---|---|---|
| adm | /var/log/* | Read access to log files in /var/log |
| audio | /dev/sound/*, /dev/snd/*, /dev/misc/rtc0 | Access to sound hardware. |
| avahi | ||
| bin | /usr/bin/* | Right to modify binaries only by root, but right to read or executed by anyone. (Please modify this for better understanding...) |
| camera | Access to Digital Cameras. | |
| clamav | /var/lib/clamav/*, /var/log/clamav/* | |
| daemon | ||
| dbus | /var/run/dbus | |
| disk | /dev/sda[1-9], /dev/sdb[1-9], /dev/hda[1-9], etc | Access to block devices not affected by other groups such as optical,floppy,storage. |
| floppy | /dev/fd[0-9] | Access to floppy drives. |
| ftp | /srv/ftp | |
| games | /var/games | Access to some game software. |
| gdm | ||
| hal | /var/run/hald, /var/cache/hald | |
| http | ||
| kmem | /dev/port, /dev/mem, /dev/kmem | |
| locate | /usr/bin/locate, /var/lib/locate, /var/lib/slocate, /var/lib/mlocate | Right to use updatedb command. |
| log | /var/log/* | Access to log files in /var/log, |
| lp | /etc/cups, /var/log/cups, /var/cache/cups, /var/spool/cups | Access to printer hardware |
| mem | ||
| /usr/bin/mail | ||
| network | Right to change network settings such as when using a Networkmanager. | |
| nobody | Unprivileged group. | |
| ntp | ||
| optical | /dev/sr[0-9], /dev/sg[0-9] | Access to optical devices such as CD,CD-R,DVD,DVD-R. |
| policykit | ||
| power | Right to use suspend utils. | |
| rfkill | ||
| root | /* -- ALL FILES! | Complete system administration and control (root, admin) |
| scanner | /var/lock/sane | Access to scanner hardware. |
| smmsp | sendmail group | |
| storage | Access to removable drives such as USB harddrives,flash/jump drives,mp3 players. | |
| stb-admin | ||
| sys | Right to admin printers in CUPS. | |
| thinkpad | /dev/misc/nvram | Right for thinkpad users using tools such as tpb. |
| tty | /dev/tty, /dev/vcc, /dev/vc, /dev/ptmx | |
| users | Standard users group. | |
| uucp | /dev/ttyS[0-9] /dev/tts/[0-9] | Serial & USB devices such as modems,handhelds,RS232/serial ports. |
| vboxusers | /dev/vboxdrv | Right to use Virtualbox software. |
| video | /dev/fb/0, /dev/misc/agpgart | Access to video capture devices, DRI/3D hardware acceleration. |
| vmware | Right to use VMware software. | |
| wheel | Right to use sudo (setup with visudo), Also affected by PAM |
Group manipulation
List groups
Display group membership with the Template:Codeline command:
$ groups [user]
If Template:Codeline is omitted, the current user's group names are displayed.
The Template:Codeline command provides additional detail, such as the user's UID and associated GIDs:
$ id [user]
To list all groups on the system:
$ cat /etc/group
Find group ownership
List files owned by a group with the Template:Codeline command:
# find / -group [group]
Manage group membership
Add users to a group with the Template:Codeline command:
# gpasswd -a [user] [group]
To remove users from a group:
# gpasswd -d [user] [group]
If the user is currently logged in, he/she must log out and in again for the change to have effect.
Manage groups
Create new groups with the Template:Codeline command:
# groupadd [group]
To delete existing groups:
# groupdel [group]