Users and groups (Српски)
User groups are used on GNU/Linux for access control – members of a group are granted access to devices and files belonging to that group. Template:Filename is the file that defines the groups on the system (Template:Codeline for details).
This article provides a list of common groups and their purpose along with an overview of group manipulation commands.
Contents
Useful groups
Users often add their non-root user to the following groups to allow access to peripherals and other hardware.
- audio - for access to sound hardware
- floppy - za pristup flopiju ukoliko postoji
- lp - za pristup stampacu
- optical - for access to optical devices such as CD and DVD drives (e.g. playing audio CDs)
- power - used with power options (e.g. shutdown with power button)
- storage - for managing storage devices
- video - za video poslove i 3d akceleraciju
- wheel - za upotrebu sudo privilegija
Group list
Group | Affected files | Purpose |
---|---|---|
adm | /var/log/* | Read access to log files in /var/log |
audio | /dev/sound/*, /dev/snd/*, /dev/misc/rtc0 | Access to sound hardware. |
avahi | ||
bin | /usr/bin/* | Right to modify binaries only by root, but right to read or executed by anyone. (Please modify this for better understanding...) |
camera | Access to Digital Cameras. | |
clamav | /var/lib/clamav/*, /var/log/clamav/* | |
daemon | ||
dbus | /var/run/dbus | |
disk | /dev/sda[1-9], /dev/sdb[1-9], /dev/hda[1-9], etc | Access to block devices not affected by other groups such as optical,floppy,storage. |
floppy | /dev/fd[0-9] | Access to floppy drives. |
ftp | /srv/ftp | |
games | /var/games | Access to some game software. |
gdm | ||
hal | /var/run/hald, /var/cache/hald | |
http | ||
kmem | /dev/port, /dev/mem, /dev/kmem | |
locate | /usr/bin/locate, /var/lib/locate, /var/lib/slocate, /var/lib/mlocate | Right to use updatedb command. |
log | /var/log/* | Access to log files in /var/log, |
lp | /etc/cups, /var/log/cups, /var/cache/cups, /var/spool/cups | Access to printer hardware |
mem | ||
/usr/bin/mail | ||
network | Right to change network settings such as when using a Networkmanager. | |
nobody | Unprivileged group. | |
ntp | ||
optical | /dev/sr[0-9], /dev/sg[0-9] | Access to optical devices such as CD,CD-R,DVD,DVD-R. |
policykit | ||
power | Right to use suspend utils. | |
rfkill | ||
root | /* -- ALL FILES! | Complete system administration and control (root, admin) |
scanner | /var/lock/sane | Access to scanner hardware. |
smmsp | sendmail group | |
storage | Access to removable drives such as USB harddrives,flash/jump drives,mp3 players. | |
stb-admin | ||
sys | Right to admin printers in CUPS. | |
thinkpad | /dev/misc/nvram | Right for thinkpad users using tools such as tpb. |
tty | /dev/tty, /dev/vcc, /dev/vc, /dev/ptmx | |
users | Standard users group. | |
uucp | /dev/ttyS[0-9] /dev/tts/[0-9] | Serial & USB devices such as modems,handhelds,RS232/serial ports. |
vboxusers | /dev/vboxdrv | Right to use Virtualbox software. |
video | /dev/fb/0, /dev/misc/agpgart | Access to video capture devices, DRI/3D hardware acceleration. |
vmware | Right to use VMware software. | |
wheel | Right to use sudo (setup with visudo), Also affected by PAM |
Group manipulation
List groups
Display group membership with the Template:Codeline command:
$ groups [user]
If Template:Codeline is omitted, the current user's group names are displayed.
The Template:Codeline command provides additional detail, such as the user's UID and associated GIDs:
$ id [user]
To list all groups on the system:
$ cat /etc/group
Find group ownership
List files owned by a group with the Template:Codeline command:
# find / -group [group]
Manage group membership
Add users to a group with the Template:Codeline command:
# gpasswd -a [user] [group]
To remove users from a group:
# gpasswd -d [user] [group]
If the user is currently logged in, he/she must log out and in again for the change to have effect.
Manage groups
Create new groups with the Template:Codeline command:
# groupadd [group]
To delete existing groups:
# groupdel [group]