Details of group file in Linux

In Unix like Operating System their is a user group file “/etc/group” , which used to define the groups on which the user belong.  This groups are help to control the access of the files and directories from particular users in the system. The  “/etc/group”  file is a text file, that contain one entry per line, each line have four fields seperated by colon ( : ) symbol as like in passwd and shadow file. The group file have read permission for all local users,but write permission is given only to the root user.

 

Format of Group File

 

Group-name:Password:GID:User-list

 

Group-name : This field contains the name of the group

 

Password : This field denotes the group password (encrypted) is available or not for that group. If this field is empty, no password is needed for that group.

 

GID : This is the Group ID in numerical value.

 

User-list : This field contains all the group member’s user names of the system, separated by commas.

 

Informations stored in “/etc/group” file look like below

 

testgroup:x:508:testuser

 

In the above example the group name is testgroup, second field x denotes the group password is available, the third field show’s the group ID (GID) as 508 and the last field denotes that the system user named as testuser is the member of that group.

 

Now their is a question, where the Encrypted group password is stored ?

 

Answer for this question is /etc/gshadow. This /etc/gshadow is a text file that stores the encrypted password of the group which as like /etc/shadow file. The /etc/gshadow file have four fields seperated by the colon ( : ) symbol.The /etc/gshadow file is not accessable by any of the local user and only read permission is given to the root user.

 

Format of the “/etc/gshadow” file

 

Group-name:Encrypted-Password:Admin-user:Members

 

Group-name : This field contains the name of the group that also in /etc/group file.

 

Encrypted-Password : This field contains Encrypted format of the group password.

 

Admin-user : This field had the list of group administrators seperated by commas.

 

Members : This field contains all the group member’s user names of the system separated by commas.

 

To Assign the group password, the command gpasswd is used, that shown in below examples. Here the group name is testgroup and user name as testuser and testuser2.

 

To Assign Password for a group

 

#gpasswd testgroup.

 

To Assign a Administrative user to that group.

 

#gpasswd -A testuser testgroup

 

To Assign a member to the group

 

#gpasswd -a testuser2 testgroup

 

To Remove a user from a group

 

#gpasswd -d testuser2 testgroup

 

Informations stored in “/etc/gshadow” file look like below.

 

testgroup:EPqtjPDzhCAEE:testuser2:testuser

 

In this above example, the group name is testgroup with encrypted password in the second field, In the third field user named testuser2 is assigned as a Administrator of the group and the last field user named testuser is assigned as a member of that group.