How to check the Linux group list and about /etc/group file
What kind of group is in this Linux OS?
You may want to see a list of groups. This can be resolved by checking the /etc/group file.
Last Update : December 18, 2018
How to check the Linux group list and about /etc/group file Contents
- How to read the /etc/group file
- Log in to a group
- /etc/group and /etc/gshadow
- Output group list from /etc/group file
1. How to read the /etc/group file
Group information of Linux OS can be checked in the /etc/group file. In the /etc/group file, group name, group password, group ID, and account list are described. The contents of /etc/group are like this.
[root@localhost ~]$ cat /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm bar_group:x:501:foo2,foo3
|x||The letter "x" or the encrypted password. "x" means shadow password is used.|
|501||Group ID ( GID )|
|foo2,foo3||A list of user accounts that belong to "bar_group" as subgroups. Comma separated.|
Users can belong to more than one group.
The basic group of the user is called the primary group or the initial group, and the group belonging to others is called the sub group.
When a user creates a file, the user's primary group is set as a group of files.
2. Log in to a group
It is possible to log in to the specified group by using the newgrp command.
When you log in to a group, the primary group of the logged in account is changed to the logged in group.
If you create a file, directory, etc., it will be that of the logged-in group.
Login to the subgroup to which the account belongs does not require a password.
Login to a group not belonging requires a password. If a password is not set for the group, you can not log in.
[foo@localhost ~]$ id -a ← check the id uid=500(foo) gid=501(foo) groups=501(foo),503(subgroup) ↑ Primary group is "foo" [foo@localhost ~]$ newgrp subgroup ← Login to 'subgroup' group [foo@localhost ~]$ id -a uid=500(foo) gid=503(subgroup) groups=501(foo),503(subgroup) ↑ Primary group changed to "subgroup". [foo@localhost ~]$ touch test.txt [foo@localhost ~]$ ls -l test.txt -rw-r--r-- 1 foo subgroup 0 Oct 27 00:53 test.txt ↑ The group of the created file becomes "subgroup". [foo@localhost ~]$ exit ← Log out from "subgroup" group exit [foo@kazmax ~]$ id -a uid=500(foo) gid=501(foo) groups=501(foo),503(subgroup) ↑ Primary group returns to "foo" group.
To set the group password, use the gpasswd command.
3. /etc/group and /etc/gshadow
It is the same as the relationship between /etc/passwd and /etc/shadow.
The /etc/group file is readable by all users. For this reason, encrypted passwords can also be seen by ordinary users, so it seems that they can analyze passwords.
In environments where shadow passwords are used, the group password is encrypted and stored in /etc/gshadow. This file is a file that can only be read by root. Security is improved because general users can not read.
[foo@localhost ~]$ ls -l /etc/gshadow -r-------- 1 root root 606 Dec 1 00:23 /etc/gshadow← Only root can read
4. Output group list from /etc/group file
Output the user list from /etc/group file.
[foo@localhost ~]$ cut -d: -f1 /etc/group root bin daemon sys adm tty
It is convenient to register with alias.
Register alias with the name listgroups.
Add the following to ".bashrc" in the home directory so that it can be used when logging in.
[foo@localhost ~]$ cd [foo@localhost ~]$ vi .bashrc ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ alias listgroups="cut -d: -f1 /etc/group" ← Append ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [foo@localhost ~]$ source .bashrc [foo@localhost ~]$ listgroups root bin daemon sys adm tty
You can also output a list of groups even if you specify the option "group" for the "getent" command. Also, it will display the group registered in ldap.
# getent group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm adm:x:4:root,adm,daemon tty:x:5: disk:x:6:root lp:x:7:daemon,lp