Re: usermod

[Alexey Fadyushin <fab@xxxxxxxxxxxx>]

I think that there is no difference between
steve:x:590:
and
steve:x:590:steve
as far as the kernel access control mechanisms are concerned. Every user 
in Linux/Unix is always a member of its primary group (as defined in 
/etc/passwd) even if the list of users in that group in /etc/group is 
empty. Therefore, it is not important what to use: 'usermod -G "" steve' 
or 'usermod -G steve steve' - the records in /etc/group will be 
different, but their effect on the access control checks will be the same.

Alexey Fadyushin
Brainbench MVP for Linux.
http://www.brainbench.com

Steve Buehler wrote:

> At 08:50 AM 3/30/2005, McDougall, Marshall (FSH) wrote:
>
> > > >>I know you can use "usermod" on RedHat Linux to add a user to another
> > > group
> > > >>by typing:
> > > >>usermod -G sam,frank steve
> > > >>This would effectively add steve to the "frank" and "sam" group.  
> > > How do
> > > >>you remove them from those groups without editing the /etc/group file
> > > >>manually?  I can do:
> > > >>usermod -G steve steve
> > > >>That will remove him from "sam" and "frank" groups but would add 
> > > steve to
> > > >>his own group so the /etc/group file would look like:
> > > >>steve:x:590:steve
> > > >>instead of just:
> > > >>steve:x:590:
> > > >>For the life of me, I can't figure this one out.  Does anybody know?
> > >
> > > >If you "usermod -G sam,frank steve" and realize that you shouldn't 
> > > have put
> > > >steve in the frank group, just "usermod -G sam steve" and by 
> > > omission, will
> > > >remove the user from the group.  HTH
> > >
> > > Yes, but what if I want to remove him from both groups.  You can't type
> > > "usermod -G steve".  Basically, I am wanting to remove him from ALL 
> > > groups
> > > except for his initial group.  And "usermod -g steve steve" will not 
> > > do it
> > > either.  The "-G" must have atleast one group as an
> > > option..................................I just tried something that 
> > > seems
> > > to work, but not sure if it is suppose to work this way.  I typed:
> > > usermod -G "" steve
> > > and that removed steve from all extra groups.  So either my problem is
> > > solved, or there is another "proper" way of doing it.
> >
> >
> > "usermod -Gsteve steve" should remove him from all groups except 
> > steve.  If
> > the group is in the list, then the user is added to the group.  If the 
> > group
> > is not in the list, then the user is removed from any groups not in the
> > list.  This is the way I go about it.  We all know that with *nix, 
> > there is
> > always more than 1 way to accomplish it.
>
>
> I know it shouldn't hurt to do that, but if you do, it actually adds 
> steve to his own group again.  So instead of the line in the /etc/group 
> file looking like the following which is how it should look if they are 
> not in any other group:
> steve:x:590:
> it would then look like the following if you run "usermod -Gsteve steve":
> steve:x:590:steve
>
> Thanks
> Steve

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list