Re: usermod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 09:46 AM 3/30/2005, you wrote:
At 08:50 AM 3/30/2005, McDougall, Marshall (FSH) wrote:
>>I know you can use "usermod" on RedHat Linux to add a user to another
group
>>by typing:
>>usermod -G sam,frank steve
>>This would effectively add steve to the "frank" and "sam" group.
How do
>>you remove them from those groups without editing the /etc/group file
>>manually? I can do:
>>usermod -G steve steve
>>That will remove him from "sam" and "frank" groups but would add steve to
>>his own group so the /etc/group file would look like:
>>steve:x:590:steve
>>instead of just:
>>steve:x:590:
>>For the life of me, I can't figure this one out. Does anybody know?

>If you "usermod -G sam,frank steve" and realize that you shouldn't have put
>steve in the frank group, just "usermod -G sam steve" and by omission, will
>remove the user from the group. HTH 

<snip>

I know it shouldn't hurt to do that, but if you do, it actually adds steve to his own group again. So instead of the line in the /etc/group file looking like the following which is how it should look if they are not in any other group: 
steve:x:590:
it would then look like the following if you run "usermod -Gsteve steve":
steve:x:590:steve

I think that there is no difference between
steve:x:590:
and
steve:x:590:steve
as far as the kernel access control mechanisms are concerned. Every user in Linux/Unix is always a member of its primary group (as defined in /etc/passwd) even if the list of users in that group in /etc/group is empty. Therefore, it is not important what to use: 'usermod -G "" steve' or 'usermod -G steve steve' - the records in /etc/group will be different, but their effect on the access control checks will be the same.


I am sure you are right. But if someone who didn't know looked into the /etc/group file, it could confuse them. It would just be more clear to not have the "steve:x:590:steve" in there and have just "steve:x:590:". That way, it doesn't start a discussion like this. :)

Thanks for all your help and knowledge
Steve


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux