Re: usermod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



usermod -G "" steve

-Steve

>>> steve@xxxxxxxxx 3/30/2005 11:12 >>>
At 09:46 AM 3/30/2005, you wrote:
>>At 08:50 AM 3/30/2005, McDougall, Marshall (FSH) wrote:
>>>> >>I know you can use "usermod" on RedHat Linux to add a user to
another
>>>>group
>>>> >>by typing:
>>>> >>usermod -G sam,frank steve
>>>> >>This would effectively add steve to the "frank" and "sam"
group.
>>>>How do
>>>> >>you remove them from those groups without editing the /etc/group
file
>>>> >>manually?  I can do:
>>>> >>usermod -G steve steve
>>>> >>That will remove him from "sam" and "frank" groups but would add

>>>> steve to
>>>> >>his own group so the /etc/group file would look like:
>>>> >>steve:x:590:steve
>>>> >>instead of just:
>>>> >>steve:x:590:
>>>> >>For the life of me, I can't figure this one out.  Does anybody
know?
>>>>
>>>> >If you "usermod -G sam,frank steve" and realize that you
shouldn't 
>>>> have put
>>>> >steve in the frank group, just "usermod -G sam steve" and by 
>>>> omission, will
>>>> >remove the user from the group.  HTH

<snip>

>>>>I know it shouldn't hurt to do that, but if you do, it actually
adds 
>>>>steve to his own group again.  So instead of the line in the
/etc/group 
>>>>file looking like the following which is how it should look if they
are 
>>>>not in any other group:
>>steve:x:590:
>>it would then look like the following if you run "usermod -Gsteve
steve":
>>steve:x:590:steve
>
>I think that there is no difference between
>steve:x:590:
>and
>steve:x:590:steve
>as far as the kernel access control mechanisms are concerned. Every
user 
>in Linux/Unix is always a member of its primary group (as defined in 
>/etc/passwd) even if the list of users in that group in /etc/group is

>empty. Therefore, it is not important what to use: 'usermod -G ""
steve' 
>or 'usermod -G steve steve' - the records in /etc/group will be
different, 
>but their effect on the access control checks will be the same.


I am sure you are right.  But if someone who didn't know looked into
the 
/etc/group file, it could confuse them.  It would just be more clear to
not 
have the "steve:x:590:steve" in there and have just "steve:x:590:". 
That 
way, it doesn't start a discussion like this. :)

Thanks for all your help and knowledge
Steve


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe 
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux