usermod -G "" steve -Steve >>> steve@xxxxxxxxx 3/30/2005 11:12 >>> At 09:46 AM 3/30/2005, you wrote: >>At 08:50 AM 3/30/2005, McDougall, Marshall (FSH) wrote: >>>> >>I know you can use "usermod" on RedHat Linux to add a user to another >>>>group >>>> >>by typing: >>>> >>usermod -G sam,frank steve >>>> >>This would effectively add steve to the "frank" and "sam" group. >>>>How do >>>> >>you remove them from those groups without editing the /etc/group file >>>> >>manually? I can do: >>>> >>usermod -G steve steve >>>> >>That will remove him from "sam" and "frank" groups but would add >>>> steve to >>>> >>his own group so the /etc/group file would look like: >>>> >>steve:x:590:steve >>>> >>instead of just: >>>> >>steve:x:590: >>>> >>For the life of me, I can't figure this one out. Does anybody know? >>>> >>>> >If you "usermod -G sam,frank steve" and realize that you shouldn't >>>> have put >>>> >steve in the frank group, just "usermod -G sam steve" and by >>>> omission, will >>>> >remove the user from the group. HTH <snip> >>>>I know it shouldn't hurt to do that, but if you do, it actually adds >>>>steve to his own group again. So instead of the line in the /etc/group >>>>file looking like the following which is how it should look if they are >>>>not in any other group: >>steve:x:590: >>it would then look like the following if you run "usermod -Gsteve steve": >>steve:x:590:steve > >I think that there is no difference between >steve:x:590: >and >steve:x:590:steve >as far as the kernel access control mechanisms are concerned. Every user >in Linux/Unix is always a member of its primary group (as defined in >/etc/passwd) even if the list of users in that group in /etc/group is >empty. Therefore, it is not important what to use: 'usermod -G "" steve' >or 'usermod -G steve steve' - the records in /etc/group will be different, >but their effect on the access control checks will be the same. I am sure you are right. But if someone who didn't know looked into the /etc/group file, it could confuse them. It would just be more clear to not have the "steve:x:590:steve" in there and have just "steve:x:590:". That way, it doesn't start a discussion like this. :) Thanks for all your help and knowledge Steve -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
