NSI Home About Us Our Affiliates Resources Documentation Current Research New Account Reset Password Request Help Contact Us

Using unix groups

Summary of useful commands

ls - list directory contents
chmod - change file mode bits
groups - print the groups a user is in
id - print real and effective user and group IDs
newgrp - log in to a new group

File Permissions

All filesystem objects (files,directories, symbolic links etc.), have both a user and group ownership assigned to them. They also have permision mode bits associated with them.

cherry-creek$ ls -l
total 3
drwxr-xr-x 2 siogwah nsi 2 Sep 24 11:12 bin
drwxr-xr-x 2 siogwah nsi 2 Sep 24 11:12 data
-rw------- 1 siogwah nsi 0 Sep 16 14:51 file1
-rw-r--r-- 1 siogwah nsi 0 Sep 16 20:32 file2
-rwxr-x--- 1 siogwah nsi 0 Sep 16 20:32 file3
drwxr-xr-x 2 siogwah nsi 2 Sep 24 11:12 reports

In this example the directory bin is owned by user siogwah,by group nsi, and has the mode bits rwxr-xr-x. These permissions indicate the owner has read, write,and execute permission, a user with group id nsi has read and execute permission, and others (the last 3 bits) also have read and execute permission.

To change file permissions use the chmod command. Refer to the chmod man page for how use this command.

man chmod

Group Membership

A user may list what groups they can access using the groups command.

cherry-creek$ groups
nsi wheel nsiapps siogwah
cherry-creek$

This command however only lists the groups that a user is a member of. A more useful command is id.

cherry-creek$ id
uid=30602(siogwah) gid=41(nsi) groups=41(nsi),10(wheel),1019(nsiapps),30602(siogwah)
cherry-creek$

This command in addition to showing all the groups a user is a member of, shows which group is currently logged in as, gid=41(nsi). When a user is a member of more than one group, some commands such as sudo will refer to the list of groups. Other commands use the group the users is currently logged into. When you log into a system your session is started with your primary gid, the one listed in the systems password file. To login using a different group you can use the newgrp command.

cherry-creek$ id
uid=30602(siogwah) gid=41(nsi) groups=41(nsi),10(wheel),1019(nsiapps),30602(siogwah)
cherry-creek$ newgrp wheel
[siogwah@cherry-creek example]$ id
uid=30602(siogwah) gid=10(wheel) groups=10(wheel),41(nsi),1019(nsiapps),30602(siogwah)
[siogwah@cherry-creek example]$

In this example the id command is run to show the currently logged into gid, gid=41(nsi), then the command newgrp is used to switch to the wheel group. The second run of id shows that the gid has been changed. You may have noticed that the prompt changed from cherry-creek$ to [siogwah@cherry-creek example]$, this is because when newgrp runs it creates a new login shell without running any of the login setup scripts. If you want your login environment loaded in the new shell run with the - option. Also since you have created a new login shell the old one is still running, when you exit you will return to the previous shell. If you do not need to return to the previous shell run the newgrp command with exec, which tells the original shell to exit when the command is run.

cherry-creek$ id
uid=30602(siogwah) gid=41(nsi) groups=41(nsi),10(wheel),1019(nsiapps),30602(siogwah)
cherry-creek$ exec newgrp - wheel
cherry-creek$ id
uid=30602(siogwah) gid=10(wheel) groups=10(wheel),41(nsi),1019(nsiapps),30602(siogwah)
cherry-creek$