A group is simply a list of users. Groups are identified by their group name and GID (Group ID). In FreeBSD (and most other UNIX® like systems), the two factors the kernel uses to decide whether a process is allowed to do something is its user ID and list of groups it belongs to. Unlike a user ID, a process has a list of groups associated with it. You may hear some things refer to the “group ID” of a user or process; most of the time, this just means the first group in the list.
The group name to group ID map is in
/etc/group
. This is a plain text file with four
colon-delimited fields. The first field is the group name, the
second is the encrypted password, the third the group ID, and the
fourth the comma-delimited list of members. It can safely be edited
by hand (assuming, of course, that you do not make any syntax
errors!). For a more complete description of the syntax, see the
group(5) manual page.
If you do not want to edit /etc/group
manually, you can use the pw(8) command to add and edit groups.
For example, to add a group called teamtwo
and
then confirm that it exists you can use:
The number 1100
above is the group ID of the
group teamtwo
. Right now,
teamtwo
has no members, and is thus rather
useless. Let's change that by inviting jru
to
the teamtwo
group.
#
pw groupmod teamtwo -M jru
#
pw groupshow teamtwo
teamtwo:*:1100:jru
The argument to the -M
option is a
comma-delimited list of users who are members of the group. From the
preceding sections, we know that the password file also contains a
group for each user. The latter (the user) is automatically added to
the group list by the system; the user will not show up as a member
when using the groupshow
command to pw(8),
but will show up when the information is queried via id(1) or
similar tool. In other words, pw(8) only manipulates the
/etc/group
file; it will never attempt to read
additionally data from /etc/passwd
.
%
id jru
uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)
As you can see, jru
is a member of the
groups jru
and
teamtwo
.
For more information about pw(8), see its manual page, and
for more information on the format of
/etc/group
, consult the group(5) manual
page.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.