You're familiar with a few user modification commands; now, let's talk about groups. Like user administration, it's important that you know the configuration files behind the commands that modify them.
/etc/group
The /etc/group file contains the basics of a group. Listing provides an example of the file /etc/group.
Listing Example /etc/group file
system:!:0:root,pconsole,esaadmin
staff:!:1:ipsec,esaadmin,sshd,xander
bin:!:2:root,bin
sys:!:3:root,bin,sys
adm:!:4:bin,adm
uucp:!:5:uucp,nuucp
mail:!:6:
security:!:7:root
cron:!:8:root
printq:!:9:lp
audit:!:10:root
ecs:!:28:
nobody:!:4294967294:nobody,lpd
perf:!:20:
shutdown:!:21:
lp:!:11:root,lp
invscout:!:12:invscout
snapp:!:13:snapp
ipsec:!:200:
pconsole:!:14:pconsole
sshd:!:201:sshd
|
As you can see, the file is colon delimited like the /etc/passwd file, and each entry contains only four fields in the following format (with spaces added before and after the delimiter to ease reading):
Group Name : Password Flag : GID : User(s)
|
Here's the line-by-line breakdown:
- Group Name. The group name associated with the group.
- Password Flag. This field is not used in AIX. Instead, AIX uses the /etc/security/group file for group administrators.
- GID. The GID associated with the group.
- User(s). The list of users who are members of the group.Note: This field is comma delimited.
/etc/security/group
The /etc/security/group file is much like /etc/security/user for users: It contains extended attributes to the specified group. Table provides a couple of useful settings in the configuration file.
Table /etc/security/group parameters
| Parameter | Format | Description |
|---|---|---|
adms | user1, user2, … | Comma-delimited list of users with administrative rights to the group. |
admin | TRUE | FALSE | If True, the group has administrative rights to the group. |
For more attributes, read the man page for /etc/security/group (
man group)The file is broken down into stanzas like the other configuration files in /etc/security, with the group name as the identifier. A nice feature of this file is that it allows you to set administrator rights to a standard user for a group. The administrators of that group can then modify the group as they see fit by adding members to or removing members from the group. Listing provides an example of what an /etc/security/group looks like. In this example, the group jradmin has
admin set to False and standard users pac and xander defined as administrators of the group.Listing Example of an /etc/security/group file
system:
admin = true
staff:
admin = false
bin:
admin = true
sys:
admin = true
jradmin:
admin = false
adms = pac,xander
|
No comments:
Post a Comment