LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-12-2011, 11:17 AM   #1
zissoudo
LQ Newbie
 
Registered: Nov 2011
Posts: 1

Rep: Reputation: Disabled
Why is the group name and user name the same?


Hello everyone... my first post and my first install of a Linux OS. I've read the books, articles, etc... and have decided to leave the dark side of Windows (07 to be specific).

So, for my first newbie questions, coming from a Windows environment, the first thing I noticed is that a good portion of my directories are owned by a group that is the same name as my username that was created during install. For example, my username is "joe" and my group name is "joe". According to this site that is what happens but it doesn't explain why. So on to my questions-

1) Why does the account created during install (Fedora 16) have the same group name as the user name?

2) Why isn't the user name that I created just part of the group "users", or "Administrators" like in a Windows install?

3) What harm would it do if I deleted this group account that has the same name as my user account and then moved my account to the "users" group, and then finally changed ALL files and directories from the deleted group to the "users" group?

4) Finally, is this considered good practice? I mean in a secure environment shouldn't the group name reflect the group operations/functions and not the user? So, if I create two groups called "friends" and "family", then the relevant user accounts would go into the relevant groups. I wouldn't however put the "neighbor_bob" account into the "neighbor_bob" group. Is that correct?

Thanks for all your input, I'm enjoying Fedora so far but have much to learn. Hopefully, with this site, and others, and posting to this forum I can learn all of it.
Eric
 
Old 11-12-2011, 11:28 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
1) because that's the model they use. Unless you have a specific motivation to use groups, they don't really sere much purpose, so their are somewhat "minimized". AFAIK, Debian uses a "user" group by default, but also then has a different default permissions mask, 002 on fedora vs 022 on debian, which again basically makes the group redundant other than as a sort of flag.

2) because as above, they don't really get used like that by default. It only really complicates things. Small group modifications are usually done with additional groups, not the primary group.

3) none, unless you mess it up.

4) if you are in a larger environment, then the users would be on something like an ldap server. in those situations then the user groups would get used much more extensively.
 
Old 11-12-2011, 11:41 AM   #3
Doc CPU
Senior Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Mint, Debian, Gentoo, Win 2k/XP
Posts: 1,099

Rep: Reputation: 343Reputation: 343Reputation: 343Reputation: 343
Hi there,

Quote:
Originally Posted by zissoudo View Post
[...] and have decided to leave the dark side of Windows (07 to be specific).
welcome here - you'll soon find that coming from Windows 7, almost everything else is a relief (except going back to Vista of course, which is a catastrophe).

Quote:
Originally Posted by zissoudo View Post
1) Why does the account created during install (Fedora 16) have the same group name as the user name?
It's part of the Unix philosophy that every user belongs to one or more groups, and that access rights and permissions are given to groups, not to users. So in a standard installation, a "normal" user belongs eclusively to his own group. Well, he belongs to a few more groups, but the group that bears his own user name is his "primary" group.

Quote:
Originally Posted by zissoudo View Post
2) Why isn't the user name that I created just part of the group "users", or "Administrators" like in a Windows install?
Because then you wouldn't be able to give or deny permissions individually; it would always affect the entire group. If you're happy with that scheme, okay!

Quote:
Originally Posted by zissoudo View Post
3) What harm would it do if I deleted this group account that has the same name as my user account and then moved my account to the "users" group, and then finally changed ALL files and directories from the deleted group to the "users" group?
That's the wrong order: Once you delete the group you belong to, you lose the rights that were given to that group.
Let's play the scene in different order: First select a different group as your primary group (e.g. "users"). Then you could delete the orphaned group that has no members but yourself. You even retain access to your files and directories, because they're still owned by the same user (you).

But then, what do you think you gain by doing that?

Quote:
Originally Posted by zissoudo View Post
4) Finally, is this considered good practice? I mean in a secure environment shouldn't the group name reflect the group operations/functions and not the user? So, if I create two groups called "friends" and "family", then the relevant user accounts would go into the relevant groups. I wouldn't however put the "neighbor_bob" account into the "neighbor_bob" group. Is that correct?
If you're talking about a quasi-public system (say, a company or university server where all employees/students have an account), that might make sense. But in a home or small office PC setup with only one "real" user (or a few, say, your family)? Why not just accept the default behavior?

[X] Doc CPU
 
Old 11-12-2011, 12:58 PM   #4
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 2,967

Rep: Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268
That policy is called "User Private Group," and the reason for it is to allow a user to have a umask that allows group read/write permission without allowing read/write access to all his files for every user on the system. Let's say you have a project called "Alpha" and want to have a directory where the users working on that project can share files with all having full read/write access. You set up the directory like this:
Code:
drwxrwsr-x 2 alpha alpha 4096 2011-11-12 11:13 /opt/alpha
Now all members of the "alpha" group can create files there, and newly created files will inherit the "alpha" group ID of the directory. But when user "joe" creates a file there, it will get permissions like this:
Code:
-rw-r--r-- 2 joe alpha 1234 2011-11-12 11:52 /opt/alpha/file_xxx
and only Joe has write access. Project members need to change their umask to 002 to allow other project members to work on the files they create. Joe's file will now look like this:
Code:
-rw-rw-r-- 2 joe alpha 1234 2011-11-12 11:52 /opt/alpha/file_xxx
But, if everyone has "users" as a primary group, then every file they create elsewhere would be readable and writeable by every user on the system.
Code:
-rw-rw-r-- 2 joe  users  252 2011-11-12 11:58 /home/joe/xyzzy
-rw-rw-r-- 2 mary users 1234 2011-11-12 11:47 /home/mary/my_file
Giving every user a private primary group gets around that problem. Today, of course, ACLs and other methods are a more likely way to control access, but those weren't as common in the past when User Private Group started being used.
 
1 members found this post helpful.
Old 11-12-2011, 02:44 PM   #5
Jenni
Member
 
Registered: Oct 2011
Distribution: Slackware, Fedora
Posts: 158

Rep: Reputation: Disabled
Quote:
Originally Posted by rknichols View Post
]But, if everyone has "users" as a primary group, then every file they create elsewhere would be readable and writeable by every user on the system.

Giving every user a private primary group gets around that problem. Today, of course, ACLs and other methods are a more likely way to control access, but those weren't as common in the past when User Private Group started being used.
It's also worth noting that you can change the permissions on a file so that the group and user have different permissions. For example, by default, a user's home directory is private - only that user and root can read or write to that folder, even if that user shares a type with other users.

My computer, currently, has two non-root users, jenni and another one (for anonymity's sake we'll call it jenni2) both in the group "users", using ls -l in /home/ shows that home folders have permissions: drwx--x--x , meaning the owner can read, write, execute. Other users, however, can not read or write, thus if I (logged in as jenni) cd to /home/jenni2 and use ls, then ls wont show me anything returning
Code:
/bin/ls: cannot open directory .: Permission denied
for files outside the home directory, the owner can use
Code:
chmod 600 <file>
so that the owner can read/write , and the group and others can't even read it.
Code:
chmod 640 <file>
so the owner can read/write, group members can read, and others have no access
Code:
chmod 644 <file>
so the owner can write to it, but everyone can read it.

So, basically, paying attention to the permissions you give your files solves that problem while allowing a "users" group to be used.

As for whether it's worth changing from the User private Group model to using a users group on a home computer. No, not really, on a larger system (eg. a university, office, etc) it would be, but on a home computer it's unlikely to cause any real problems and it would be an annoyance to change it.

I personally, prefer a users group for all the users, but that's just because I myself switch between 2 users on all of my computers, one for casual use and one for work, papers, writing, code, etc., I like to have things organized into two different /home/ directories with different config files and such, so being in the same group on both profiles allows me to share files between the two more easily while keeping others from writing to them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to list user in Linux box, add an user to a group! steady_lfcfan Linux - Newbie 12 01-27-2013 02:14 PM
how to give access to particulat user in ftp user group to particular folder marora Linux - General 2 06-16-2011 03:03 AM
User and Group Admin: How to tell Who is in What group? Akhran Linux - Newbie 1 11-13-2005 12:16 AM


All times are GMT -5. The time now is 02:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration