Hi all,

I was wondering what group(s) one should make your main user a member of. I haven't found a clear answer while searching around.

In Windows I'm used to always working with local admin rights, but in Slackware I'd prefer to follow the advice of creating a user. Which I did I just have no clue what all the groups do exactly, and what the most commonly used ones are for a "superuser" for instance.

Mud

In Red Hat when a new user is created with the useradd command, a group of the same name is created and the new user is automatically added to said group. Of course you can put the user in any other groups with the supplemental 'usermod -a -G $user $group' command, but as far as conventions... that's all I know. (As they say, if you want to know Red Hat use Red Hat, if you want to know Linux, use Slackware

Anyway you essentially want your user to be a part of any group he will have group permissions for. So if root has a file with permissions rwxrwx---, and the file is owned by user/group root:root, then anyone in the the group root will have rwx permissions. So it would make sense that the main user at least be in the group root supplementally. But again it's hard to talk about conventions without bringing in different distribution philosophies, LDAP, etc. into the conversation. Hope that helps a little - anyone else?

when you created a new user, you can just use the up arrow to add additional groups which should be safe for normal use besides the default "users" group

The purpose of groups is to allow users to access files and utilities that they would not otherwise have access to; "users" in this context means everybody but root.

There is a basic rule of multiuser, multitasking operating systems (Windows is not one of those): Thou Shalt Not Work as Root (because you can do a lot of unintended damage really, really quickly). Essentially, you only want to be logged in as root (or use su or sudo) as rarely as possible. But, as a user, you do need to be able to, you know, do stuff so a way needs to exist that lets you. That's what groups are for.

The pretty much standard default mask for creating files and directories, where owner, group and public access permissions are set, is 0022 (this is an octal value that is used by the system when you create a file or directory). See the manual page for the umask utility for more. With that umask value, every time you create a file it will have a mask that looks like this:
That's three sets of permissions: owner (you), group (others know to you) and public (anybody else). In this case, I have read-write, users can read and public can read.

That's files. Directories get created with
It's a directory, I have read, write and execute, the group as read and execute and public has execute (which implies read).

That's the default (and it's a good default). If you wanted other users to have write permissions to files you've created you can add that with
and, to allow write access in a directory
Now, you'd do this kind of thing if you're working on a project with other users. You'd create a directory somewhere (not in anybody's home directory, perhaps in /usr/local), make it writable (chmod 775 dirname) and then have users add group write permissions to any files they create in that directory (chmod 664 filename). Actually this is a little convoluted and there are other ways to accomplish it but we're looking at basics here.

Back to your original question, here's a good set of groups for an ordinary user to belong to:
Contrast this to the groups root belongs to:
(and, no, you do not want to add uses to those).

Having a user belong to the groups listed above lets a user do things that otherwise would require root permissions; e.g., plugdev lets you plug in a memory stick and read and write it, lp and scanner lets you use a scanner.

The permission masks and groups are there so users can do what they need to without the need (or the ability) to do things they shouldn't be doing -- keep in mind that the system is designed to support hundreds of users (even though it's just "you" on your own system) and those "checks and balances" are there to make that feasible. There is a discussion at http://en.wikipedia.org/wiki/Group_identifier that you may find useful.

Hope this helps some.

3 members found this post helpful.

Big thanks tronayne! That was very informational and helpful.

In my case (a desktop / laptop environment where only my spouse and I use the machine) I often do need the root user to be able to install programs, set up network, etc. So I do want some extra permissions on my own user so that I don't have to switch to the root too often. I'll look into sudo more as well in any case. It's all still very new to me, but I've learned a heck of a lot in the past week.

In any case, I believe nderstand the concept now from a multi-user point of view.

Is there any documentation on the groups and what they allow the users belonging to them do exactly?

Not really.

There are things you must do as root -- setting up networking, adding user accounts, install programs and the like. You can do those things using sudo or su - or a direct log in as root; just be careful as you use any of those methods because there is absolutely nothing that will prevent you from doing anything at all. Make sure before you hit the carriage return rather than after, eh?

By belonging to a given group (other than users), you'll be able to do things as suggested above; e.g., use a scanner, use a memory stick, plug in your camera and unload photographs from it, those sorts of things. You will not be allowed to do "root" things, those are, wisely, reserved for somebody who knows the root password.

As you go on it'll get plainer; don't get all hung up worrying about groups, just add your user account(s), as root, sudo or su -, like this (if they're not already there -- simply execute the groups command to see what groups you do belong to):
Hope this helps some.