1

This is in RHEL-8.10 for what it's worth...

in /etc/passwd I have

ron:x:20000:100:me:/home/ron:/bin/bash

so my uid is 20000, and my gid is 100 which as defined by convention in /etc/group is the users group. And after a clean install of Linux from iso the users group in /etc/group is empty.

The scenario is this:

mkdir /data chown jack.users /data chmod 770 /data
  • ls -l /data shows drwxrwx---. 4 jack users <date> data
  • account ron is not in users:x:100: in /etc/group.
  • as /ron cannot cd /data with it as drwxrwx---.
    • ron can only cd /data if
      • chmod 777 /data or
      • putronin/etc/groupunderusers:x:100:ron`

Can someone let me know what I may be missing or doing wrong which would contribute to such a scenario?

The baffling part is I have a RHEL-8.10 server with some hundred users defined in /etc/passwd all having their primary group id as 100 and none are defined in users:x:100: in /etc/group and this problem does not happen.

Does your account primary group in /etc/passwd mean that you are inherently in that group or do you also need to also list those accounts in /etc/group after users:x:100: ?

Improve this question
8
  • what do you get if you log in as ron and run id? Commented Jul 24, 2024 at 14:48
  • This question is similar to: Why don't /etc/group and /etc/password match?. If you believe it’s different, please edit the question, make it clear how it’s different and/or how the answers on that question are not helpful for your problem. Commented Jul 24, 2024 at 14:51
  • You're inherently in the primary group set via the gid in /etc/passwd. That gid doesn't even have to exist in /etc/group (or any other sources of groups, such as LDAP) Commented Jul 24, 2024 at 14:52
  • 2
    Also note the dot at the end of the permission characters, indicating a SELinux security context, which might affect access to the directory. Commented Jul 24, 2024 at 14:55
  • @muru - no that similar question is different. It seems to state what it means which I don't disagree with, but I am experiencing what seems to be a contradiction. Commented Jul 24, 2024 at 14:56

1 Answer 1

Reset to default
0

The primary group is defined in /etc/passwd. Secondary group membership is assigned in /etc/group. Users with primary groups defined do not need to have entries in those same groups in the /etc/group file.

The primary group is used for the default when creating files and directories. Secondary groups can be assigned to files/directories if the user is a member as defined in /etc/group.

As for your "ron" question, what group(s) is he in? If his primary group is not 100, then it won't match your group access by default. But, if he were in the /etc/group file in the "users" group, then he would. If he is not listed in a matching group in /etc/group and his primary GID is different than yours, then you will need to either open the directory up to the "world" (777) or assign ron to "users" in /etc/group.

The behavior you are seeing appears to be exactly what's expected in all unix's.

PS. Don't delete "users" from /etc/group even if there are no users assigned to it. The system still uses /etc/group as a cross-reference for primary GID name resolution.

If you delete "users:x:100:" from /etc/group, when you do an "ls -l" (for example) you will not see the group name; instead, you will see the GID number.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.