Unix groups can be used to share files with a small number of University of Delaware users. Each user on the central machines is associated with a list containing at least one group, and each file or directory on the central Unix machines is associated with one group. This is usually referred to as group membership and group ownerships, respectively. That is, users are in groups and files are owned by a group.
Users do not need to do anything to be in a group - this is all managed for them. All users with an email account are in group 4000. Most students, registered for class, are in a group created specifically for their class section. Researchers using Strauss for computing work are in a group created for their computing projects. Here at the University of Delaware we also use Unix groups for accounting purposes, and that is why the group names are usually four digit account project codes. Each accounting project has a project director who is responsible for adding or removing members from the group. The project director is an instructor for a class project, a principle investigator for a sponsored project, or the university staff member originally requesting the project. Maintaining the members of projects is done through the email account - access@udel.edu.
Managing group ownership of files and directories requires some action by the user. All files or directories are owned by the user creating them. In addition to being owned by a user, each file or directory is owned by a group. It is important to have group ownership correct, if you ever want to share files with your group. Group ownership does not imply group access, you must set the file access permissions so your group can use the files. Permissions can be set to restrict the type of access that group members have to your directories and files. You can use different Unix groups to share files with separate sets of users.
Users are organized into groups, every users is in at least one group, and may be in other groups. Group membership gives you special access to files and directories which are permitted to that group.
Every user is in a primary group and may be in several secondary groups. The user is said to be in a group if the group name is in their list of groups. You do not have to be logged on to be in a group. When you are logged on you are assigned a group which is called your current group. This is also termed "being in a group", but it is better to say "your shell is assigned to the group". When you first log on, you are assigned your primary group, which is also called your default group. You can change your current group, i.e., start a shell with a secondary group as the current group, with the newgrp command. You can change your primary group, i.e., set a default group for your next login, from the UD&Me network web page. You can see your group list or the group list of any user with the groups command. For example
strauss<1>% groups dnairn anitalists all the groups for dnairn and anita, the first group is the primary group, the remaining groups are in alphabetic order. If you just type groups you will get your groups.
dnairn : 1864 0123 0191 0217 0361 0363 0379 0380 0400 0583 4000
anita : 1864 0123 0388 0400 0583 4000
Note: Currently the Unix systems are configured to only allow 16 total groups in this group list. If you see exactly 16 projects in your list then you may be in project, but not in the Unix group for that project.
Every file and directory has a username and a groupname associated with
it. We say the username is the owner and the groupname owns the file or
directory. A directory is a collection of files and possibly other
sub-directories. There are commands for managing group ownership
for both directories and files. In the example commands given
in this document
we use
The long format of the listing command gives the permission modes,
the owner and the group for both files and directories. Use the
ls -dl
When a file or directory is first created it takes as its group
the current group of your shell. This is the default group for
all login shells, but you can start another shell with any group
with the command newgrp
If you want to change the group associated with a file or directory
which already exists
use the command chgrp
In many cases the group ownership does not matter, but if you want to share a file with a group, then it is important that you get the ownership correct. Otherwise you may be inviting all users to put their large files in your directory.
<2>% ls -dl kneelandThe first string of characters are the mode, the following number is a count, the user name is the owner and the 4 digit account code is the group.
drwxr-x--- 3 dnairn 0217 512 Aug 14 15:14 kneeland
| Command | Description | Example |
|---|---|---|
| chdgrp | List groups with title and remaining balance |
chdgrp |
| groups | See groups to which you belong with primary group first | groups |
| id | See current group as part of your id | id |
| newgrp | Start a shell in a different group | newgrp 1234 |
| chmod | Change permissions for directories and files | chmod g+rwx myfile |
| chgrp | Change group ownership of directories and files | chgrp 1234 myfile |
| ls | List file permissions | ls -l |
Just by itself, the chdgrp will list your current groups with a short description.
Project Title Remaining Valid on hostsThis is helpful if you forgot which project number to use for your groups
0068 WWW-IDEA CENTER 100.00 mahler strauss
1864 US-STAFF 1740.58 mahler strauss
0123 RESTRICTED DATA 50.00 mahler strauss
0583 WWW-IT 89.57 mahler strauss
0191 USMAILTEST-ALIAS 100.00 mahler strauss
0217 WWWMAINT 100.00 mahler strauss
0380 US-QUOTA-REQUESTS 100.00 mahler strauss
0400 US-ALTERNATE INBOX 200.00 mahler strauss
4000 U. OF D. E-MAIL 50.00 mahler strauss
Your default group is currently 1864.
To change your default group please go to http://www.udel.edu/network
<4>% groupsThe first group which is listed is your primary group. That may be the only group to which you belong.
1864 0123 0217 0380 0400 0583 4000
Both chdgrp and groups commands will list your groups and tell you which one is the default group. However the chdgrp command can not be used to get information about another account, whereas the groups command can be used to list of groups for any user.
<54>% idThe current group is the project code 1864.
uid=7101(dnairn) gid=1267(1864)
<5>% newgrp 0217Use the exit command to exit the shell and your current group will be restored to what it was before the exit command.
<1>% groups
1864 0123 0191 0217 0361 0363 0379 0380 0400 0583 4000
<2>% id
uid=7101(dnairn) gid=1829(0217)
<3>% exit
exit
<6>% id
uid=7101(dnairn) gid=1267(1864)
The first group in the groups list is your primary group, whereas the group in the id information is your current group. You can also find all your groups with the id -a command.
The command syntax to enable all members of a group to read some file is:
chmod g+r filename
where filename is the name of the file you want to share. The file is now readable to the group associated with the file filename.Once you check to make sure a directory and all its files and sub-directories are owned by the correct group you can set the permission modes for everything with the one command
chmod -R g+rX dirname
where dirname is the name of the directory that contains the files you want to share. This command is called.
The chmod command can also be used to allow members of a group to put files in a directory. The owner of the directory can open a directory for shared writing with the command:
chmod g=swrx,+t dirname
where dirname is the name of the directory you want to members of your group to create files in. The "s" is the group set-ID setting, which means all new files in this group will be owner by the user putting them there, but the group ownership will be set to match the group of the director, not the current group of the owner. This is the recommended way to keep all the group ownerships correct. The "+t" makes this a sticky directory. This means only the owner of a file (or the owner of the directory) can delete or rename a file. This is recommended if several users will be putting files in the same directory.
The syntax for the chgrp command is:
chgrp groupname filename
where groupname is the name of the group with which you would like to share a file named filename.Whereas the chmod command determines the type of access that group members may have to a file or directory, the chgrp command determines which group may access that file or directory.
ls -l
will list all the files and directories in the current directory. You can use this command to verify that:One of the most common mistakes in sharing files on a UNIX system is to forget to set file permissions or to set them incorrectly. If permissions are not set correctly, then a user will see the following message or a similar one when they try to access your directory or files:
permission denied
<1>% groups $USER anitaProject code 0123 is a good group name.
dnairn : 1864 0123 0191 0217 0361 0363 0379 0380 0400 0583 4000
anita : 1864 0123 0388 0400 0583 4000
<2>% ls -dl myfile
-rw-r----- 1 dnairn 1864 0 Dec 21 15:09 myfile
chmod g+r myfile
<2>% ls -dl . .. ../.. ../../..
drwxrwsr-x 2 dnairn 1864 512 Oct 16 10:42 .
drwxrwsr-t 3 dnairn 1864 512 Oct 16 10:26 ..
drwxr-xr-x 84 dnairn 1864 6656 Dec 21 11:07 ../..
drwxr-xr-x 198 root root 9216 Aug 22 04:10 ../../..