Most installations will make little or no real use of the user group facilities offered by Linux. However, they are available and can offer some elegant solutions to various security problems.
Groups are generally used to allow sets of users to have common access to a collection of files while denying access to the rest of the system's users. It may happen, however, that you want a particular user to be able to join in with more than one group at various times. In these circumstances the group idea is not very helpful unless a user has the ability to change groups. And indeed, under Linux, this is the case.
To understand this better, let us have a look at the format of the group file. It consists of a set of lines with one line per group, and each line has the format..
group_name:password:gid:user_list
This is loosely analogous to the arrangement in the password file, where each line is split into fields separated by colons. In the case of the group file, each line has four fields which are:
Name of the group. This name appears in the group column (field four) of an ls -l listing.
Optional password. If a password is set on a group then it will be requested when changing to that group.
The GID number to be associated with the group.name.
Optional comma separated user list. This can also be used to permit users to change to this group.
Typical entries in the /etc/group file are:
root::0:root
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adin::4:root,adm,daemon
users::100:
book::500:
When a user logs in, the GID in the password file assigns the user to a default group. Taking the user roger, whose account we just created, the default GID specified in the password entry is 100. This puts roger in the group users immediadiately after logging in. With the contents of the group file shown in the previous example roger does not have permission to change to any other group.
Suppose now, you wanted roger to be able to change groups to book on occasion so as to be able to work with the book team. This could be achieved in one of two ways. The best way is to enter roger into the user_list of the group book as follows:
book::500:roger
All roger has to do now to change groups to book is to use the newgrp command as follows:
$ newgrp book
and the group change will take place. Using the newgrp command without specifying a group parameter will change the user back to their default group.
The other way to allow group changes is to set a password on the group instead of entering the user names. Once the password is in place, roger trying to change to group book will be asked to supply the group's password before access to to the new group is granted.
This may sound a good idea but in reality the second method is not as secure as the first. Admittedly, roger has to supply a password now, but any user on the system with the password could also change groups to book. So, what if the password falls into unauthorized hands, which must be more likely if it is shared by a large group? Or, how do you go about removing a user with a group password from that group without having to change the password for everyone else?
Just asking these questions should be enough to convince you that listing the names explicitly in the group file is the better approach.