Blackburn, Marvin wrote:
To the best of my knowledge, there is no information that actually directly pertains to a user's primary group stored in /etc/shadow, /etc/gshadow, or even /etc/group for that matter. The name and ID of every group is stored in the /etc/group and /etc/gshadow files, but the only danger there is "orphaned" groups. You can safely change the user's primary group by changing the 4th field in the /etc/passwd file. If you are effectively removing that group entirely, you may wish to remove it from /etc/group and /etc/gshadow, or if you want the group to remain you can leave it in those two files with no ill effect. You will only need to modify gpasswd and gshadow if you're getting into advanced group management - if that's the case check out the gpasswd man page.I am new to the shadow password file processing and Have a question. How do I properly change a users primary group.
Can I just enter it into the /etc/passwd file? How do the changes get propogated to /etc/shadow and /etc/gshadow?
Any help would be appreciated. I am running redhat as 2.1
------------------
Marvin Blackburn
Systems Administrator
Glen Raven
"He's no failure. He's not dead yet" --William Lloyd George
Having said that, there is a command which handles this type of operation for you. You can use "usermod -g <newgroup> <userid>" to change a user's primary group, and it will handle changing the appropriate files. Note that if you remove a user, and are using "usergroups" (USERGROUPS_ENAB is set in /etc/login.defs - such that all users are created by default belonging to a single group of their own username) then userdel will remove that group - only if there are no other members of it. So if you follow these steps:
useradd foo # Adds a user named foo
usermod -g users foo # Changes foo's primary group to users
userdel foo # Deletes foo, and the usergroup foo that was created when the user was
Interestingly enough, the second step above does not delete the group foo - which I think is a nice feature. He can still belong to that group, if you add it as an optional group for his user, but you may not desire for that to be his *primary* group.
If that doesn't clear it up sufficiently, as always, ask more! :)
Aaron S. Joyner
PS - For the record, is your subject referring to the act of managing them, or the users themselves? It wasn't clear.
--Your friendly BOFH
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
