Monday, 24 April 2017

groupadd command usage and examples

groupadd
As the name suggest this command is used to add groups to the system. groupadd command is used to create new group accounts. It updates the /etc/group file accordingly.

Syntax
groupadd [options] group_name

Options
-f --force This option causes the command to simply exit with success status if the specified group already exists. When used with -g, and the specified GID already exists, another (unique) GID is chosen (i.e. -g is turned off).
-g GID --gid GID Specify the number value which you want for group id. This is a unique value, unless the -o option is used. The value is non-negative. The default is to use the smallest ID value greater than 999 and greater than every other group. IDs between 0 and 999 are reserved for system accounts.
-K KEY=VALUE --key KEY=VALUE Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others). Multiple -K options can be specified.
-o --non-unique This option permits to add a group with a non-unique GID.
-p PASSWORD --password PASSWORD The encrypted password, as returned by crypt. By default password is disabled. This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. You should make sure the password respects the systems password policy.
-r --system Create a system group. The numeric identifiers of new system groups are chosen in the SYS_GID_MIN-SYS_GID_MAX range, defined in login.defs, instead of GID_MIN-GID_MAX.

Creating a group using groupname
The groupadd command followed by groupname will create new group.

Example
groupadd superheroes

The above example will create a group called superheroes.
We can verify whether it is created successfully or not by checking the /etc/group file.

grep superheroes /etc/group
superheroes:x:1007:

Creating group with a specific groupid
If we don’t specify a groupid while using groupadd command, system will assign one automatically.

Example
groupadd superheroes -g 9197

grep superheroes /etc/group
superheroes:x: 9197:

The above example will create a group named superheroes with a group id 9197.

Overriding  /etc/login.defs default file 
When system assigns the automatic group id, it uses the GID_MIN, and GID_MAX value specified in the /etc/login.defs files.

egrep 'GID_MIN|GID_MAX' /etc/login.defs

GID_MIN 1000

GID_MAX 60000

If we want to set within specific values, we need to use -K option. 

Example
groupadd superheroes -K GID_MIN=6666 -K GID_MAX=7777

grep superheroes /etc/group
superheroes:x: 6197:

The above example will create the account with group id 6197, which is between the values 6666 to 7777 that we specified in the command.

No comments:

Post a Comment