asim:~> id
uid=501(asim) gid=501(asim) groups=100(users),501(asim),3400(web)
asim:~> grep asim /etc/passwd
asim:x:501:501:Asim El Baraka:/home/asim:/bin/bash
asim:~> grep 501 /etc/group
asim:x:501:
The fourth field in the line from /etc/passwd contains the value "501" , which represents the group asim in the above example. From /etc/group we can get the name matching this group ID. When initially connecting to the system, this is the group that asim will belong to.
User private group scheme
In order to allow more flexibility, most Linux systems follow the so-called user private group scheme , that assigns each user primarily to his or her own group. This group is a group that only contains this particular user, hence the name "private group" . Usually this group has the same name as the user login name, which can be a bit confusing.
Apart from his own private group, user asim can also be in the groups users and web . Because these are secondary groups to this user, he will need to use the newgrp to log into any of these groups. In the example, asim needs to create files that are owned by the group web .
asim:/var/www/html> newgrp web
asim:/var/www/html> id
uid=501(asim) gid=3400(web) groups=100(users),501(asim),3400(web)
When asim creates new files now, they will be in group ownership of the group web instead of being owned by the group asim :
asim:/var/www/html> touch test
asim:/var/www/html> ls -l test
-rw-rw-r-- 1 asim web 0 Jun 10 15:38 test
Logging in to a new group prevents you from having to use chown (see Section 3.4.2.4 ) or calling your system administrator to change ownerships for you.
See the manpage for newgrp for more information.
3.4.2.3. The file mask
When a new file is saved somewhere, it is first subjected to the standard security procedure. Files without permissions don't exist on Linux. The standard file permission is determined by the mask for new file creation. The value of this mask can be displayed using the umask command:
bert:~> umask
0002
Instead of adding the symbolic values to each other, as with chmod , for calculating the permission on a new file they need to be subtracted from the total possible access rights. In the example above, however, we see 4 values displayed, yet there are only 3 permission categories: user , group and other . The first zero is part of the special file attributes settings, which we will discuss in Section 3.4.2.4 and Section 4.1.6 . It might just as well be that this first zero is not displayed on your system when entering the umask command, and that you only see 3 numbers representing the default file creation mask.
Each UNIX-like system has a system function for creating new files, which is called each time a user uses a program that creates new files, for instance, when downloading a file from the Internet, when saving a new
