A group is a list of users. A group is identified by its group name and GID. In FreeBSD, the kernel uses the UID of a process, and the list of groups it belongs to, to determine what the process is allowed to do. Most of the time, the GID of a user or process usually means the first group in the list.
The group name to GID mapping is listed in /etc/group. This is a plain text file with four colon-delimited fields. The first field is the group name, the second is the encrypted password, the third the GID, and the fourth the comma-delimited list of members. For a more complete description of the syntax, refer to group(5).
The superuser can modify /etc/group using a text editor. Alternatively, pw(8) can be used to add and edit groups. For example, to add a group called teamtwo and then confirm that it exists:
Example 14-7. Adding a Group Using pw(8)
# pw groupadd teamtwo # pw groupshow teamtwo teamtwo:*:1100:
In this example, 1100 is the GID of teamtwo. Right now, teamtwo has no members. This command will add jru as a member of teamtwo.
Example 14-8. Adding User Accounts to a New Group Using pw(8)
# pw groupmod teamtwo -M jru # pw groupshow teamtwo teamtwo:*:1100:jru
The argument to -M
is a comma-delimited list of users to
be added to a new (empty) group or to replace the members of an existing group. To the
user, this group membership is different from (and in addition to) the user's primary
group listed in the password file. This means that the user will not show up as a member
when using groupshow
with pw(8), but will show
up when the information is queried via id(1) or a similar
tool. When pw(8) is used to add a
user to a group, it only manipulates /etc/group and does not
attempt to read additional data from /etc/passwd.
Example 14-9. Adding a New Member to a Group Using pw(8)
# pw groupmod teamtwo -m db # pw groupshow teamtwo teamtwo:*:1100:jru,db
In this example, the argument to -m
is a comma-delimited
list of users who are to be added to the group. Unlike the previous example, these users
are appended to the group list and do not replace the list of existing users in the
group.
Example 14-10. Using id(1) to Determine Group Membership
% id jru uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamtwo)
In this example, jru is a member of the groups jru and teamtwo.
For more information about this command and the format of /etc/group, refer to pw(8) and group(5).