创建组groupadd
In this tutorial, we will learn how to create a Group in Linux using groupadd command.
在本教程中,我们将学习如何使用groupadd命令在Linux中创建一个组。
什么是Linux组? (What is a Linux Group?)A Linux group is used to manage the privileges of a user. We can define a set of privileges to a group such as read, write access to a specific resource. Then all the users in the group automatically gets the access to that resource.
Linux组用于管理用户的特权。 我们可以为组定义一组特权,例如对特定资源的读,写访问。 然后,该组中的所有用户将自动获得对该资源的访问权限。
In simple terms, a group is a collection of users. It helps us in granting privileges to a group of users quickly. For example, “sudo” is a group and any user in that group automatically gets the superuser privileges.
简而言之,组是用户的集合。 它有助于我们快速向一组用户授予特权。 例如,“ sudo ”是一个组,该组中的任何用户都会自动获得超级用户特权。
如何在Linux中创建组? (How to Create a Group in Linux?)Linux groupadd command is used to create a group in Linux. It’s a linux specific command and it can be used across all the distributions such as Ubuntu, CentOS, and Debian.
Linux groupadd命令用于在Linux中创建一个组。 这是特定于Linux的命令,可以在所有发行版(例如Ubuntu,CentOS和Debian)中使用。
Linux groupadd命令语法 (Linux groupadd Command Syntax)The groupadd command syntax is:
groupadd命令的语法为:
groupadd [options] GROUPLet’s look at some examples to understand the usage of groupadd command and its various options.
让我们看一些示例,以了解groupadd命令及其各种选项的用法。
Linux创建组 (Linux Create Group)The groupadd command can be run by root user or as a superuser using sudo privileges.
groupadd命令可以由root用户或使用sudo特权的超级用户运行。
root@localhost:~# groupadd test_usersIf the group is created, there won’t be any error or success message.
如果创建了该组,则不会有任何错误或成功消息。
The groups information is stored in /etc/group file. We can check this file for the newly created group information.
组信息存储在/etc/group文件中。 我们可以在此文件中查看新创建的组信息。
root@localhost:~# cat /etc/group | grep test_userstest_users:x:1004:root@localhost:~# Linux Create Group Linux创建组The number above denoted the group id, which is an integer value. We can also use the getent command to get the group details.
上面的数字表示组ID,它是一个整数值。 我们还可以使用getent命令获取组的详细信息。
root@localhost:~# getent group test_userstest_users:x:1004:journaldevroot@localhost:~# 如果该组已经存在,则错误 (Error if the group already exists)If the group already exists, then the error message is displayed. Let’s run the above command again.
如果该组已经存在,则会显示错误消息。 让我们再次运行上面的命令。
root@localhost:~# groupadd test_usersgroupadd: group 'test_users' already existsroot@localhost:~# Linux Group Already Exists Error Linux组已存在错误 创建具有组ID的组 (Creating a Group with Group ID)We can specify the group id also while creating the group using -g option.
在使用-g选项创建组时,我们也可以指定组ID。
root@localhost:~# groupadd -g 1005 test_users1root@localhost:~# cat /etc/group | grep 1005test_users1:x:1005:root@localhost:~#If the group id is already in use, you will get an error message.
如果组ID已在使用中,您将收到一条错误消息。
root@localhost:~# groupadd -g 1005 test_users2groupadd: GID '1005' already existsroot@localhost:~# Linux groupadd强制成功选项 (Linux groupadd Force Success Option)We can specify -f or –force option to exit successfully if the group already exists.
如果该组已经存在,我们可以指定-f或–force选项以成功退出。
root@localhost:~# groupadd -f test_usersroot@localhost:~#If we are creating a group with force success option and the group id already exists, then group id is ignored and the group is created.
如果我们要使用强制成功选项创建一个组并且该组ID已经存在,则将忽略组ID并创建该组。
root@localhost:~# groupadd -f -g 1005 test_users2root@localhost:~# cat /etc/group | grep test_users2test_users2:x:1006:root@localhost:~#Notice that the Linux group is created with a different group id because we used the -f option.
请注意,由于我们使用了-f选项,因此使用不同的组ID创建了Linux组。
Linux groupadd帮助 (Linux groupadd help)If you want some help with the groupadd command usage, use the -h option.
如果需要有关groupadd命令用法的帮助,请使用-h选项。
root@localhost:~# groupadd -hUsage: groupadd [options] GROUPOptions: -f, --force exit successfully if the group already exists, and cancel -g if the GID is already used -g, --gid GID use GID for the new group -h, --help display this help message and exit -K, --key KEY=VALUE override /etc/login.defs defaults -o, --non-unique allow to create groups with duplicate (non-unique) GID -p, --password PASSWORD use this encrypted password for the new group -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into --extrausers Use the extra users databaseroot@localhost:~# Linux groupadd -K选项 (Linux groupadd -K Option)We can use -K option to override the GID_MIN and GID_MAX values present in the /etc/login.defs file.
我们可以使用-K选项覆盖/etc/login.defs文件中存在的GID_MIN和GID_MAX值。
It means that the new group id will be taken from the range provided using the -K option. Let’s look at an example to clearly understand this feature.
这意味着新的组ID将取自使用-K选项提供的范围。 让我们看一个示例以清楚地了解此功能。
root@localhost:~# cat /etc/login.defs | grep GIDGID_MIN 1000GID_MAX60000root@localhost:~# root@localhost:~# groupadd -K GID_MIN=20000 -K GID_MAX=21000 test_users6root@localhost:~# cat /etc/group | grep test_users6test_users6:x:20000:root@localhost:~#If you look at the earlier commands, the group ids assigned were close to 1000. But in the above groupadd command, group id used is 20000.
如果查看早期的命令,则分配的组ID接近1000。但是在上面的groupadd命令中,使用的组ID为20000。
用密码创建组 (Creating a Group with Password)We can use the -p option to create a group with password.
我们可以使用-p选项创建一个带有密码的组。
root@localhost:~# groupadd -p abc123 test_users_pwdroot@localhost:~#But, I have never used it myself or not seen anyone using it. In fact, the man page of gpasswd states this as a security issue.
但是,我从未亲自使用过它,也从未见过有人在使用它。 实际上,gpasswd的手册页指出这是一个安全问题。
root@localhost:~# man gpasswd Notes about group passwords Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.' 创建系统组 (Creating a System Group)We can use -r option to create a system group.
我们可以使用-r选项来创建系统组。
There is no difference between a normal group and a system group. The only difference is the group id assignment.
普通组和系统组之间没有区别。 唯一的区别是组ID分配。
For normal groups, the group ids are assigned from 1000 to 60000 (default value). For a system group, the group id is less than 1000.
对于普通组,组ID的分配范围是1000到60000(默认值)。 对于系统组,组ID小于1000。
Again, the group id has no significance or doesn’t provide any additional privileges.
同样,组ID不重要,也不提供任何其他特权。
root@localhost:~# groupadd -r system_grouproot@localhost:~# cat /etc/group | grep system_groupsystem_group:x:999:root@localhost:~#Notice that the group id assigned is 999.
请注意,分配的组ID为999。
结论 (Conclusion)We can use groupadd command to add groups in Linux. It’s a very simple and common command that can be used with any Linux distributions to create a group.
我们可以使用groupadd命令在Linux中添加组。 这是一个非常简单且通用的命令,可以与任何Linux发行版一起使用来创建组。
参考文献: (References:) StackExchange Discussion on Group Password Use Cases关于组密码用例的StackExchange讨论 AskUbuntu Discussion on System Groups
AskUbuntu关于系统组的讨论
翻译自: https://www.journaldev.com/39629/create-group-linux-groupadd-command
创建组groupadd