How to use the gpasswd Command on Linux

Configurare noua (How To)

Situatie

The gpasswd command lets you administer groups on Linux. Group passwords don’t get used a lot in part because of the security risk they pose: multiple people sharing a password increases the opportunity for accidental or malicious exposure. Any member of the group can add or remove members, controlling the group access, which could easily get out of hand. There are a few ways to overcome this problem. You can avoid using group passwords when possible and use alternative mechanisms such as sudoers or access control lists. You can also limit access to the group passwords using privilege control so that only authorized members can do any operations.

Solutie

gpasswd Command Basic Syntax and Options

The basic syntax of the gpasswd command allows it to take two arguments: an option or flag argument and the name of the group where you’d like to run the operation. Here’s how it looks:

gpasswd [option] group

Here are the options you can use with the command:

  • -a, –add user : To add a user to the named group.
  • -d, –delete user : To remove a user from the named group.
  • -h, –help : Displays the instructions to use the command.
  • -R, –restrict : Sets the group password to “!” so that only group members with a password are allowed to use newgrp to join the named group.
  • -r, –remove-password : To remove the password from the named group. The group password becomes empty.
  • -A, –administrators user : Sets the list of administrative users.
  • -M, –members user : Sets the list of group members.
  • -Q, –root CHROOT_DIR : Applies changes in the CHROOT_DIR directory and uses the configuration files from the CHROOT_DIR directory.

Setting Password for a Group

The most common use of the gpasswd command is to set a password for specific groups. I’ll first create a group we can test it upon. Feel free to skip this if you already have a group. To create a new group on your Linux system, run:

sudo groupadd demogroup

You can use any other name than “demogroup”. To confirm if the group creation was successful, display all groups using:

cat /etc/group

You can see the new group on the list. Now let’s create a password for the group. To do that, use:

sudo gpasswd demogroup

You’ll be asked to enter your user password first (since you used sudo). Then you’ll be asked to enter a new password for the group. After entering the new password, you need to re-enter it to confirm the password.

Now if I try to log into this group, the system will ask for a password. That’s because I’m not a member of the group. To log into the group, run:

newgrp demogroup

Removing Password from Group

If you want to remove a password from a group, you can do that using the -r flag. Remove the password by passing the group name along with the flag like this:

sudo gpasswd -r demogroup

If you try to log into the group now as a member, you’ll be able to do so without entering the password.

Adding a User to a Group

The gpasswd command lets you add new members to groups. The -a option is for that purpose. The command syntax is as follows:

sudo gpasswd -a user group

So after adding the -a option, you need to pass the member’s username and then the group to which you want to add the user. For example, I want to add a user to the new group I created earlier. Here’s the command for that:

sudo gpasswd -a zunaid demogroup

Removing a User From a Group

If you want to delete a user from a specific group, you have the -d option for that. Much like the command for adding, simply provide the username and then the group name to the command, like this:

sudo gpasswd -d user group

So if I want to remove myself from “demogroup”, this is the command I need to run:

sudo gpasswd -d zunaid demogroup

Again, you can confirm if the user was removed successfully by listing the group members with this command:

getent group demogroup

Setting the List of Group Members

The gpasswd command allows you to replace the current members of the group with members you want to add. In other words, you can empty the group and then add as many new members as you want with a single command. The -M flag serves that purpose. So for example, currently there are user1 and user2 in a group. You want to remove them and add user3 and user4. To do this, run:

sudo gpasswd -M user2,user3 demogroup

Now if you check the members list of the group, you should see that the previous members are not there. Instead, you’ll find the new members.

getent group demogroup

Tip solutie

Permanent

Voteaza

(15 din 27 persoane apreciaza acest articol)

Despre Autor

Leave A Comment?