Thursday, January 21, 2010

Ubuntu Groups

Individual user accounts are great for keeping documents and folders private on the Ubuntu workstation, but they are not at all useful for sharing documents and folders. Sharing documents is a common practice in many work environments.

The Ubuntu system provides another privilege level that facilitates sharing documents and folders. Groups are a collection of user accounts that have a privilege requirement in common. For example, you can create a group called “sales” that has read and write privileges to a folder specifically used for the sales team. Any user account that’s a member of the sales group will have full access to any document in that folder.

Individual users can be members of more than one group, although only one group is considered the main group for the user account. The main group is what Ubuntu uses to assign group privileges on any files or folders a particular user creates. By default, Ubuntu creates a separate group for each user account to use as the main group. To keep things simple, Ubuntu names the user’s group the same as the user account username.

The Ubuntu workstation comes with lots of groups already configured in the system. If you look at the groups, some of them should look similar to the options available in the User Privileges tab when you add a new user.

Ubuntu creates special groups to control access to features on the system, such as administering the system and using specific hardware devices. To allow a user access to these features, Ubuntu assigns the user account to the appropriate group. Besides these groups, Ubuntu also creates groups to be used by specific applications and services running on the system.

All of the special groups have group ID values lower than 1,000, allowing Ubuntu to easily separate the special groups from the user groups. You can manage any of the groups on the system, but it’s a good idea not to mess with the special groups unless you know what you’re doing. Otherwise, the related services may break!


The Default Ubuntu Groups
root Assigned to the root administrator account

users Used in some Linux distributions to contain all of the users on the system, but
not used in Ubuntu

libuuid Allows members to use external filesystems

syslog Allows members to access the system logs

klog Allows members to access the kernel log

scanner Allows members to access an attached scanning device

nvram Allows members to add modules to the kernel

fuse Allows members to use the FUSE filesystem to mount removable media in their
home folder without administrative privileges

ssl-cert Special group used to control encryption certificates used for the server

lpadmin Allows members to administer printers on the system

crontab Allows members to schedule jobs for execution

mlocate Allows members to use the mlocate database to locate files and folders on the
system

ssh Allows members to use an encrypted connection to communicate with a remote
device

avahi-autopid Special group used to control the automated IP detection software, which can
determine an IP address on a network

gdm Special group used for controlling the GNOME desktop services

admin Allows members to control administrative functions on the system, such as adding
programs and new user accounts

pulse Allows members to use the audio configuration utilities

pulse-access Special group used to control the audio detection services

pulse-rt Special group used to control the audio real-time service features

saned Special group used to run the software that controls network access to your local
scanners

messagebus Special group used to control internal application communications on the system

avahi Allows members to use the automatic network device detection feature to detect
devices on the network

netdev Special group used by internal communications services

polkituser Special group used by Ubuntu policy services

haldaemon Special group used by the Linux hardware detection services

Source of Information : Wiley Ubuntu Linux Secrets

No comments: