Linux User Management: Working with Secondary Groups

30 minutes
  • 5 Learning Objectives

About this Hands-on Lab

Often times, Linux users require membership to multiple groups to gain the access required on the system. In this lab exercise, we will create two new groups, and create three users with access to both groups. We will then create two directories and files within them to ensure all users have read/write access to both directories.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create the appadm Group with GID 30000 and the dba Group with GID 40000
# groupadd -g 30000 appadm
# groupadd -g 40000 dba
Create Users user1, user2, and user3 with a Primary Group of appadm and a Secondary Group of dba
# useradd -g appadm -G dba user1
# useradd -g appadm -G dba user2
# useradd -g appadm -G dba user3
Create the /app Directory and Give the appadm Group Read/Write Access, Then Create the /db Directory and Give the dba Group Read/Write Access
# mkdir /app
# chgrp appadm /app
# chmod 760 /app
# mkdir /db
# chgrp dba /db
# chmod 760 /db
Create the File /appadm/app1.conf Containing the Comment “This file is reserved for application configuration.” and Grant the appadm Group Read/Write Permission to the File
# echo “This file is reserved for application configuration.” > /app/app1.conf
# chgrp appadm /app/app1.conf
# chmod 760 /app/app1.conf
Create a File Named /db/db1.conf Containing the Comment, “This file is reserved for database configuration.” Grant the dba Group Read/Write Access to the File
# echo "This file is reserved for database configuration." > /db/db1.conf
# chgrp dba /db/db1.conf
# chmod 760 /db/db1.conf

Additional Resources

ABC Company has just hired three new system administrators. Their roles will primarily be to administer the application, but they will also serve as backups for the database team. The team manager has put in a ticket to grant access to her new employees requesting the following details:

  • Create group appadm with GID 30000.
  • Create group dba with GID 40000.
  • Create users user1, user2, and user3:
    • Their primary group should be appadm, and their secondary group should be dba.
  • Create a directory, /app, and ensure the appadm group has read/write access.
  • Create the directory /db and ensure the dba group has read/write access.
  • Create the file /appadm/app1.conf containing the comment "This file is reserved for application configuration." and grant the appadm group read/write permission to the file.
  • Create a file named /db/db.conf containing the comment "This file is reserved for db configuration." and grant the dba group read write access to the file.

Please use the lab environment for this exercise, and not the Cloud Playground. To gain root access, log into the lab environment with the cloud_user account and issue sudo -i.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?