File Protection by Group

A second level of security, that allows more than one user account to access a

file, is the group permission. As previously pointed out, each user account is

assigned their own group, but that is not the only use for group permissions.

If there is a group of user accounts, all of which are working on the same

document project, it is possible to create a group, such as doc, and assign

each user in the project to that group. This new group is added to the

/etc/group file by the adduser program. To add the group doc the command

would look like:

adduser   group doc

While it is also possible to declare a specific ID for this group, it is not

generally recommended. adduser will assign the next available ID to the group,

and in most cases, this is just what is needed. There are a number of default

groups already provided in /etc/group for those programs that are expecting

particular gid (groud ID) numeric values, so there should never be the need

for a specific gid to be assigned to any particular group.

Once the group has been created, adduser is again used to assign each user

in the documentation project to this new group. To add the fred account to

this new group, root would execute the following command:

adduser fred doc

Now any documents that Fred creates may be assigned to the group doc and

have its group permission bits set so that others in the documentation group

can work on that file as well. To do this for the file private.txt Fred would

first issue the command:

chown fred:doc private.txt

197