UNIX Groups

Information on setting up UNIX groups

Reviewed by Bil Hays 5/2/2014

This page provides info on setting up UNIX groups in NFS space and on local UNIX filesystems.  Note, however, that files and directories under AFS are not subject to regular UNIX permissions, including group membership, so this subject is moot for many files on our systems.  For info on controlling access to files in AFS (e.g., the files in your home directory), see information on AFS file security.

UNIX groups provide a mechanism whereby a group of different users can share access to files or directories without granting all users on the system access to those files or directories.  Using the chmod and chgrp commands, you can control the types of access that group members have to a file.  To establish a group, first determine the logins of the people that should be included in the group and an appropriate name for that group, and then send mail to “help” requesting that the group be created.  Be sure to include the logins of all users who should be members of the group.

Normally, when a file is created, it belongs to the same group as its parent directory.  You can see what group a file belongs to with the “ls -l” command, which will display both the owner and group of the file.  To see what group a directory belongs to, you can use the “ls -ld” command.  You may also find out what groups you belong to by entering the command “groups.”  If you are not the owner of a file in a regular (non-AFS) directory, then UNIX will check compare the group of the file with your group membership.  If any one of the groups to which you belong matches the group of the file, and the group has access permissions, then you will be able to access that file.  The permissions for others are only applied if you are not the owner AND you do not belong to the group the file is in.

You may change the group of a file you own to any group of which you are a member. To do this, enter

chgrp newgroup filename.

The system will inform you if you attempt to change a file to a group to which you do not belong.  If you change the group of a directory, then any new files created in that directory after the change will belong to the new group by default.

You can use the chmod command to control the group access to a file or a directory.  For example, to give full access to all users who belong to the group that a file or directory is in, you can type

chmod g+rwx filename.

For directories, the permission r allows you to read filenames from a directory, the permission w allows you to add new files to that directory, and the permission x allows you to cd into a directory or include it in a pathname.

For more details on groups and file permissions, see the manual pages for ls, chgrp and chmod.