Every file and folder in a GNU/Linux system belongs to a group. Each
user is also a member of a group. Groups are used to control
collections of users who may have access to particular files and
folders.
A Debian GNU/Linux system creates some standard groups and users. The
system administrator can also create new users and may also create new
groups. Groups can be managed using the Gnome users-admin
tool, accessed from Applications-->System Tools-->Users and Groups. By
default this shows only users, but you can access groups by selecting
the More Options button. This allows you to add new groups
and to add and remove users from groups.
Group |
gid |
Description |
root |
0 |
This is root's primary group. |
daemon |
1 |
A group for non-root daemons. |
bin |
2 |
This group exists for historical reasons and some programs
won't run without it. |
sys |
3 |
This group exists for historical reasons and some programs
won't run without it. |
adm |
4 |
Most of the log files (in /var/log)
are group readable by users who belong
to his group. You can add users who need to monitor such log
files to this group. Note though that sometimes private
information can be accidentally included in logs, like
passwords when connecting via PPP over a Modem. This should
not happen (the scripts that write the logs should identify
these as not being echoed) but the potential for mistakes is there. |
tty |
5 |
The terminal devices with names beginning with
/dev/tty are group accessible
to group tty. Programs such as write and
wall need access to /dev/tty and they set their
group id (sgid) to tty. |
disk |
6 |
The disk device nodes are group accessible to disk so that
programs that need access to them are sgid
disk. |
lp |
7 |
Jobs associated with the lp (printer) daemon (lpd)
are group accessible to the lp group so that lpd
can access them without being root. |
mail |
8 |
mailbox spool directories belong to group mail, MUA software runs
setgid mail. This makes dot locking possible. Also, mailboxes must be
writeable by group mail (Policy Manual, 3.1.1.1, 5.6). |
news |
9 |
standard group for user news. Why does news have its own group, and
many of the other daemon uids don't? |
uucp |
10 |
uucp jobs are group accessible to uucp. |
proxy |
13 |
web cache files are group accessible to proxy. |
kmem |
15 |
/proc/kmem is group accessible to kmem. Programs that need access are
sgid kmem. |
dialout |
20 |
ppp- and isdn device nodes are group accessible to dialout. Include
users allowed to initiate dialout in this group. |
fax |
21 |
fax jobs are group accessible to fax. |
voice |
22 |
voice messages are group accessible to voice (vgetty) |
cdrom |
24 |
|
floppy |
25 |
|
tape |
26 |
for device nodes. Include users allowed to access these in the
appropriate groups. |
sudo |
27 |
|
audio |
29 |
for device nodes. Include users allowed to access sound in this group |
dip |
30 |
For daemons running under their own uid/gid. Why are these static? |
majordom |
30 |
For daemons running under their own uid/gid. Why are these static? |
postgres |
32 |
For daemons running under their own uid/gid. Why are these static? |
www-data |
33 |
This has been discussed in the past, and the discussion is not finally
finished. Today, www data files belong to this group and the web
servers run with that group, thus being able to write the files.
This has been considered a security hole, but was not yet changed. |
backup |
34 |
|
msql |
36 |
For daemons running under their own uid/gid. Why are these static? |
operator |
37 |
|
list |
38 |
|
irc |
39 |
For daemons running under their own uid/gid. Why are these
static? |
src |
40 |
This group is intended for users who need to access source
code, including files in /usr/src. Users in this group can thus manage
system source code. Also, this group is the default group for
access to the CSV repository in /var/lib/csv. |
gnats |
41 |
For daemons running under their own uid/gid. Why are these static? |
shadow |
42 |
Programs that should be able to access the shadow passwords are sgid
shadow.
|
utmp |
43 |
Programs that should be able to access utmp are sgid utmp. |
video |
44 |
|
staff |
50 |
This group is used to control access to
/usr/local. Add users to this if they should be
able to write to /usr/local and
/var/local. |
games |
60 |
games that store user independent high score values in /var/lib/games
are sgid games |
qmail |
70 |
used for qmail |
users |
100 |
All users belong to this group. Place files that all users
should have access to in this group. |