Changing the default group for a Linux user

I have a couple of bash and PHP scripts I created to checkout a local copy of a specific project, rsync the checked out copy to a staging server, and then remove the checked out files. When I commit something to CVS from Eclipse, it uses the extssh method of connecting to CVS and logs into SSH using the username raam. I discovered that when I create a new file in Eclipse, commit it to CVS, and then run my staging scripts, the staging scripts are unable to checkout and rsync the new file. Why? Because the new file belongs to the raam group, instead of the cvs group.

To solve this problem, I needed to change the default group used when the user raam creates a new file. You can see current group info for yourself using the id command:

raam@mercury:~$ id
uid=1000(raam) gid=1000(raam) groups=1001(cvs),20(dialout),24(cdrom),25(floppy),29(audio), 33(www-data),44(video),46(plugdev),1000(raam)

As you can see from gid=1000(raam), the default group is currently set to raam. This information is stored in the /etc/passwd file:

raam@mercury:~$ cat /etc/passwd | grep raam
raam:x:1000:1000:Raam Dev,,,:/home/raam:/bin/bash

The fourth field holds the default gid. When I ran the id command earlier, I noticed the gid for the cvs group is 1001, so after changing the fourth field for my account in the /etc/passwd file (root access required), I can run the id command again and confirm my default group has changed:

raam@mercury:~$ id
uid=1000(raam) gid=1001(cvs) groups=1001(cvs),20(dialout),24(cdrom),25(floppy),29(audio), 33(www-data),44(video),46(plugdev),1000(raam)

This fixed my problem with the staging scripts, because now every new file committed to CVS automatically has the cvs group and the www-data account which runs those scripts has access to files in the cvs group.

In retrospect, this was probably the wrong (or long) solution to my problem. I should have just added the www-data account to the raam group, so my PHP scripts had access to files I committed to CVS.

Either way, I learned something new! Thanks to tldp.org for this page on File Security, which explains everything I learned.

Write a Comment

Comment

  • Related Content by Tag