Command to know privileges of a user group
Solution 1
Is there any command through which I could know which type of privileges a group has?
No, there is no way to know everything that a group grants access to.
The reason for this is that the group itself doesn't track what uses it. For example, the file /foo might be owned by the group bar. The file itself says "I belong to bar", the group doesn't say "/foo belongs to me".
So you could traverse the filesystem, looking for things that belong to group bar, but it's not quite so simple. You can also have software which is configured to allow users in certain groups access to a resource. For example, some Linux distributions restrict access to the su utility to members of the wheel group. Or you might have Samba configured to only export a share to members of a certain group.
If you want to find files in which access might be different based upon group membership, you can do a find for files owned by that group:
find / -group bar
However this will not take into consideration filesystem ACLs. Though filesystem ACLs aren't used in typical setups, if you wanted to search for them as well, the command becomes much more complicated:
find / \( -group bar -o -exec sh -c 'getfacl "$1" | grep -q "^group:bar:"' -- {} \; \) -print
Which type of privileges are assigned to a particular user?
Do all users of a particular group have the same privileges?
If we're still talking about group based permissions, then all users of the group would be granted the same permissions by being in that group.
However it is possible for a user to be in multiple groups, in which being in group foo grants the user access to something, and being in group bar grants them adminstrative permissions.
Solution 2
For a particular user:
$ groups <username>
Shows what Unix groups they're a member of.
Example
$ groups saml
saml : saml wheel wireshark
As to your questions about "privileges". They don't really mean what you think they mean. Groups simply allow a user that's a member of group X, access to files and directories that are present on the disk which are assigned the group X. They don't really do anything beyond that.
As to your 3rd question about members of group X having the same privileges, yes everyone in group X wields the same level of privilege.
Related videos on Youtube
37 : 00
![USERS & GROUPS MANAGEMENT IN LINUX [LINUX BASICS]](https://i.ytimg.com/vi/uf_xTVwGsUc/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAJAXjeCuyq9NJb-1W30ij50xJy-g)
07 : 09
20 : 32
02 : 48
04 : 01
ursitesion
Updated on September 18, 2022Comments
-
ursitesion over 1 year
If I run
cat /etc/groupcommand orgroups usernameI am able to know the list of groups as group of a particular user.- Is there any command through which I could know which type of privileges a group has?
- Which type of privileges are assigned to a particular user?
- Do all users of a particular group have the same privileges?
-
cpugeniusmv about 10 years
-
phemmer about 10 yearsGroups can do a lot more than just allowing access to files. Any software can examine a user's groups to consider granting access to some resource. For example some distros restrict
suto members of thewheelgroup. -
slm about 10 years@Patrick - that's an extension of what they're were originally intended to be used for. But it's still a excellent point none the less.
