Group identifier (Unix)

Group identifier (Unix)

In Unix-like systems, multiple users can be categorized into "groups". POSIX and conventional Unix file system permissions are organized into three classes, "user", "group", and "others". The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals. This method, amongst others, also enables the Superuser to delegate some administrative tasks to normal users, similar to the "Administrators" group on Microsoft Windows NT and its derivatives.

A group identifier, often abbreviated to GID, is a numeric value used to represent a specific group. The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32767, with one restriction: the login group for the Superuser must have GID 0. This numeric value is used to refer to groups in the /etc/passwd and /etc/group files or their equivalents. Shadow password files and Network Information Service also refer to numeric GIDs. The group identifier is a necessary component of Unix file systems and processes.

The limits on the range of possible group identifiers come from the memory space used to store them. Originally, a signed 16-bit integer was used. Since the sign was not necessary—negative numbers don't make valid group IDs—an unsigned integer is now used instead, allowing group IDs between 0 and 65535. Modern operating systems usually use unsigned 32-bit integers, which allow for group IDs between 0 and 4294967295. The switch from 16 to 32 bits was originally not necessary—one machine or even one network did not serve more than 65536 users at the time—but was made to elimate the need to do so in the future, when it would be more difficult to implement.

Primary vs. supplementary

In Unix systems, every user must be a member of at least one group, which is identified by the numeric GID of the user's entry in /etc/passwd. This group is referred to as the primary group ID. A user may be listed as members of additional groups in the relevant groups entry in the /etc/group; the IDs of these groups are referred to as supplementary group IDs .

Effective vs. real

Unix processes have both an effective (EGID) and a real (PGID) group ID. Normally these are identical, but in setgid process they are different. This is so the setgid process can perform privileged functions using the privileged group, yet easily revert to the non-privileged group when necessary. This is to prevent the calling user from manipulating the process to gain unauthorized access to the privileged group.

ee also

*Group (computing)
*User identifier (Unix)
*Process identifier
*Inode
*File system permissions


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • User identifier (Unix) — On Unix like systems, users are represented by a user identifier, often abbreviated UID or User ID. The range of values for a UID varies amongst different systems; at the very least, a UID can be between 0 and 65535, with some restrictions: *The… …   Wikipedia

  • Group — can refer to: Sociology * Group action (sociology) * Group behaviour * Groups of people, a description of various different human groups ** Peer group ** Workgroup * Group dynamics * Group (sociology), a sub set of a culture or of a society *… …   Wikipedia

  • Group (computing) — In computing, the term group generally refers to a grouping of users. In principle, users may belong to none, one, or many groups (although in practice some systems place limits on this.) The primary purpose of user groups is to simplify access… …   Wikipedia

  • User identifier — Un user identifier ou UID permet d identifier un utilisateur sur les Systèmes d exploitation tels que Unix et Linux. Cette technique est utilisée principalement pour les droits d accès à des ressources ou à des domaines et donc pour la sécurité… …   Wikipédia en Français

  • Group Policy — Stratégies de groupe Les stratégies de groupe (ou GPO en anglais, Group Policy Object) sont des fonctions de gestion centralisée de la famille Windows. Elles permettent la gestion des ordinateurs et des utilisateurs dans un environnement Active… …   Wikipédia en Français

  • Group Policy Object — Stratégies de groupe Les stratégies de groupe (ou GPO en anglais, Group Policy Object) sont des fonctions de gestion centralisée de la famille Windows. Elles permettent la gestion des ordinateurs et des utilisateurs dans un environnement Active… …   Wikipédia en Français

  • Groupe (Unix) — Dans les systèmes de type Unix, plusieurs utilisateurs peuvent être catégorisés en groupes. Les permissions sur les fichiers selon la norme POSIX et les Unix conventionnels sont organisés en trois classes : user, group, et others. L… …   Wikipédia en Français

  • Droit unix — Permissions Unix Les permissions UNIX constituent un système simple de définition des droits d accès aux ressources, représentées par des fichiers disponibles sur un système informatique. Elles restent le moyen le plus utilisé pour définir les… …   Wikipédia en Français

  • Droits Unix — Permissions Unix Les permissions UNIX constituent un système simple de définition des droits d accès aux ressources, représentées par des fichiers disponibles sur un système informatique. Elles restent le moyen le plus utilisé pour définir les… …   Wikipédia en Français

  • Permission unix — Permissions Unix Les permissions UNIX constituent un système simple de définition des droits d accès aux ressources, représentées par des fichiers disponibles sur un système informatique. Elles restent le moyen le plus utilisé pour définir les… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”