How can i securely set group password using groupadd utility

Hello friends,

If you have realised, using groupadd or groupmod utilities for setting an encrypted group password by including the -p option is actually not secure from the command line. This is because the password is clearly displayed on the command prompt as you type it and anyone who can view command history and also list processes can get to know the password. And also using the -p option is not recommended in the man page of the two utilities.

Which other safe method can be used to set group passwords in Linux.

Hi

You can use gpasswd for setting the group password

#gpasswd 

#grep  /etc/gshadow

if you want to remove the password use -r

#gpasswd -r 
1 Like

Thanks @raghuu, that worked fine and i would also like to know how this password is used, whether it applies to group files and directories or anything else.

Yes it applies for group files and directories as well, fro ex: by using group password (abc) you can manage the files and directories which are belongs to that group (abc) even you are not an member of that group (abc) i will explain you in detailed here we go…

#mkdir /opt/abc                 -- creating directory

change the group of the directory abc to ------- here i’m taken group raghu

#groupadd raghu                    -- create one group

#chngrp raghu abc
 

Now create the group password for the group called raghu follow the steps shown before.

Now try to create the file under /opt/abc as a diff user

# su - a

#touch /opt/abc/1

you are not allow to create the file called 1, but you can achieve this by using the permission and privileges of group you can temporarily join the group by using its group password

Here we created file called 2 with the help of privileges of group,

1 Like

Thanks so much @raghuu, clear and well explained example. Now i have an idea of how to use groups and a group password.

Though one problem with group passwords is that many people have to know a single password, that is the group members who have to share it. This can be a security risk.

Actually group passwords is a sort of obscure feature most people don’t use, if you want to access the files with in the directory test which is owned by group abc follow the below process.

create directory test and change the group

#mkdir test

#chmod g+rwx test

#chgrp abc test

now add the members to the group called abc as shown below

#usermod -G abc user1

#usermod -G abc user2

now all the users within the group abc can access the files under test directory without implementing group password.

1 Like

Many thanks man @raghuu :smiley:

Group passwords are not in common use for now, did you aware of that? :slight_smile:

In most cases you need to split your users to lesser groups and give them access to the files instead, which is much more secure and convenient way to deal with file access job.

You can look here for the few examples how to do that.