About Groups

Users and roles must be members of at least one group. Group members usually have interests in common--they might be a management group, a group of engineers, or any other group that needs to share some files and directories that possibly should not be accessed by everyone.

The primary group is the key to users being able to control access to their own files. The operating system assigns the same primary group identification (GID) number to all files created by members of a group. By setting access permissions for "owner," "group," and "other," each user can then specify who can access the files created by that user: the owner only, members of the primary group, or other users outside of the primary group.

Users and roles are assigned to a primary group when their accounts are set up.

A new account that does not belong in a smaller group can be assigned to the default "staff" [group 10] group.

In addition to the required membership in a primary group, each user may also be a member of up to 16 secondary groups. There is no inherent difference between primary and secondary groups. One user's primary group may be another user's secondary group.

While secondary group membership has no bearing on file access, some applications may consider a user's secondary group memberships in deciding whether to grant access to the application.

In addition, users who log in as members of a primary group (and who are also members of secondary groups) can use the newgrp command at a command line interface to change the GID assigned to all new files they create. In effect, this allows users to temporarily change their primary group to any of the secondary groups of which they are a member. Secondary Groups

Reserved Group ID Numbers

Groups with GIDs of 0-99 are system default Groups. They cannot be deleted but you can add users to them.

These include: root, GID 0; other, GID 1; bin, GID 2; mail, GID 6; staff, GID 10; and sysadmin, GID 14. Additional reserved groups are: nobody, GID 60001; noaccess, GID 60002; and nogroup, GID 65534.

To create a group, open Groups from the Users tool in the Solaris Management Console, and click Action->Add Group.

Administrators can delete groups, but to avoid confusion when interpreting the audit trail, group IDs should never be reused.