Group identifier (Unix)
Encyclopedia
In Unix-like
systems, multiple users can be categorized into groups
. POSIX
and conventional Unix
file system permissions
are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers
, and other peripheral
s. This method, among others, also enables the Superuser
to delegate some administrative tasks to normal users, similar to the Administrators group on Microsoft Windows NT
and its derivatives.
A group identifier, often abbreviated to GID, is a numeric value used to represent a specific group. The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32,767, with one restriction: the login group for the Superuser
must have GID 0. This numeric value is used to refer to groups in the
also refer to numeric GIDs. The group identifier is a necessary component of Unix
file system
s and processes
.
The limits on the range of possible group identifiers come from the memory space used to store them. Originally, a signed 16-bit integer was used. Since the sign was not necessary—negative numbers don't make valid group IDs—an unsigned integer is now used instead, allowing group IDs between 0 and 65,535. Modern operating systems usually use unsigned 32-bit integers, which allow for group IDs between 0 and 4,294,967,295. The switch from 16 to 32 bits was originally not necessary—one machine or even one network did not serve more than 65,536 users at the time—but was made to eliminate the need to do so in the future, when it would be more difficult to implement.
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
systems, multiple users can be categorized into groups
Group (computing)
In computing, the term group generally refers to a grouping of users. In principle, users may belong to none, one, or many groups The primary purpose of user groups is to simplify access control to computer systems.Suppose a computer science department has a network which is shared by students and...
. POSIX
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
and conventional Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
file system permissions
File system permissions
Most current file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem....
are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers
Computer printer
In computing, a printer is a peripheral which produces a text or graphics of documents stored in electronic form, usually on physical print media such as paper or transparencies. Many printers are primarily used as local peripherals, and are attached by a printer cable or, in most new printers, a...
, and other peripheral
Peripheral
A peripheral is a device attached to a host computer, but not part of it, and is more or less dependent on the host. It expands the host's capabilities, but does not form part of the core computer architecture....
s. This method, among others, also enables the Superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
to delegate some administrative tasks to normal users, similar to the Administrators group on Microsoft Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
and its derivatives.
A group identifier, often abbreviated to GID, is a numeric value used to represent a specific group. The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32,767, with one restriction: the login group for the Superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
must have GID 0. This numeric value is used to refer to groups in the
/etc/passwd
and /etc/group
files or their equivalents. Shadow password files and Network Information ServiceNetwork Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
also refer to numeric GIDs. The group identifier is a necessary component of Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
s and processes
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
.
The limits on the range of possible group identifiers come from the memory space used to store them. Originally, a signed 16-bit integer was used. Since the sign was not necessary—negative numbers don't make valid group IDs—an unsigned integer is now used instead, allowing group IDs between 0 and 65,535. Modern operating systems usually use unsigned 32-bit integers, which allow for group IDs between 0 and 4,294,967,295. The switch from 16 to 32 bits was originally not necessary—one machine or even one network did not serve more than 65,536 users at the time—but was made to eliminate the need to do so in the future, when it would be more difficult to implement.
Primary vs. supplementary
In Unix systems, every user must be a member of at least one group, which is identified by the numeric GID of the user's entry in/etc/passwd
. This group is referred to as the primary group ID. A user may be listed as member of additional groups in the relevant entries in the /etc/group
; the IDs of these groups are referred to as supplementary group IDs.Effective vs. real
Unix processes have an effective (EUID, EGID), a real (UID, GID) and a saved (SUID, SGID) ID. Normally these are identical, but insetgid
processes they are different.