https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631604#M19701 I don't think it would cause any problems.<BR /><BR />Removing the group entry will just remove the name of the group. The passwd entry will still have the numeric group id for that user. The files owned by that group will just be displayed with the numeric value. <BR /><BR />If you change the group id in the passwd file for the user, any previously existing files will keep their group id.<BR /><BR />The User Private Groups scheme that RedHat implement is just one way of implementing things (it doesn't involve any fundamental changes to the underlying Linux). It means by default that you don't have group access permissions to read another user's file. Normally (e.g. on HP-UX) users are put in the same group so can share access to files, but with UPG they'd both need to be members of a separate group to do this.<BR /><BR />Andrew Fri, 23 Sep 2005 06:58:42 GMT Andrew Merritt_2 2005-09-23T06:58:42Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631597#M19694 Hi there,<BR /><BR />when you create a new user on Linux, penguin for example, a group with the same name is created, and the UID is the same as the GID (505 for example).<BR />What happens if this group is deleted? What becomes impossible to do when this group is deleted? Is it dangerous? I ask the question for all the cases, but also in the case of a Samba fileserver. Wed, 21 Sep 2005 13:03:25 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631597#M19694 Nils_9 2005-09-21T13:03:25Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631598#M19695 You won't be able to delete user's primay group. If you want to delete the group, you need to change the user's primary group with usermod -g.<BR /><BR />If you delete the group, you need to modify also the group membership permissions of all files that the group owns, you can use the find command to find out what files are owned by the group, and change the group owner. (find / -group groupname -exec chgrp newgrp {} \; )<BR /><BR />You can delete a group, but you need to be sure that the group does not own any files.<BR /><BR />Also, that group membership scheme (groupname same as username) is part of a security best practice known as User Private Group. Take a look to UPG. Wed, 21 Sep 2005 14:04:58 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631598#M19695 Ivan Ferreira 2005-09-21T14:04:58Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631599#M19696 Hi<BR /><BR />The users primary group should not be deleted. You can either assign the user to a different group and then delete the group.<BR /><BR />Rgds<BR /><BR />HGN Wed, 21 Sep 2005 15:10:36 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631599#M19696 HGN 2005-09-21T15:10:36Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631600#M19697 When you add users via the Linux way it adds a corresponding group with the user account name. I have had no problems in reassigning the user to another group and then removing the new group that was created. <BR /><BR />If you need to add some 500 users, you could get some 500 new groups as well. Wed, 21 Sep 2005 15:19:46 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631600#M19697 Rick Garland 2005-09-21T15:19:46Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631601#M19698 <BR />You should not delete the primary group of the user, then GID set for files in his home directory will turn in to numeric.<BR /><BR />Having GID same as UID is something I believe RedHat's choice of maintaining users. I would suggest to have single group id (eg: users) and when users are created assign this group as their primary group. Necessary options to do this is available as part of useradd command.<BR /><BR />Regards,<BR />Gopi Thu, 22 Sep 2005 01:04:08 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631601#M19698 Gopi Sekar 2005-09-22T01:04:08Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631602#M19699 Thanks a lot for your help.<BR />Has someone an example of a problem caused by the fact that the users of a Linux system (whatever the distro) haven't a group of the same name and same ID? Thu, 22 Sep 2005 13:56:34 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631602#M19699 Nils_9 2005-09-22T13:56:34Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631603#M19700 When you have more than one user in the same group, (that's what happen if you don't use a private group), then by default, all users in the same group can see the files created by other users, that may be not good.<BR /><BR />Example:<BR /><BR />UID: user1<BR />GID: users<BR /><BR />UID: user2<BR />GID: users<BR /><BR />umask 027<BR /><BR />user1:<BR /><BR />touch my_private_file<BR />ls -la my_private_file<BR /><BR />-rw-r----- user1 users my_private_file<BR /><BR /><BR />See? If you don't modify the umask setting to something like 077, the my_private_file by default can be read by user2. Thu, 22 Sep 2005 14:06:34 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631603#M19700 Ivan Ferreira 2005-09-22T14:06:34Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631604#M19701 I don't think it would cause any problems.<BR /><BR />Removing the group entry will just remove the name of the group. The passwd entry will still have the numeric group id for that user. The files owned by that group will just be displayed with the numeric value. <BR /><BR />If you change the group id in the passwd file for the user, any previously existing files will keep their group id.<BR /><BR />The User Private Groups scheme that RedHat implement is just one way of implementing things (it doesn't involve any fundamental changes to the underlying Linux). It means by default that you don't have group access permissions to read another user's file. Normally (e.g. on HP-UX) users are put in the same group so can share access to files, but with UPG they'd both need to be members of a separate group to do this.<BR /><BR />Andrew Fri, 23 Sep 2005 06:58:42 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631604#M19701 Andrew Merritt_2 2005-09-23T06:58:42Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631605#M19702 Thanks a lot Ivan &amp; Andrew, so I'll do a umask 077 to the homes directories. Does umask stay after a reboot? Just if needed.. Sun, 25 Sep 2005 12:06:00 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631605#M19702 Nils_9 2005-09-25T12:06:00Z https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631606#M19703 No, the umask command should be configured in the /etc/profile file. Mon, 26 Sep 2005 07:49:05 GMT https://community.hpe.com/t5/operating-system-linux/is-it-dangerous-to-remove-some-groups/m-p/3631606#M19703 Ivan Ferreira 2005-09-26T07:49:05Z