The difference between Primary and Secondary groups in Linux

The security of a file on Linux is managed very well using the concept of ownership and permissions. There can be three kind of permissions - read, write and execute and similary the ownership is divided into three kinds too - a user, group and others. Groups are a great way to share your work or work in collaboration with others by defining a group, whose members have the write to contribute/modify/see the work.

In order to understand the group divisions, lets first start with the command id that shows the user and group information about the logged in user. If you type the commad id on your terminal, it will show you a similar output.

[chia]$ id

uid=1000(chia) gid=1000(chia) groups=4(adm),20(dialout),119(admin),1000(chia)

As you can see, it shows your user name and ID, groups you can belong to and the group you are currently active with. Yes, on most Linux systems, you can be a member of only one group at a time. So, when you login, you should be assigned a group by default, that group is known as Primary Group.

This primary group is what shows up in the 4th field of /etc/passwd user entry.

[chia]$ grep  chia /etc/passwd

chia:x:1000:1000:chia,,,:/home/chia:/bin/bash

And the rest of the groups that you can possibly belong to are termed as Secondary Groups.

Here comes an interesting point, if you look at the above output, the userID and the currently active groupID are same. What does this mean?

This is actually part of a user private group scheme. As the name suggests, it is used to improve the privacy of a user files. According to the scheme, a new user is assigned to his/her own group which contains only him, hence its called private group. So, until a user deliberately changes the group ownership of a file, it will belong to the user as owner and private group as group owner.

Now, you would ask, "what if I want to change my group? To be assigned a private group as default sounds like a good scheme, but how do I change my currently active group?"

The answer is below.

How to log on to another group

This can be done using the newgrp command.

[chia]$ newgrp admin

[chia]$ id

uid=1000(chia) gid=119(admin) groups=4(adm),20(dialout),119(admin),1000(chia)

As you can see, the group has changed.

1 Comment

lefty.crupps (not verified)
July 6th, 2010 05:19 pm
You didn't at all touch on the *differences* of these groups, namely that one exists for all new files that you write (the primary group), while the others exist to give a user account read/write access to files already in existence (the secondary groups). Hence this is why we can have access to the 'dialout' group, for example.

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <h1> <h2> <h3> <h4> <h5> <h6> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.