Loading...

VONDS ©

Lab 155: groupadd Group Management

Back to Lab Index

Create project UNIX groups for access control and shared ownership using groupadd, enforce reserved GIDs from standards, and verify group existence using NSS via getent.

users permissions core

Scenario

A new project is launching. You need UNIX groups for access control and shared ownership. The ticket specifies required groups and reserved GIDs for standards compliance, and you must verify the groups exist via NSS.

Ticket requirements

Create groups: developers, qa, devops. Reserved GIDs: docker=1050, devops=1200. Verify via getent group.

Objective

  • Create developers and qa with default GIDs.
  • Create devops with reserved GID 1200.
  • Create docker with reserved GID 1050.
  • Verify all required groups exist via NSS using getent group.

Concepts

  • Groups support access control and shared ownership across users and services.
  • Reserved GIDs prevent collisions and keep IDs consistent across fleets and environments.
  • groupadd -g sets an explicit numeric GID to meet standards.
  • getent verifies state via NSS and is preferred over grepping local files for operational proof.

Walkthrough

Step 1 : Create the required project groups in one command.
Command 
groupadd developers && groupadd qa && groupadd -g 1200 devops

This creates the baseline groups and enforces the reserved GID for devops exactly as specified by the ticket. Using a single command sequence keeps the workflow deterministic and audit-friendly.

Step 2 : Create docker with reserved GID 1050.
Command 
groupadd -g 1050 docker

This reserves docker to the required numeric ID, avoiding drift across hosts and ensuring predictable file ownership and group-based access control.

Step 3 : Verify the groups exist using NSS via getent.
Command 
getent group developers && getent group qa && getent group docker && getent group devops

This is the operational proof step. getent validates the same group databases the system will consult, which is the correct verification method in environments using NSS-backed sources. 

# Example output:
developers:x:1002:
qa:x:1100:
docker:x:1050:
devops:x:1200:

Common breakpoints

groupadd fails: “group already exists”

The group name is already present. Verify the existing group and confirm whether the ticket requires an explicit GID. If an existing group has the wrong GID, remediation must be planned before changing IDs.

groupadd -g fails: “GID already in use”

The reserved GID is already assigned to another group. Identify the collision and resolve it according to your standards before proceeding.

getent does not show the group

NSS may be consulting a different source order, or the group creation did not persist. Re-run the creation step, confirm permissions, and check NSS configuration if the environment is directory-backed.

Cleanup checklist

This lab creates real groups. If you are using a shared or persistent training VM, remove the groups after practice only if your environment expects cleanup.

Commands 
getent group developers
getent group qa
getent group docker
getent group devops
Success signal

All four groups resolve via NSS and reserved GIDs match the ticket requirements.

Reference

  • groupadd <group> : Create a new group with the next available GID.
  • groupadd -g <gid> <group> : Create a new group using an explicit numeric GID.
    • -g <gid> : Sets the group ID to a specific value (reserved GID use case).
  • getent group <group> : Query group information through NSS (preferred verification method).