Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...

systems, multiple users can be put into ''

groups A group is a number of persons or things that are located, gathered, or classed together. Groups of people * Cultural group, a group whose members share the same cultural identity * Ethnic group, a group whose members share the same ethnic ide ...

''.

POSIX The Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines both the system- and user-level application programming inter ...

and conventional

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, an ...

file system permissions Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden dependin ...

are organized into three classes, ''user'', ''group'', and ''others''. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,

printers Printer may refer to: Technology * Printer (publishing), a person or a company * Printer (computing), a hardware device * Optical printer for motion picture films People * Nariman Printer ( fl. c. 1940), Indian journalist and activist * Jam ...

, and other peripherals. This method, among others, also enables the superuser to delegate some administrative tasks to normal users, similar to the ''Administrators'' group on

Microsoft Windows NT Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Win ...

and its derivatives. A group identifier, often abbreviated to GID, is a numeric value used to represent a specific group. The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32,767, with one restriction: the login group for the superuser must have GID 0. This numeric value is used to refer to groups in the

/etc/passwd 




passwd is a command on Unix,  Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a  key derivation function to create a  hashed version of the new password, wh ...

and /etc/group files or their equivalents.

Shadow password passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, wh ...

files and

Network Information Service The Network Information Service, or NIS (originally called Yellow Pages or YP), is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun M ...

also refer to numeric GIDs. The group identifier is a necessary component of

file systems and processes.

Supplementary groups

In Unix systems, every user must be a member of at least one group, the primary group, which is identified by the numeric GID of the user's entry in the passwd database, which can be viewed with the command getent passwd (usually stored in /etc/passwd or

LDAP The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...

). This group is referred to as the ''primary group ID''. A user may be listed as member of additional groups in the relevant entries in the group database, which can be viewed with getent group (usually stored in /etc/group or

); the IDs of these groups are referred to as ''supplementary group IDs''.

Effective vs. real

Unix processes have an

effective Effectiveness is the capability of producing a desired result or the ability to produce desired output. When something is deemed effective, it means it has an intended or expected outcome, or produces a deep, vivid impression. Etymology The ori ...

(EUID, EGID), a

real Real may refer to: Currencies * Brazilian real (R$) * Central American Republic real * Mexican real * Portuguese real * Spanish real * Spanish colonial real Music Albums * ''Real'' (L'Arc-en-Ciel album) (2000) * ''Real'' (Bright album) (2010) ...

(UID, GID) and a saved (SUID, SGID) ID. Normally these are identical, but in

setuid 


The Unix access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour  ...

and

setgid 


The Unix access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour  ...

processes they are different.

Conventions

Type

Originally, a signed 16-bit integer was used. Since the sign was not necessary – negative numbers do not make valid group IDs – an unsigned integer is now used instead, allowing group IDs between 0 and 65,535. Modern operating systems usually use unsigned 32-bit integers, which allow for group IDs between 0 and 4,294,967,295.

Reserved ranges

Many Linux systems reserve the GID number range 0 to 99 for statically allocated groups, and either 100−499 or 100−999 for groups dynamically allocated by the system in post-installation scripts. These ranges are often specified in /etc/login.defs, for useradd, groupadd and similar tools. On FreeBSD, porters who need a GID for their package can pick a free one from the range 50 to 999 and then register this static allocation i
ports/GIDs

Special values

* 0: The superuser normally has a GID of zero (0). * −1: The value (gid_t) -1 is reserved by POSIX to identify an omitted argument. * 65,534: The Linux kernel defaults to 2¹⁶−2 = 65,534 (which many Linux distributions map to the group name "nogroup") when a 32-bit GID does not fit into the return value of a 16-bit system call.{{Cite web, title=Namespaces in operation, part 5: User namespaces WN.neturl=https://lwn.net/Articles/532593/, access-date=2021-12-06, website=lwn.net The value is also returned by idmapd if a group name in an incoming

NFSv4 Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems (Sun) in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed. NFS, like ...

packet does not match any known group on the system.

Personal groups

Many system administrators allocate for each user also a personal primary group that has the same name as the user's login name, and often also has the same numeric GID as the user's UID. Such personal groups have no other members and make collaboration with other users in shared directories easier, by allowing users to habitually work with

umask 


In computing, umask is a command that determines the settings of a mask that controls how  file permissions are set for newly created files. It may also affect how the file permissions are changed explicitly.  is also a  function that sets the ma ...
 0002

. This way, newly created files can have by default write permissions enabled for group members, because this will normally only enable write access for members of the personal group, that is only for the file's owner. However, if a file is created in a shared directory that belongs to another group and has the

setgid The Unix access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour ...

bit set, then the created file will automatically become writable to members of that directory's group as well. On many Linux systems, the USERGROUPS_ENAB variable in /etc/login.defs controls whether commands like useradd or userdel automatically add or delete an associated personal group.

References

Unix Unix file system technology