In the Solaris operating environment, users must belong to at least one group, called the primary group for each user, and are assigned to that group when their user accounts are set up. Primary group members usually have interests in common -- they might be an accounting group, a management group, or a group of engineers -- and would want to share files and directories.
If users have no special interests in common, they can be assigned to the default "staff" [group 10] group.
Primary Groups
The primary group is the key to users being able to control access to their own files. The operating system assigns the same primary group identification (GID) number to all files created by members of the group. Users can then specify who can access their files: the user only, members of the primary group, users outside the primary group.
Secondary Groups
In addition to the required membership in a primary group, each user may also be a member of up to 16 secondary groups. There is no inherent difference between primary and secondary groups. One user's primary group may be another user's secondary group.
While secondary group membership has no bearing on file access, some applications may consider a user's secondary group memberships in deciding whether to grant access to the application. For example, a system administration application may check to see if users are in the sysadmin group before allowing them to run the application.
In addition, users who log in as members of a primary group (and who are also members of secondary groups) can use the newgrp
command at a command line interface to change the GID assigned to all new files they create. In effect, this allows users to temporarily change their primary group to any of the secondary groups of which they are a member.
To create a group
Open Groups from the Users tool in the Solaris Management Console, and click Action->Add Group.
Reserved Group ID Numbers
Groups with GIDs of 0-99 are system default Solaris Groups. They cannot be deleted but you can add users to them.
These include: root
, GID 0; other
, GID 1; bin
, GID 2; mail
, GID 6; staff
, GID 10; and sysadmin
, GID 14. Additional reserved groups are: nobody
, GID 60001; noaccess
, GID 60002; and nogroup
, GID 65534.