Being in the right Linux group expedites many system administration tasks, and will save you time. For example, the Apache web server logs have the following file ownership and permissions.
# ls -al /var/log/apache2/*.log
-rw-r----- 1 root adm 882984 May 11 12:14 /var/log/apache2/access.log
-rw-r----- 1 root adm 418 May 11 01:55 /var/log/apache2/error.log
...
To read the Apache logs, you need root permissions. However, there is a shortcut that does not require you to run sudo. Note that adm - the admin group for Debian-based systems - is the group owner of the log files. So, if you become a member of adm, you don't need to sudo to read the log files.
To add peter to the adm group, execute any of the following commands:
$ sudo usermod -aG adm peter$ sudo gpasswd -a peter adm
To verify that peter is now a member of the adm group, execute any of the following commands:
$ id -nG peter
peter adm www-dataYou may be tempted, as I was, to not specify
peterin the above command. Don't skip the parameter. Without the user parameter, you won't see the effect of the change in group membership - unless you log out and log back in. If you are running X, it means you have to log out of X, not just opening a new command shell window within the same X session.$ groups peter
peter : peter adm www-dataAgain, specify
peterin the command. Otherwise, you must log out and then log back in before executing the command.$ grep adm /etc/group
adm:x:4:peter
If you have made a mistake, and now want to remove peter from the adm group, run any of the following commands:
$ sudo gpasswd -d peter adm
Removing user peter from group adm$ sudo deluser peter adm
Removing user `peter' from group `adm' ...
Done.
Besides the adm group, you should consider adding yourself to the www-data group. The Apache web server runs under the www-data user account on Debian systems. As a member of the www-data group, you can more easily modify web server files and directories.
An earlier post on group membership appears here.
No comments:
Post a Comment