/etc/passwd shows user in a group, but /etc/group does not
Yes, this discrepancy is normal. I've seen it so many times I stopped looking at the /etc/passwd
and /etc/group
files and instead started looking at group memberships the way they should be looked at: getent group <groupname>
and groups <username>
.
Yes, there is a difference between the primary and supplementary groups. The primary group is the main one shown in /etc/passwd
, that a user is in upon login. For a user to be in a supplementary group, their user name is added to the group entry in /etc/group
. If you use id -a <user>
, it will show the primary and the supplementary groups. The supplementary groups give access to resources, but any new files are created with primary group.
You can change a users currently active primary group using the newgrp
command.
It is not necessary for a user to have the primary group also be a secondary group. All it will do is reduce the number of secondary groups a user can be part of. Traditionally a user was limited to 32 secondary groups, but that may have changed in recent years.
usermod
can set a users primary and supplementary groups in one command. Using a configuration management tool like puppet can also do that without having to worry about what specific command is necessary on different types of unixes.