The command to add a user is useradd (adduser is a symbolic link to this command, meaning it's a synonym). The command to edit a user's account is usermod.
To specify the initial login group for a user with either useradd or usermod,
use the -g switch followed by the group name or gid:
e.g.: usermod -g 444 thisuser
To the initial login group information for a user:
grep thisuser /etc/passwd
This displays the following:
thisuser:521:521:This User:/home/thisuser:/bin/bash
Information fields in the user account file /etc/passwd are separated by colons. The first field is the username (thisuser). Second field is the password, but this field is not displayed in this file (it's in "shadow" passwd file). Third field is the uid (user id number). Fourth field is gid (initial login group id number). Fifth field is text description of user (e.g. user's name). Sixth field is home directory (e.g. /home/thisuser). Seventh field is default shell (e.g. /bin/bash or /bin/csh or /bin/false).
Groups are listed in the file /etc/group Each line in this file has four fields, separated by colons. First field is the group name. Second field is the gid. Fourth field is the list of additional users who are part of the group (assuming that if a user exists with the same name as a group name, that the user is part of the group). The list of additional group members is often empty so that most lines in this file end with a colon (meaning that the list of additional group members is empty). If there are additional members in the group, the users' names will be listed after the colon, separated by commas. The modgroup command can be used to change a group's membership list.
To list what groups a user belongs to: groups thisuser
This command shows the user's name, followed by the primary group, followed by secondary groups that this user belongs to.
Group membership is useful in controlling access to files and programs.
The output of the command command: ls -l thisfile
_rwxr_x___ 501 auser auser 6 Dec 22 2003 thisfile
The first entry in this line shows the access profile for this file. There are 3 classes of users: owner, group, world. There are 3 types of access functions for files: read, write (and delete), and execute. Starting in the 2nd place, the next 3 places are for r,w, and x for owner of thisfile. If the letter is there, the permission is granted, if not, then an underscore (_) is there indicating that that permission is not granted. The 2nd set of three permissions is specified next (in positions 5,6, and 7) and is for group (which ever group owns this file). The group ownership of the file is indicated as the second name in the ls line output (permissions uid owner groupowner datecreated filename). It is thus possible to have files (and directories) where a group of users can read/write files, but anyone else can't even see the file. By properly setting up groups and then using the chmod or chgrp commands to set group ownership for a file, you can restrict access for that file to members of that group only.
[staff] (or whatever the share name is) comment = Staff common directory (read/write for members in group staff) path = /home/staff writable = yes printable = no write list =@staff
Here, staff must be a valid linux group. The directory /home/staff must be owned by the group "staff", with group access rw_ or rwx.
You can also set the default access profile for the share directory, so that when files get created with that access. The two parameters to use are create mode and directory mode, which you can set for each share. For example:
create mode=0770 directory mode=0770
means that files in that share will be created with an access profile:
_rwxrwx___
which means that everyone in the group which owns this file can read, write, and execute this file. This makes sense for the a common shared group folder for staff, but you wouldn't want this for home directories, or even for everyone.