Linux GID and groups

Question

On Linux systems, /etc/passwd file contains an UID and a GID per user. GID represents the ID of the primary group of the user.

But we can also set additional groups to a user with /etc/group file.

Is there a difference between primary and additional groups for a user ?

Let's take 2 examples:

• Example 1:

/etc/passwd:

test:x:1000:151:test,,,:/home/test:/bin/bash

/etc/group

group1:x:151:
group2:x:152:test
group3:x:153:

In this example, test is member of group1 (as main group because his gid is 151) and group2.

• Example 2:

/etc/passwd:

test:x:1000:152:test,,,:/home/test:/bin/bash

/etc/group

group1:x:151:test
group2:x:152:
group3:x:153:

In this example, test is member of group1 and group2 (as main group because his gid is 152).

Is there a difference in effective user permissions between this 2 examples ?

Thanks

Answer 1

The check is done using the calling process's real UID and GID, rather than the effective IDs as is done when actually attempting an operation (e.g., open(2)) on the file. Similarly, for the root user, the check uses the set of permitted capabilities rather than the set of effective capabilities; and for non-root users, the check uses an empty set of capabilities.

Is there a difference between primary and additional groups for a user

Yes, If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is sup‐ plied at invocation, the startup behavior is the same, but the effective user id is not reset.

Is there a difference in effective user permissions between this 2 examples ?

Yes,

Ref: https://linux.die.net/man/2/access and https://linux.die.net/man/1/bash