Editing Group identifier

{{Short description|Unix/POSIX system account group number; numeric value used to represent a specific group}}
{{Redirect|Egid|the Egyptian General Intelligence Directorate|Egyptian General Intelligence Directorate}}
{{Refimprove|date=September 2014}}

In [[Unix-like]] systems, multiple users can be put into ''[[Group (computing)|groups]]''. [[POSIX]] and conventional [[Unix]] [[file system permissions]] are organized into three classes, ''user'', ''group'', and ''others''. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, [[computer printer|printers]], and other [[peripheral]]s. This method, among others, also enables the [[superuser]] to delegate some administrative tasks to normal users, similar to the ''Administrators'' group on [[Windows NT|Microsoft Windows NT]] and its derivatives.

A '''group identifier''', often abbreviated to '''GID''', is a numeric value used to represent a specific group.<ref>{{Cite web|title=Definitions|url=https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/basedefs/V1_chap03.html|access-date=2021-12-06|website=pubs.opengroup.org}}</ref> The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32,767, with one restriction: the login group for the superuser must have GID 0. This numeric value is used to refer to groups in the <code>[[/etc/passwd]]</code> and <code>/etc/group</code> files or their equivalents. [[Shadow passwords|Shadow password]] files and [[Network Information Service]] also refer to numeric GIDs. The group identifier is a necessary component of [[Unix]] [[file system]]s and [[Process (computing)|processes]].

== Supplementary groups ==
In Unix systems, every user must be a member of at least one group, the '''primary group''', which is identified by the numeric GID of the user's entry in the passwd database, which can be viewed with the command <code>getent passwd</code> (usually stored in <code>/etc/passwd</code> or [[LDAP]]). This group is referred to as the ''primary group ID''. A user may be listed as member of additional groups in the relevant entries in the group database, which can be viewed with <code>getent group</code> (usually stored in <code>/etc/group</code> or [[LDAP]]); the IDs of these groups are referred to as ''supplementary group IDs''.

== Effective vs. real ==
Unix processes have an [[effective user ID|effective]] (EUID, EGID), a [[real user ID|real]] (UID, GID) and a [[saved user ID|saved]] (SUID, SGID) ID. Normally these are identical, but in <code>[[setuid]]</code> and <code>[[setgid]]</code> processes they are different.

== Conventions ==

=== Type ===

Originally, a signed 16-bit integer was used. Since the sign was not necessary – negative numbers do not make valid group IDs – an unsigned integer is now used instead, allowing group IDs between 0 and 65,535. Modern operating systems usually use unsigned 32-bit integers, which allow for group IDs between 0 and 4,294,967,295.

=== Reserved ranges ===

Many Linux systems reserve the GID number range 0 to 99 for statically allocated groups, and either 100−499 or 100−999 for groups dynamically allocated by the system in post-installation scripts. These ranges are often specified in <code>/etc/login.defs</code>, for <code>useradd</code>, <code>groupadd</code> and similar tools.

On FreeBSD, porters who need a GID for their package can pick a free one from the range 50 to 999 and then register this static allocation in [http://svnweb.freebsd.org/ports/head/GIDs?view=co ports/GIDs].<ref>[http://www.freebsd.org/doc/en/books/porters-handbook/ FreeBSD Porter's Handbook], [http://www.freebsd.org/doc/en/books/porters-handbook/users-and-groups.html Section 6.26: Adding Users and Groups]</ref>

=== Special values ===

* 0: The [[superuser]] normally has a GID of zero (0).
* −1: The value <code>(gid_t) -1</code> is reserved by POSIX to identify an omitted argument.<ref>{{Cite web|title=chown|url=https://pubs.opengroup.org/onlinepubs/009695399/functions/chown.html|access-date=2021-12-06|website=pubs.opengroup.org}}</ref>
* 65,534: The Linux kernel defaults to 2<sup>16</sup>−2 = 65,534 (which many Linux distributions map to the group name "nogroup") when a 32-bit GID does not fit into the return value of a 16-bit system call.<ref>{{Cite web|title=Namespaces in operation, part 5: User namespaces [LWN.net]|url=https://lwn.net/Articles/532593/|access-date=2021-12-06|website=lwn.net}}</ref> The value is also returned by [[idmapd]] if a group name in an incoming [[NFSv4]] packet does not match any known group on the system.

== Personal groups ==

Many system administrators allocate for each user also a personal primary group that has the same name as the user's login name, and often also has the same numeric GID as the user's UID. Such personal groups have no other members and make collaboration with other users in shared directories easier, by allowing users to habitually work with <code>[[umask]] 0002</code>. This way, newly created files can have by default write permissions enabled for group members, because this will normally only enable write access for members of the personal group, that is only for the file's owner. However, if a file is created in a shared directory that belongs to another group and has the [[setgid]] bit set, then the created file will automatically become writable to members of that directory's group as well.

On many Linux systems, the <code>USERGROUPS_ENAB</code> variable in <code>/etc/login.defs</code> controls whether commands like <code>useradd</code> or <code>userdel</code> automatically add or delete an associated personal group.

==  See also  ==
* [[setuid]]
* [[User identifier]]
* [[Process identifier]]
* [[Inode]]
* [[FAT access rights]]
* [[List of POSIX commands]]

== References ==
<references/>

[[Category:Unix]]
[[Category:Unix file system technology]]