Creating and deleting POSIX groups

This document explains how to create and delete a POSIX group.

Before you begin

Perform the following tasks before proceeding with the information on this page:

Read the Groups API overview.
Set up the Groups API.

Creating a POSIX group

You can create a POSIX group from an existing Google group, or by creating a new Google group and adding POSIX information.

Creating a POSIX group from an existing Google group

The following examples show how to create a POSIX group from an existing Google group:

gcloud

Use the gcloud beta identity groups update command to update an existing Google group to a POSIX group:

gcloud beta identity groups update EMAIL \
   --add-posix-group=gid=GROUP_ID,name=POSIX_NAME

Replace the following:

EMAIL: the email address of the group to update
GROUP_ID: the group ID (GID) you want to assign to the POSIX group
POSIX_NAME: the name you want to assign to the POSIX group

REST

To update a Google Group to a POSIX group, call the groups.patch() method with the POSIX groups field specified.

PATCH 'https://cloudidentity.googleapis.com/v1beta1/groups/GROUP_RESOURCE_NAME?updateMask=posix_group

{
  "posixGroups": [
    {
      "name": "POSIX_NAME",
      "gid": GROUP_ID
    }
  ]
}

Replace the following:

GROUP_RESOURCE_NAME: the resource name of the Google group. To find a group's resource name, run the gcloud identity groups describe command
POSIX_NAME: the name you want to assign to the POSIX group
GROUP_ID: the group ID (GID) you want to assign to the POSIX group

Python

The following example shows a helper function to update a Google Group to a POSIX group using the Python client library:

def add_posix_group_data_to_group(service, group_name, posix_name, posix_gid):
  group = {
    "posix_groups": [
          {
              "name": posix_name,
              "gid": posix_gid,
          }
      ]
  }
  try:
    request = service.groups().patch(name=group_name, body=group)
    request.uri = request.uri + '&updateMask=posix_groups'
    response = request.execute()
    print(response)
  except Exception as e:
    print(e)

Creating a POSIX group from a new Google group

The following examples show how to create a POSIX group from a new Google group:

gcloud

Use the gcloud beta identity groups create command to create a POSIX group:

gcloud beta identity groups create EMAIL \
  --organization=ORGANIZATION_ID \
  --labels=cloudidentity.googleapis.com/groups.discussion_forum \
  --posix-group=gid=GROUP_ID,name=POSIX_NAME

Replace the following:

EMAIL: the email address of the group to be created
ORGANIZATION_ID: the organization the group belongs to. Either an ID ("123456789") or the associated domain ("example.com").
GROUP_ID: the group ID (GID) you set for the group
POSIX_NAME: the name you set for the group

REST

To create a group, call the groups.create() method with the email address, organization ID, POSIX groups, and labels for the new group.

POST 'https://cloudidentity.googleapis.com/v1beta1/groups?initialGroupConfig=WITH_INITIAL_OWNER

{
"parent": "customers/CUSTOMER_ID",
"groupKey": {"id": "EMAIL"},
"labels": {"cloudidentity.googleapis.com/groups.discussion_forum": ""},
"posixGroups": [
  {
    "name": "POSIX_NAME",
     "gid": GROUP_ID,
  }
]
}

Replace the following:

initialGroupConfig=WITH_INITIAL_OWNER: Either ?initialGroupConfig=WITH_INITIAL_OWNER or empty. Any empty group can only be created by organization admins.
CUSTOMER_ID: the customer ID for your organization. To find the customer ID run the gcloud organizations list command
EMAIL: the email address of the group to be created
POSIX_NAME: the name you want to assign to the POSIX group
GROUP_ID: the group ID (GID) you want to assign to the POSIX group

Python

The following example shows a helper function to create a POSIX group using the Python client library:

def create_posix_group(customer_id, email, query, posix_name, posix_gid):
  service = build_service()
  groupDef = {
      "parent": "customerId/{}".format(customer_id),
      "groupKey": {"id": email},
      "labels": {"cloudidentity.googleapis.com/groups.discussion_forum": ""},
      "posixGroups": [
          {
              "name": posix_name,
              "gid": posix_gid,
          }
      ]
  }
  request = service.groups().create(body=groupDef)
  request.uri += "&initialGroupConfig=WITH_INITIAL_OWNER"
  response = request.execute()
  return response

Deleting a POSIX group

The following examples show how to remove POSIX information from a Google group.

gcloud

Use the gcloud beta identity groups update command and specify the --remove-posix-groups flag with the GROUP_ID or POSIX_NAME value:

gcloud beta identity groups update \
   EMAIL \
   --remove-posix-groups=GROUP_ID_or_POSIX_NAME

Replace the following:

EMAIL: the email address of the group to be deleted
GROUP_ID_or_POSIX_NAME: the group ID or POSIX group name of the group to be deleted

REST

To update a Google Group to a POSIX group, call the groups.patch() method with the POSIX groups field specified.

PATCH 'https://cloudidentity.googleapis.com/v1beta1/groups/GROUP_RESOURCE_NAME?updateMask=posix_group

{
  "posixGroups": []
}

Replace the following:

GROUP_RESOURCE_NAME: the resource name of the Google group. To find a group's resource name, run the gcloud identity groups describe command

Python

The following example shows a helper function to update a Google Group to a POSIX group using the Python client library:

def remove_posix_data_from_group(service, group_name, posix_name, posix_gid):
  group = {
    "posix_groups": []
  }
  try:
    request = service.groups().patch(name=group_name, body=group)
    request.uri = request.uri + '&updateMask=posix_groups'
    response = request.execute()
    print(response)
  except Exception as e:
    print(e)

What's next

After the POSIX group exists, you can retrieve it and list its memberships. For more information, see Retrieving and listing POSIX groups.