/etc/passwd shows user in a group, but /etc/group does not
Yes, this discrepancy is normal. I've seen it so many times I stopped looking at the
/etc/group files and instead started looking at group memberships the way they should be looked at:
getent group <groupname> and
Yes, there is a difference between the primary and supplementary groups. The primary group is the main one shown in
/etc/passwd, that a user is in upon login. For a user to be in a supplementary group, their user name is added to the group entry in
/etc/group. If you use
id -a <user>, it will show the primary and the supplementary groups. The supplementary groups give access to resources, but any new files are created with primary group.
You can change a users currently active primary group using the
It is not necessary for a user to have the primary group also be a secondary group. All it will do is reduce the number of secondary groups a user can be part of. Traditionally a user was limited to 32 secondary groups, but that may have changed in recent years.
usermod can set a users primary and supplementary groups in one command. Using a configuration management tool like puppet can also do that without having to worry about what specific command is necessary on different types of unixes.