GuidesHow to Manage Linux Groups Using Command Line

How to Manage Linux Groups Using Command Line

Linux groups enable you to specify permissions for multiple users. This enables you to easily manage several users at once, which, in turn, greatly simplifies your work as a system administrator, since you do not have to manage each user individually.

In this guide, sysadmins will learn how to work with groups in Linux.

How to Create Groups in Linux Using Command Line

To create a group, use the groupadd command, as shown below:

$ groupadd my_group 

The newly created group will be added to the /etc/group file. Each line in this file represents a group entry.

In turn, each group entry contains four values separated by semicolons. They are:

  • Group name: The name of the group.
  • Password: Password to the group.
  • Group ID: A unique number identifying the group.
  • Users: A comma-separated list of users in the group.

Below is an example of a group entry in my computer’s /etc/group file:

sudo:x:27:jack,ben

Notice that the password field has the value x. All the password fields in this file should contain this value.

The actual passwords are stored as encrypted values in the /etc/gshadow file. This file is only accessible to the root user. However, all users have read permissions to the /etc/group file.

From the group entry above, the users jack and ben belong to the sudo group. This is a special group that gives its members the right to use the sudo command. If a user who is not in this group tries to use sudo, the incident is logged and reported to the system administrator.

Read: How to Manage Linux Users from the Terminal.

What are the Types of Linux Groups?

There are two types of groups that a user can belong to. When a new user is created, a group with a similar name is automatically created. This type of group is known as a primary group. A user in this group will have their own group permissions.

Note that a user can belong to only one primary group. However, a user can belong to a supplementary group, called a secondary group. A user can belong to one or more (or even zero) secondary groups.

Add a User to a Linux Group

The usermod command, in combination with the -G argument, allows you to add an existing user to a supplementary group. Here is how you achieve this on using the command line:

$ usermod -G group1 user1

The above command has one shortfall: if the user belongs to other supplementary groups (such as group2 or group3), they will be removed from these groups. In this scenario, the user will only be added to group1. To avoid this, you need to first list all the groups that a user belongs to and then include them while running the usermod command.

To view the groups that the current user belongs to, run the groups command, like so:

$ groups

If you are checking for a different user account, then you’ll need to add the user name after groups.

Afterwards, you can run the usermod command, shown below:

$ usermod -G group1,group2,group3 user1

To avoid this tedious process of having to first know all the groups that a user belongs to, simply add the append (-a) argument whenever you are adding a user to a group:

$ usermod -a -G sudo username

You can also simultaneously add a user to multiple groups using the syntax below:

$ usermod -a -G groupA,groupB,groupC username 

For some reasons, you may wish to change a user’s primary group. In this case, you should use the -g argument. Notice that this command uses a lowercase g.

$ usermod -g groupname username 

You may also need to know how many groups are on your system. The getent command enables you to list them:

$ getent group 

You may also want to delete a group account. Use the groupdel command to do so:

$ sudo groupdel groupname

To simply remove a user from a Linux group, use the gpasswd tool, as shown below:

$ sudo gpasswd -d username groupname

Linux Groups Tutorial

Groups enable you to collectively manage users. You should use groups when you have permissions that a certain category of users need to have or be restricted to. Remember to always include the append option (-a) while adding a user to a secondary group. Not doing so will remove the user from other supplementary groups to which they belong.

Latest Posts

Related Stories