A group is a collection of users in Linux that shares some commonalities for the purpose of security, privilege, etc.
If you are not familiar with Linux permissions and how to manage them, take a look at this article.
In this tutorial, we will cover how to create groups in Linux and briefly explain how to manage them.
Types of groups in Linux
There are mainly two types of groups in Linux:
- Primary Group: Each user belongs to a primary group. The group is created when the user is created, and the name of the user and the group is generally the same.
- Secondary Group: A user may belong to one or more secondary groups except from the primary group. Secondary groups are useful for managing permissions for multiple users.
While every user has a primary group they belong to, the users may not belong to any secondary group at all. This will become clearer when we show you how to create new users and add them to a new or existing group.
Basic management of groups and users
The groupadd command is the most used tool for creating new groups. The basic syntax of the groupadd command is:
groupadd [options] group_name
You can view all the available options in the help menu of the command. Type in groupadd -h in the terminal to read the description of all the options.
Viewing existing groups on Linux
Chances are there will be many different groups in your Linux system by default. This is because a lot of software and system packages also create their own users and groups to function properly.
There is a file (/etc/group) that lists all the groups present in a Linux system. This file has the name of all the groups and the users that belong in those groups.
To view all the groups, we can just cat the file:
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,edxd tty:x:5:syslog disk:x:6: ... lxd:x:118: edxd:x:1000: matt:x:1001: testusers:x:1002: testers:x:1003:edxduser anothergroup:x:1005:edxduser docker:x:1006:edxd
The leftmost names in the list before the first colon are the name of the groups. The next x after the first colon indicates the password field, which is not stored in this file. The number after the second colon represents the group id (gid). The last field after the third colon is where the users are listed belonging to the group. For example, the user syslog and edxd belong to the group adm marked in green.
You can also view the groups using the getent (get entries) command:
The command getent is used for viewing the entries in some text databases. Some examples of these databases would be the group file, passwd file, etc.
Create a new group with the groupadd command
To create a new group using the groupadd command, you just have to specify the group name after the command. Remember to use sudo before the command to get root privileges:
sudo groupadd bytexd_group
Now let’s take a look at the /etc/group file to see if this new group was added to the list:
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,edxd tty:x:5:syslog disk:x:6: ... lxd:x:118: edxd:x:1000: matt:x:1001: testusers:x:1002: testers:x:1003:edxduser anothergroup:x:1005:edxduser docker:x:1006:edxd bytexd_group:x:1007:
As you can see, the group bytexd_group has been created with the group id (gid) of 1007. This is how you can create new user groups. Now let’s learn how to add a user to an existing group.
Create a group with a custom group id (gid)
In Linux, when a new group is created, the group is assigned a unique identifier number, called the group id or GID in short.
The GIDs are assigned using the next available number in the system file named login.defs.
We can use the
--gid flag to specify the gid when creating a group. Let’s create a group with a gid of 1100:
sudo groupadd -g 1100 new_gid
Let’s see if the group was created or not. Type in:
getent group | grep new_gid
As you can see, the group new_gid has been created with the group id (gid) of 1100. If the gid you specified is already used to identify a group, you can use the
-o flag to specify a non-unique option, which will allow you to create multiple groups with the same group id.
sudo groupadd -o -g 1000 duplicate_gid_group
Creating a new user using the useradd command
We can use the useradd command to create a new user on Linux:
sudo useradd bytexd_user
To view the new created user, you can follow the same method used for the group. The users are listed on a file called passwd (/etc/passwd) on Linux:
sudo cat /etc/passwd
Or, use the getent command:
sudo getent passwd
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin ... sshd:x:109:65534::/run/sshd:/usr/sbin/nologin landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin pollinate:x:111:1::/var/cache/pollinate:/bin/false edxd:x:1000:1000:,,,:/home/edxd:/bin/bash edxduser:x:1001:1002:Temporary user for Production Team:/var/matt:/bin/sh bytexd_user:x:1002:1101::/home/bytexd_user:/bin/sh
As you can see in the output, the new user bytexd_user has been created. In the passwd file, the first string before the colon is the username, the second string is the password (in this case x, or hidden). The numbers in the third and fourth field are the user id (uid) and the group id (gid) respectively. The next field is for the full name of the user, and the next one is the home directory for the user. The last field is the location of the shell for the user.
Do you remember the types of groups that we talked about at the beginning of the article? Let’s check out if adding this new member created a primary group for the user bytexd_user. We’ll use grep to filter out the result that we are looking for:
getent group | grep bytexd
From the output, we can see that Linux created a new group named bytexd_user with the group id (gid) of 1101.
If you take a look at the previous command’s output, you’ll see that the gid of the user is 1002 (
bytexd_user:x:<strong>1002</strong>:1101::/home/bytexd_user:/bin/sh). This proves that the user bytexd_user does belong to the primary group with the same name and gid = 1002.
Adding an existing user to existing groups
Now that we have created a new group (bytexd_group) and a new user (bytexd_user), let’s see how we can add the new user to our new group. The usermod command is used to modify a user account. We will be using this command with the
-a flag to add a user to an existing group.
Let’s look at the syntax of the command:
sudo usermod -a -G [group1,group2,…] [username]
Now let’s add bytexd_user to bytexd_group:
sudo usermod -a -G bytexd_group bytexd_user
Let’s take a look at the change:
getent group | grep bytexd_group
As you can see, the bytexd_user has been added to the group bytexd_group. You can also add a user to multiple existing groups at once separating the group names by comma:
sudo usermod -a -G group1,group2 username
Now let’s see where we can utilize this functionality of adding a user to an existing group.
Adding a user to the sudo group
As you know, the sudo group in Linux has the administrator/root privileges.
If you want to give access to root privileges to a user, you can simply add the user to the sudo group. I’ll type in the following to give bytexd_user sudo privileges:
sudo usermod -a -G sudo bytexd_user
Now let’s see who belongs to the sudo group:
getent group | grep sudo
getent group | grep sudo
Isn’t this great? Now our newly created user bytexd_user can utilize the sudo privileges. This is how useful the groups in Linux are. Try out on your own and see if you can grant sudo privileges to a user who did not have it before.
Display user and group information
To get the detail information for a user, we can use the id command followed by the username:
uid=1002(bytexd_user) gid=1101(bytexd_user) groups=1101(bytexd_user),27(sudo),1007(bytexd_group)
The output shows the user id, group id, and the group names that the user belongs to.
Changing primary group for an existing user
We can use the usermod command with the lowercase
-g flag to change the primary group an existing user belongs to. The command syntax is as follows:
sudo usermod -g group_name user_name
Now that we’ve learned how to add users and groups in all sorts of ways, let’s learn how to remove them.
Remove a user from a group
To remove a user from a specific group, we can use the gpasswd command with a
-d flag. Here is the syntax:
sudo gpasswd -d user_name group_name
Let’s remove bytexd_user from sudo group:
sudo gpasswd -d bytexd_user sudo
Removing user bytexd_user from group sudo:
Check if the sudo group has bytexd_user user:
getent group | grep sudo
As you can see, there is no bytexd_user listed in the output.
How to delete a user
We will use the userdel command to remove a group. The syntax is as follows:
sudo userdel [options] user_name
Let’s delete the user we created (bytexd_user):
sudo userdel bytexd_user
Let’s check if we have any user named bytexd_user:
getent passwd | grep bytexd
The output shows no entries. Thus, the user called bytexd_user has been deleted.
How to delete a group
The command groupdel can be used to remove a group. The syntax is as follows:
sudo groupdel [options] group_name
Now let’s delete the group we created earlier (bytexd_group):
sudo groupdel bytexd_group
Let’s check if there is any group called bytexd_group:
getent group | grep bytexd
The output shows no entries listed. Thus, the group named bytexd_group has been deleted.
In this tutorial, we covered the basics you will require to manage groups and users on Linux. This was a brief tutorial introducing the topic at hand. If you want to learn more, you can use the manual of the commands we have used in this tutorial (groupadd, useradd, usermod, userdel, groupdel, etc.).
man [command_name] in the terminal to access the dedicated manuals for each of the commands.
We hope you liked the tutorial. If you have some questions or comments in general, feel free to leave them down below and we’ll get back to you as soon as possible. Thank you for reading!