How To Create and Manage Groups in Linux

How To Create and Mange Groups in Linux

A group is a collection of users in Linux that shares some commonalities for the purpose of security, privilege, etc.

Linux allows its administrators to create different user groups very easily. This is convenient because you can create a user group and manage all of the user’s permissions at once, instead of individually assigning permissions to each user.

If you are not familiar with Linux permissions and how to manage them, take a look at this article.

In this tutorial, we will cover how to create groups in Linux and briefly explain how to manage them.

Types of groups in Linux

There are mainly two types of groups in Linux:

  1. Primary Group: Each user belongs to a primary group. The group is created when the user is created, and the name of the user and the group is generally the same.
  2. Secondary Group: A user may belong to one or more secondary groups except from the primary group. Secondary groups are useful for managing permissions for multiple users.

While every user has a primary group they belong to, the users may not belong to any secondary group at all. This will become clearer when we show you how to create new users and add them to a new or existing group.

Basic management of groups and users

The groupadd command is the most used tool for creating new groups. The basic syntax of the groupadd command is:

groupadd [options] group_name

You can view all the available options in the help menu of the command. Type in groupadd -h in the terminal to read the description of all the options.

Viewing existing groups on Linux

Chances are there will be many different groups in your Linux system by default. This is because a lot of software and system packages also create their own users and groups to function properly.

There is a file (/etc/group) that lists all the groups present in a Linux system. This file has the name of all the groups and the users that belong in those groups.

To view all the groups, we can just cat the file:

cat /etc/group
Output
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,edxd
tty:x:5:syslog
disk:x:6:
...
lxd:x:118:
edxd:x:1000:
matt:x:1001:
testusers:x:1002:
testers:x:1003:edxduser
anothergroup:x:1005:edxduser
docker:x:1006:edxd

The leftmost names in the list before the first colon are the name of the groups. The next x after the first colon indicates the password field, which is not stored in this file. The number after the second colon represents the group id (gid). The last field after the third colon is where the users are listed belonging to the group. For example, the user syslog and edxd belong to the group adm marked in green.

You can also view the groups using the getent (get entries) command:

getent group

The command getent is used for viewing the entries in some text databases. Some examples of these databases would be the group file, passwd file, etc.

Create a new group with the groupadd command

To create a new group using the groupadd command, you just have to specify the group name after the command. Remember to use sudo before the command to get root privileges:

sudo groupadd bytexd_group

Now let’s take a look at the /etc/group file to see if this new group was added to the list:

cat /etc/group
Output
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,edxd
tty:x:5:syslog
disk:x:6:
...
lxd:x:118:
edxd:x:1000:
matt:x:1001:
testusers:x:1002:
testers:x:1003:edxduser
anothergroup:x:1005:edxduser
docker:x:1006:edxd
bytexd_group:x:1007:

As you can see, the group bytexd_group has been created with the group id (gid) of 1007. This is how you can create new user groups. Now let’s learn how to add a user to an existing group.

Create a group with a custom group id (gid)

In Linux, when a new group is created, the group is assigned a unique identifier number, called the group id or GID in short.

The GIDs are assigned using the next available number in the system file named login.defs.

We can use the -g or --gid flag to specify the gid when creating a group. Let’s create a group with a gid of 1100:

sudo groupadd -g 1100 new_gid

Let’s see if the group was created or not. Type in:

getent group | grep new_gid
Output
new_gid:x:1100:

As you can see, the group new_gid has been created with the group id (gid) of 1100. If the gid you specified is already used to identify a group, you can use the -o flag to specify a non-unique option, which will allow you to create multiple groups with the same group id.

sudo groupadd -o -g 1000 duplicate_gid_group

Creating a new user using the useradd command

We can use the useradd command to create a new user on Linux:

sudo useradd bytexd_user

To view the new created user, you can follow the same method used for the group. The users are listed on a file called passwd (/etc/passwd) on Linux:

sudo cat /etc/passwd

Or, use the getent command:

sudo getent passwd
Output
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
...
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
edxd:x:1000:1000:,,,:/home/edxd:/bin/bash
edxduser:x:1001:1002:Temporary user for Production Team:/var/matt:/bin/sh
bytexd_user:x:1002:1101::/home/bytexd_user:/bin/sh

As you can see in the output, the new user bytexd_user has been created. In the passwd file, the first string before the colon is the username, the second string is the password (in this case x, or hidden). The numbers in the third and fourth field are the user id (uid) and the group id (gid) respectively. The next field is for the full name of the user, and the next one is the home directory for the user. The last field is the location of the shell for the user.

Do you remember the types of groups that we talked about at the beginning of the article? Let’s check out if adding this new member created a primary group for the user bytexd_user. We’ll use grep to filter out the result that we are looking for:

getent group | grep bytexd
Output
bytexd_group:x:1007:
bytexd_user:x:1101:

From the output, we can see that Linux created a new group named bytexd_user with the group id (gid) of 1101.

If you take a look at the previous command’s output, you’ll see that the gid of the user is 1002 (bytexd_user:x:<strong>1002</strong>:1101::/home/bytexd_user:/bin/sh). This proves that the user bytexd_user does belong to the primary group with the same name and gid = 1002.

Adding an existing user to existing groups

Now that we have created a new group (bytexd_group) and a new user (bytexd_user), let’s see how we can add the new user to our new group. The usermod command is used to modify a user account. We will be using this command with the -a flag to add a user to an existing group.

Let’s look at the syntax of the command:

sudo usermod -a -G [group1,group2,…] [username]

Now let’s add bytexd_user to bytexd_group:

sudo usermod -a -G bytexd_group bytexd_user

Let’s take a look at the change:

getent group | grep bytexd_group
Output
bytexd_group:x:1007:bytexd_user

As you can see, the bytexd_user has been added to the group bytexd_group. You can also add a user to multiple existing groups at once separating the group names by comma:

sudo usermod -a -G group1,group2 username

Now let’s see where we can utilize this functionality of adding a user to an existing group.

Adding a user to the sudo group

As you know, the sudo group in Linux has the administrator/root privileges.

If you want to give access to root privileges to a user, you can simply add the user to the sudo group. I’ll type in the following to give bytexd_user sudo privileges:

sudo usermod -a -G sudo bytexd_user

Now let’s see who belongs to the sudo group:

getent group | grep sudo
Output
getent group | grep sudo

Isn’t this great? Now our newly created user bytexd_user can utilize the sudo privileges. This is how useful the groups in Linux are. Try out on your own and see if you can grant sudo privileges to a user who did not have it before.

Display user and group information

To get the detail information for a user, we can use the id command followed by the username:

id bytexd_user
Output
uid=1002(bytexd_user) gid=1101(bytexd_user) groups=1101(bytexd_user),27(sudo),1007(bytexd_group)

The output shows the user id, group id, and the group names that the user belongs to.

Changing primary group for an existing user

We can use the usermod command with the lowercase -g flag to change the primary group an existing user belongs to. The command syntax is as follows:

sudo usermod -g group_name user_name

Now that we’ve learned how to add users and groups in all sorts of ways, let’s learn how to remove them.

Remove a user from a group

To remove a user from a specific group, we can use the gpasswd command with a -d flag. Here is the syntax:

sudo gpasswd -d user_name group_name

Let’s remove bytexd_user from sudo group:

sudo gpasswd -d bytexd_user sudo

Removing user bytexd_user from group sudo:

Check if the sudo group has bytexd_user user:

getent group | grep sudo
Output
sudo:x:27:edxd

As you can see, there is no bytexd_user listed in the output.

How to delete a user

We will use the userdel command to remove a group. The syntax is as follows:

sudo userdel [options] user_name

Let’s delete the user we created (bytexd_user):

sudo userdel bytexd_user

Let’s check if we have any user named bytexd_user:

getent passwd | grep bytexd

The output shows no entries. Thus, the user called bytexd_user has been deleted.

How to delete a group

The command groupdel can be used to remove a group. The syntax is as follows:

sudo groupdel [options] group_name

Now let’s delete the group we created earlier (bytexd_group):

sudo groupdel bytexd_group

Let’s check if there is any group called bytexd_group:

getent group | grep bytexd

The output shows no entries listed. Thus, the group named bytexd_group has been deleted.

Conclusion

In this tutorial, we covered the basics you will require to manage groups and users on Linux. This was a brief tutorial introducing the topic at hand. If you want to learn more, you can use the manual of the commands we have used in this tutorial (groupadd, useradd, usermod, userdel, groupdel, etc.).

Type in man [command_name] in the terminal to access the dedicated manuals for each of the commands.

We hope you liked the tutorial. If you have some questions or comments in general, feel free to leave them down below and we’ll get back to you as soon as possible. Thank you for reading!

1 Shares:
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
You May Also Like