How to manage groups in Linux system

One of system administrator's job is to manage groups in Linux system. Manage groups task including create new group, assign users to group, remove users from group, delete group and manage group's permission. In this tutorial, we are going to look at some commands needed to manage groups in Linux system.

Linux groupadd command

The groupadd command is used to create a new group in the linux system. Here is a basic information in the groupadd manual page.

NAME
groupadd - create a new group

SYNOPSIS
groupadd [-g GID [-o]] [-f] [-K KEY=VALUE] group

DESCRIPTION
The groupadd command creates a new group account using the values
specified on the command line plus the default values from the system.
The new group will be entered into the system files as needed.

From the synopsis above, the basic groupadd format can be as simple as groupadd <new group>. To create a new group, you must be root. Here is an example of how to create a new group using groupadd command:

In slackware, switch to root user to run the command:

root@slackware:~$ groupadd technical

In Ubuntu, you must add sudo to run the command as root:

luzar@ubuntu:~$ sudo groupadd technical

The groupadd command creates a new group account using the values specified on the command line and the default values from the system. The new group will be entered into the system files as needed.

All groups can be found in /etc/group file. To view /etc/group, type less /etc/group. The command is the same for Slackware and Ubuntu:

bill@slackware:~$ less /etc/group

Linux groups command

Here is a part of groups command information in the manual page:

NAME
groups - print the groups a user is in

SYNOPSIS
groups [OPTION]... [USERNAME]...

DESCRIPTION
--help display this help and exit

--version
output version information and exit

Same as id -Gn. If no USERNAME, use current process.

Type 'groups' without any option will display the current user's group name. Here are examples of Linux groups command:

Example 1 - Linux groups command with no options.

bill@slackware:~$ groups
users floppy audio video cdrom

Example 2 - Linux groups command to check groups of specific user.

luzar@ubuntu:~$ groups aura
aura
luzar@ubuntu:~$ groups luzar
luzar adm dialout cdrom floppy audio dip video plugdev fuse lpadmin admin
luzar@ubuntu:~$

If we mention a username after the groups command, it will display user's initial group.

Add user to a new group

We can use Linux usermod command to add user to a new group. Here is an example of how to do it in Ubuntu:

luzar@ubuntu:~$ sudo groups aura
[sudo] password for luzar:
aura
luzar@ubuntu:~$ sudo usermod -G techdept aura
luzar@ubuntu:~$ sudo groups aura
aura techdept
luzar@ubuntu:~$

Here are the explanation of the above commands. First we used groups username command to view current user's group. Then we use usermod (options) new_group username to add a user to a new group. Finally, we can check user's group again with the groups command.

The steps are the same for Slackware, except you must be root and you don't need sudo command. For more information on usermod command, check the Linux usermod command tutorial.

Linux newgrp command

The newgrp command is used to change the current group ID during a login session. Here is an information about newgrp command from the manual page:

NAME
newgrp - log in to a new group

SYNOPSIS
newgrp [-] [group]

DESCRIPTION
The newgrp command is used to change the current group ID during a
login session. If the optional - flag is given, the user´s environment
will be reinitialized as though the user had logged in, otherwise the
current environment, including current working directory, remains
unchanged.

The current user's primary group is aura. Now we are going to change the primary group to the new group called techdept with newgrp command:

aura@ubuntu:~$ groups
aura techdept
aura@ubuntu:~$ newgrp techdept
aura@ubuntu:~$ groups
techdept aura
aura@ubuntu:~$

The newgrp changes the current group to the named group, or to the default group listed in /etc/passwd if no group name is given. The user will be prompted for a password if she does not have a password and the group does, or if the user is not listed as a member and the group has a password. The user will be denied access if the group password is empty and the user is not listed as a member.

Linux groupdel command

The last command you need to know to manage groups is the groupdel. Let's see some basic information about groupdel command in the manual:

NAME
groupdel - delete a group

SYNOPSIS
groupdel group

DESCRIPTION
The groupdel command modifies the system account files, deleting all
entries that refer to group. The named group must exist.

You must manually check all file systems to insure that no files remain
with the named group as the file group ID.

CAVEATS
You may not remove the primary group of any existing user. You must
remove the user before you remove the group.

Example of groupdel command.

Check whether the group is a primary group for any user:

luzar@ubuntu:~$ less /etc/group
luzar:x:1000:
admin:x:120:luzar
aura:x:1001:
jimi:x:1002:
alex:x:1003:
itdept:x:1004:
techdept:x:1005:aura

The user aura is in the techdept group. You can check whether it's a primary group for aura using groups command:

luzar@ubuntu:~$ groups aura
aura techdept

When it's confirm that the group you are going to delete is not a primary group for any user, you can safely remove it with groupdel command. See example below:

luzar@ubuntu:~$ sudo groupdel techdept
[sudo] password for luzar:
luzar@ubuntu:~$ cat /etc/group
luzar:x:1000:
admin:x:120:luzar
aura:x:1001:
jimi:x:1002:
alex:x:1003:
itdept:x:1004:

The techdept group has been removed.

Back to Linux basic commands main page.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.