User management is a critical part of server and network administration.
Admins need to group users around services and actions to simplify user privilege management and access. For instance, all users with administrator rights on a machine are grouped into a sudo group.
In Linux, a group functions as a collective framework, allowing administrators to manage permissions for multiple users simultaneously. Admins use Linux groups to quickly manage (grant or revoke) user rights for services and operations.
In this article, we’ll introduce you to the Linux groups, how they work, and, more importantly, how you can create and manage them. You’ll discover how user groups operate in Linux and how to add users to particular groups.
Table Of Contents
- What is a Group in Linux?
- Working With Groups in Linux
- How to Create a User Group
- Add an Existing User to a Group
- Add a User to Several Groups at Once
- Create a New User and Add Them to a Group(s)
- Set the Primary Group of a User
- Create a User with a Specific Primary Group
- Change the Primary Group of an Existing User
- How to Delete a Current User from a Group
- How to Delete a Group
- How to List Groups in Linux
- Common Groups in a Linux Environment
What is a Group in Linux?
In Linux, users often have diverse requirements and responsibilities. For instance, some may need to execute programs, while others only need permission to access specific files or folders.
You can create predefined sets of permissions by creating groups. That way, instead of managing permissions for individual user accounts, admins only need to add these user accounts to a group, and all the permissions and rights of the group will be allocated to these user accounts.
The idea of groups is central to the Linux operating system. All users are members of at least one group. These groups can be broadly classified into Primary and Secondary Groups.
The primary group is the default group associated with a logged-in user. Any new files this user creates will be automatically assigned to their primary group. Each user is linked to a single primary group at any given moment. Typically, the primary group shares the same name as the user, which dictates the group ownership of any files they create. The operating system assigns this group to files generated by the respective user.
Every user in the Linux system is assigned to a primary group, and the information about a user’s primary group can be found in the /etc/passwd file.
Users have the flexibility to join multiple secondary groups or even opt not to be part of any. These secondary groups are often created to handle permissions for certain software applications and files.
Group members automatically inherit the read, write, and execute permissions admins set for that group. The /etc/group file contains the details about the secondary groups a user belongs to. In the following screenshot, you can see the secondary groups for user john.
Working With Groups in Linux
Now that you have a clear idea of the concept of groups in Linux let’s see how you can work with these groups and manage user inclusion and exclusion from specific groups.
Here are the prerequisites for working with groups in Linux:
- A system running a Linux distribution
- A user account with root or sudo access
- Access to a terminal or command line
How to Create a User Group
You can create a user group In Linux with the groupadd command. The basic syntax for creating a new group is
# groupadd <groupname>
For instance, you can use the following command to create a group named mynewgroup:
# groupadd mynewgroup
Notice that you’ll not get any status message about the success or failure of the command. You can use the following command to see information about the mynewgroup group. This command uses the grep utility to extract information about the group from the /etc/group file.
# grep mynewgroup /etc/group
You will see a line with the new group’s name and its details.
When creating a new group, you can assign a unique group ID (GID) to distinguish it from other groups. For this, you can use the -g <GID> flag with the groupadd command. Here’s the command that creates a group mynewgroup and assigns it a GID of 1005.
# groupadd -g 1005 mynewgroup
If you’re creating a system group reserved for system accounts and services, you need to assign it a GID of less than 1000. For this, you can use the -r flag with the groupadd command:
# groupadd -r <systemgroupname>
Add an Existing User to a Group
You can add an existing user to a group with the usermod or the gpasswd command.
Add Existing Users to a Group with the usermod Command
The syntax of the usermod command to add a user to a group is:
# usermod -a -G <groupname> <username>
Where groupname is the group you wish to add the user to, and the username is the user account. The -a flag tells the command to append the user to additional groups. If you miss this flag, the user might be disassociated from other groups. The -G flag indicates the supplementary group(s) to add the user to.
For instance, use the following command to add a user harry, to the sudo group:
# usermod -a -G sudo harry
Add Existing Users to a Group with the gpasswd Command
The gpasswd command offers another way of adding a user to a group. The typical syntax of the command is:
# gpasswd -a <username> <groupname>
where groupname is the name of the group, and username is the user account you wish to add to the group. The -a flag indicates that you wish to add the user to the group. Alternatively, you can use the — add user flag.
You can use the following command to add a user tom, to the sudo group:
# gpasswd -a tom sudo
Important: After adding a user to a group, the user must log out and log back in for the new group membership to take effect.
Since you don’t get a status update, you should always verify that the user has been added to the group with the group command that displays all the groups a user account belongs to.
# groups <username>
Add a User to Several Groups at Once
There are times when you wish to add a user to multiple groups in one go.
You can use the usermod command with the -aG flag, followed by a list of groups separated by commas. Here’s the syntax of this command:
# usermod -aG <group1>,<group2>,<group3> <username>
For instance, use the following command to add the user account john to three groups – developers, designers, and admins.
# usermod -aG developers,designers,admins john
Important: Always use the -a option with usermod -G to append the user to groups so you don’t accidentally remove them from other groups they might already be a part of.
Create a New User and Add Them to a Group(s)
Here’s an interesting scenario:
You want to create a new user and add them to a group (or several groups) in a single command.
For this, you can use the useradd command with the b flags.
# useradd -m -G <groupname> <newuser>
For instance, use the command to create a new user account named Susan and add it to the developers group.
Next, you need to set a password for this new user. You can do this with:
#sudo passwd <username>
Set the Primary Group of a User
Each user on a Linux system has a primary group, which acts like their default group.
If you create a new user without choosing a primary group, the system either picks a common default group (usually named the same as the user) or creates a new group with the user’s name as the main group.
The recommended practice is to specify a primary group for the user when you create the account.
Create a User with a Specific Primary Group
Here’s how you can specify a primary group when creating the user account.
Use the useradd command with the -g flag, followed by the desired primary group name. The syntax of this command is:
# useradd -g <primary_groupname> <username>
For example, use the following command to create a user named johny with admins as the primary group:
# useradd -g admins johny
Change the Primary Group of an Existing User
As an admin, you may wish to assign a user account to a different group. For this, you can use the following command:
# sudo usermod –g <group_name> <user_name>
Note that the lowercase -g flag is used for primary groups and the uppercase -G for secondary groups.
For instance, here’s the command to change the current primary group of the user account johny to developers:
# sudo usermod -g developers johny
How to Delete a Current User from a Group
Removing users from a group is another administrative task you must perform fairly regularly. You can use the gpasswd or vigr command to remove a user from a group in Linux.
Delete a User from a Group with the gpasswd Command
Here’s the command you can use the gpasswd command to delete a user from a group:
# gpasswd -d username groupname
Delete a User from a Group with the vigr Command
You can also use the vigr command to remove a user from a group.
Start with the following command:
# vigr -s
This opens the /etc/group file in an editor. Locate the group from which you intend to remove the user account.
For instance, consider that the /etc/group file contains the following entry:
Simply delete the username Susan to remove it from the developers group:
Save and exit the editor.
Important: After removing a user from a group, always verify the change by listing the groups for a user account. For this, use the grep utility to extract the details for the user account from the /etc/group file.
How to Delete a Group
You can easily delete a group with groupdel command. The syntax of this command is:
# groupdel <groupname>
For instance, you can delete the designers group with the following command:
# groupdel designers
Make sure you have the necessary permissions to execute this command and that the group is not a primary group assigned to a user.
How to List Groups in Linux
Finally, let’s see how you can list groups in your Linux system.
List All Groups on the System
We recommend listing the contents of the /etc/group file to see all the groups (and the associated user accounts) on the system.
# cat /etc/group
List All Groups for a User Account
Use the groups command to list all groups for a user account:
# groups <username>
We suggest the id command to see more details, such as all the groups a user account belongs to and the associated GID and UID.
# id <username>
Common Groups in a Linux Environment
Regardless of the distribution, you can find several common groups in a Linux system. These groups are used to manage permissions and facilitate the compartmentalization of tasks and roles. We have compiled a list of these frequently encountered groups, starting with root, the superuser group.
Adding a user to a group in Linux is a critical administration activity that grants (or revokes) specific permissions. Admins use commands like usermod and gpasswd to manage groups and enhance system organization and security. Efficient group management keeps Linux systems structured and secure.
We highly recommend regular policy reviews to update groups to ensure all users have the right permissions for their workflows. Admins should promptly remove users from a group with commands such as gpasswd or vigr if required. Once removed, admins should confirm removal as a crucial follow-up step for system integrity and accurate permissions.
RedSwitches helps customers by offering customizable bare metal servers. So, if you’re looking for a robust server infrastructure for your projects, we offer the best-dedicated server pricing and deliver instant dedicated servers, usually on the same day the order gets approved. Whether you need a dedicated server, a traffic-friendly 10Gbps dedicated server, or a powerful bare metal server, we are your trusted hosting partner.
Q. How can I add a new user to a group in Linux?
Use the usermod command paired with the -aG option to add a new user to a group In Linux. For instance, to add a user called john to the marketing group, execute the command:
# usermod -aG marketing john
Q. How can I add an existing user account to a group in Linux?
You can add an existing user to a group with the usermod command. So, if you wish to include a user called mary” in a group titled sales, execute the command:
# usermod -aG sales mary
Q. How can I add a user to several groups in Linux?
You can easily add a user to several groups at once by mentioning all the groups (comma-separated and without spaces) in the usermod command. Here’s the syntax of the command:
# usermod -aG group1,group2,group3 username
Q. How can I remove a user from a specific group in Linux?
A: Use the gpasswd tool combined with the -d parameter to remove a user from a group. For instance, use the following command to remove the user jane from the hr group:
# gpasswd -d jane hr
Q. How can I create a new group in Linux?
You can create a new group in Linux with the groupadd command. Here’s the command to create a new group named developers:
# groupadd developers
Q. How can I delete a group in Linux?
Use the groupdel command to delete a group from a Linux system. Here’s how you can delete a group called sales:
# groupdel sales
Q. How can I modify a user’s primary group in Linux?
You can change a user’s primary group with the usermod -g command. For instance, use the following command to set developers as the primary group for the user tom:
# usermod -g developers tom
Q. How can I create a new user account in Linux?
Use the useradd command to add a new user to your Linux system. For instance, use the following command to add a new user account named sam:
# useradd sam
Q. How can I add several users to a group in Linux?
You can easily add multiple users to a single group in Linux with the usermod -aG command. For instance, run the following commands to add users joe and emma to the admins group.
# usermod -aG admins joe
# usermod -aG admins emma
Q. How can I remove a user from a group and then delete the group in Linux?
This can be done in two steps. First, you delete the user with the gpasswd -d command and then delete the group with the groupdel command. For instance, use the following commands to remove the user jack from the developers group and then delete the group:
# gpasswd -d jack developers
# groupdel developers