Linux allows more than one users to log into the system to run processes/programs at the same time. In order to make this multi-user system work properly, Linux provides ways to isolate and protect users from each other and manage the permissions efficiently. One of the mechanism is user groups.
Linux users may be grouped together into a “user group”. The Linux system administrator may grant accesses to a group and all users from the group will get the accesses so the Linux admin does not need to grant the access to each of the users individually. Linux users usually have a default user group and can be added to additional groups. Users may be also added to an existing group or removed from an existing group. In Linux,
sudo allows a user to have administration privileges without logging in as the root user. The management of which users can run
sudo is usually managed using a special group (
sudo in Debian/Ubuntu,
wheel on Fedora/RHEL/CentOS, as examples). The Linux admin gives or removes the
sudo privilege by adding users to or removing users from the special group.
In the following sections, we show common operations of Linux user group management.
The admins can list/add/remove groups in a Linux system.
Add a group
To add a new group GROUP, run
# groupadd GROUP
Delete a group
To delete a group GROUP, run
# groupdel GROUP
Manage users in groups
Users can be added to or removed from groups in Linux by the admins.
List users in a group
To list all members from a group GROUP, run
# groupmems -g GROUP -l
Add a user to a group
To add a user USER to a group GROUP, run
# gpasswd -a USER GROUP
Or, by modifying the user
# usermod -aG GROUP USER
Delete a user from a group
To delete a user USER from a group GROUP, run
# gpasswd -d USER GROUP
Remove all secondary groups from a user
To make a user USER to stay in its primary group only (that is, remove all secondary/supplementary groups), run
# usermod -G "" USER
Choose the group at run time by a user
A Linux user may belong to multiple to many groups. The user may choose the group it uses at runtime.
List groups of the current user
Run programs or create a file in a different group
To run programs or create a file in a different group, the user must run the
newgrp command to switch their current group. To change the current group to GROUP, run
$ newgrp GROUP
Files with groups
In Linux, the files/folders have groups permissions so that the permissions can be managed at the group level.
Find files/folders owned by a group GROUP
To find files/folders owned by a group GROUP under a path
# find /a/path -group GROUP
Get group of a file/folder
To get group of a file/folder
$ stat -c %G /path/to/file
Change user group of file/folder
Users may also change the file/folder group by using the
chgrp command. The change a FILE’s group to GROUP, run
$ chgrp GROUP FILE