Linux User Group Management and Operations

Linux allows more than one users to log into the system to run processes/programs at the same time. In order to make this multi-user system work properly, Linux provides ways to isolate and protect users from each other and manage the permissions efficiently. One of the mechanism is user groups.

Linux users may be grouped together into a “user group”. The Linux system administrator may grant accesses to a group and all users from the group will get the accesses so the Linux admin does not need to grant the access to each of the users individually. Linux users usually have a default user group and can be added to additional groups. Users may be also added to an existing group or removed from an existing group. In Linux, sudo allows a user to have administration privileges without logging in as the root user. The management of which users can run sudo is usually managed using a special group (sudo in Debian/Ubuntu, wheel on Fedora/RHEL/CentOS, as examples). The Linux admin gives or removes the sudo privilege by adding users to or removing users from the special group.

In the following sections, we show common operations of Linux user group management.

Manage groups

The admins can list/add/remove groups in a Linux system.

Add a group

To add a new group GROUP, run

# groupadd GROUP

Delete a group

To delete a group GROUP, run

# groupdel GROUP

Manage users in groups

Users can be added to or removed from groups in Linux by the admins.

List users in a group

To list all members from a group GROUP, run

# groupmems -g GROUP -l

Add a user to a group

To add a user USER to a group GROUP, run

# gpasswd -a USER GROUP

Or, by modifying the user

# usermod -aG GROUP USER

Delete a user from a group

To delete a user USER from a group GROUP, run

# gpasswd -d USER GROUP

Remove all secondary groups from a user

To make a user USER to stay in its primary group only (that is, remove all secondary/supplementary groups), run

# usermod -G "" USER

Choose the group at run time by a user

A Linux user may belong to multiple to many groups. The user may choose the group it uses at runtime.

List groups of the current user

$ groups

Run programs or create a file in a different group

To run programs or create a file in a different group, the user must run the newgrp command to switch their current group. To change the current group to GROUP, run

$ newgrp GROUP

Files with groups

In Linux, the files/folders have groups permissions so that the permissions can be managed at the group level.

Find files/folders owned by a group GROUP

To find files/folders owned by a group GROUP under a path /a/path, run

# find /a/path -group GROUP

Get group of a file/folder

To get group of a file/folder /path/to/file, run

$ stat -c %G /path/to/file

Change user group of file/folder

Users may also change the file/folder group by using the chgrp command. The change a FILE’s group to GROUP, run

$ chgrp GROUP FILE

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

Leave a Reply

Your email address will not be published. Required fields are marked *