Before you start
Objectives: Learn how to create new groups, manage existing ones, and how to change group membership in Linux.
Prerequisites: no prerequisites.
Key terms: groupadd, groupmod, groupdel, usermod, Linux
Creating and Managing Groups
To add a new group we can use the โgroupaddโ command. If we only enter the โgroupaddโ, we will see the syntax of the command. For example, to add a group called โdevelopersโ we would enter the โgroupadd developersโ command. To check that our new group is listed we can enter the โcat /etc/groupโ command which will show us the content of the /etc/group database (file). Note that you will have to use the sudo command to get root privileges, if you are not logged in as root.
groupadd Command
In /etc/group file you will notice that there will be groups listed with the same name as users on our machine. Anytime we create a new user, the system automatically create a new group of the same name as the user. Then it makes that group the primary group for that user. However, not all distributions use this method.
/etc/group Format
If we look at the format of the /etc/group file, we see that each line identifies a group. Each line contains several fields separated by a colon. We see that the first column contains the group name. Then the group password would be next. The next thing is the group ID number.
/etc/group File
Groups are typically used for allowing different users to have access to the same things on our system. Because of that we want to allow users to be able to change to different groups themselves so that they can get access to different resources. To restrict user ability to add them to the group, we can assign that group a password. That way, if the user tries to change their group membership to that group, they would have to provide the password.
The last field in the /etc/group file would be a comma delimited list of user IDs that are members of that group. Note that primary group membership is not shown, only secondary group membership users are listed.
We also have a /etc/gshadow file. The gshadow file actually contains passwords for specific groups. The first field is the group name, second is the password, third is the list of administrators of the group, and the fourth is the list of group members.
gshadow File
The second field (group password) can contain exclamation mark (!) which means that the group canโt be accessed using the password. The double exclamation mark (!!) means that no password has been assigned to the group. If there is no value, only group members can log in to the group. To change the group password we can use the โgpasswdโ command. For example, if we enter the โgpasswd developersโ the terminal will prompt us to enter the password for the group โdevelopersโ.
Modifying Groups
To modify groups we can use the โgroupmodโ command. With this command we can change the group ID, name, etc. To delete a group, we can use the โgroupdelโ command. To see the syntax, enter the command with the โhelp option. In our example, we have renamed our โdevelopersโ group to โdevsโ. Then we have deleted the โdevsโ group.
groupmod and groupdel Commands
Note that we canโt add users to the groups using the โgroupmodโ command. To do that, we have to use the โusermodโ command. Letโs check the usermod command syntax.
usermod Help
Notice that we can use the -g to change the primary group for the user, or -G to change the secondary group membership. We can also use the -a option to append user to groups (without removing user from other groups). In our example we have user called โdemoโ and we want to change the secondary group for that user to the group called โsambashareโ. To do that we will enter the command โsudo usermod -G sambashare demoโ. After that we can check the sambashare group now. We will see a comma separated list of users which are members of that group, including the demo user.
Group Members