Groups and users
June 28, 2019•5,673 words
If you wanna sue, read the last section.
Me: Alright?
Whomever: S'alright
Adding a User to a Group in Linux
If you just want to add a user to a group use the following command:
1 | sudo adduser username grouptoadd |
This will add your user: username, to the grouptoadd group. More often than not, this is the best practice for when you want to add a user to a group. Technically, this is considered a secondary group. The primary group defaults to a group that is the same as the username in Linux. In this example, the primary group for username would most likely be called “username” as well.
The Nitty-Gritty Details and a Tutorial
There are two kinds of groups:
- Primary Group: This is the group applied to you when you log in; in most user cases it has the same name as your login name. The primary group is used by default when creating new files (or directories), modifying files, or executing commands.
- Secondary Groups (AKA Supplementary Groups): These are groups you are a member of beyond your primary group. As an example, this means that if a directory or file belongs to the www-data group (as used by the web server process in this case), then all www-data group members can read or modify these files directly (assuming the permissions also allow for this).
A list of all currently available groups can be found in the /etc/group file.
Note that every group can also have administrators, members, and a password. See explanations of the gpasswd and sg commands below.
1. Create a New User: useradd or adduser
Linux users can be added via the useradd or adduser commands. Note that useradd is the native binary associated with Linux systems, whereas useradd is a Perl script that uses said binary in its backend. Both commands share functionality, but some say adduser is more user-friendly, so we’re going to start there in our demo. Using the adduser command, let’s create a new user: foobar. Later we’ll change the group permissions for this new user.
1 | sudo adduser foobar |
We will be asked to enter our (sudo-allowed) user password before the user account is created:
1 2 3 4 5 6 | [sudo] password for user: Adding user foobar' ... Adding new groupfoobar' (1001) ... Adding new user foobar' (1001) with groupfoobar' ... Creating home directory `/home/foobar' ... ... |
We see that the user, foobar, was assigned the primary group, foobar, by default.
2. Get User ID and Groups Information: id and groups
To show all the user information and group memberships, we can use the id command:
1 2 | $ id foobar uid=1001(foobar) gid=1001(foobar) groups=1001(foobar) |
1 2 | $ id foobar uid=1001(foobar) gid=1001(foobar) groups=1001(foobar) |
Here the gid, or group ID, is the primary user group and groups is the secondary group.
We could also get all the users’ groups with the groups command:
1 2 | $ groups foobar foobar : foobar |
1 2 | $ groups foobar foobar : foobar |
3. Change the Primary Group of a User: usermod -g
In some cases it can make sense to change the primary group of a user.
We can do this with the usermod command:
1 | $ sudo usermod -g www-data foobar |
The lowercase -g option refers to a primary group.
Let’s verify that the change was made:
1 2 | $ id foobar uid=1001(foobar) gid=33(www-data) groups=33(www-data) |
Now foobar has the www-data primary group context. So whenever a new file is created by this user, it will be assigned the www-data group by default.
Let’s undo this change before we continue:
1 | sudo usermod -g foobar foobar |
4. Add or Change Users in Secondary Groups: adduser and usermod -G
Now let’s add our foobar user to www-data as a secondary group. The easiest way to do this is via the adduser command:
1 | sudo adduser foobar www-data |
We can see the secondary group of this user was updated:
1 2 | $ id foobar uid=1001(foobar) gid=1001(foobar) groups=1001(foobar), 33(www-data) |
There is another way to achieve the same result as above using the usermod command:
1 | $ sudo usermod -G www-data foobar |
The uppercase -G option refers to a secondary or supplementary group. Now foobar will have access to the www-data group files, but new files created by that user will not have the www-data group label by default.
It’s also possible to add a user to several secondary groups at once using the usermodcommand:
1 | $ usermod -a -G group1, group2, group3 foobar |
The optional -a option makes sure the groups are added to the existing secondary groups of the user (if these exist). If this option is omitted, the user will be removed from any groups not listed after the “-G.”
5. Create or Delete a Group in Linux: groupadd and groupdel
Using the groupadd command, we can create a new group: group1.
1 2 | sudo groupadd group1 sudo adduser foobar group1 |
We can then remove group1 from the Linux system utilizing the groupdel command:
1 | sudo groupdel group1 |
This will also remove the memberships of any user related to this group.
User Administration in Linux (Other Commands and Articles to Try)
Let’s wrap up this article by referring to some of the other group commands in Linux:
- newgrp: log into a new group
- sg: execute a command as a different group ID
- groupmod: modify a group definition (e.g., the group ID, group name, or password)
- gpasswd: administer /etc/group and /etc/gshadow files (every group can have administrators, members, and a password)
- chown or chgrp: change individual or group ownership of a file or directory
Now you should be able to confidently configure users, groups, and their administrative info in Linux. Feel free to check out our article on changing file ownerships in Linux for more insights.
The following is cited and not my work. I make no money from posting such things. I just share with a few friends.
[1]S. Roberto, "Linux: Add User to Group (Primary/Secondary/New/Existing) - HostingAdvice.com", HostingAdvice.com, 2019. [Online]. Available: https://www.hostingadvice.com/how-to/linux-add-user-to-group/. [Accessed: 28- Jun- 2019].Let’s see how we can add new and existing users to primary and secondary groups in Linux. The standard Linux permission model makes use of users, groups, and file permissions (i.e., read, write, execute, and a sticky bit).