Linux groups

about groups

Users can be listed in groups. Groups allow you to set permissions on the group level instead of having to set permissions for every individual user. Every Unix or Linux distribution will have a graphical tool to manage groups. Beginners should use this graphical tool. More experienced users can use command line tools to manage users, but be careful: Some distributions do not allow the mixed use of GUI and CLI tools to manage groups (YaST in Novell Suse). Senior administrators can edit the relevant files directly with vi or vigr.


Groups can be created with the groupadd command. The example below shows the creation of five (empty) groups.


Users can be a member of several groups. Group membership is defined by the /etc/group file.

The first field is the group's name. The second field is the group's (encrypted) password (can be empty). The third field is the group identification or GID. The fourth field is the list of members, these groups have no members.


Group membership can be modified with the useradd or usermod command.

Be careful when using usermod to add users to groups. By default, the usermod command will remove the user from every group of which he is a member if the group is not listed in the command! Using the -a (append) switch prevents this behavior.


You can permanently remove a group with the groupdel command.


You can permanently remove a group with the groupdel command.


A user can type the groups command to see a list of groups where the user belongs to.


The root user also called the superuser is the most powerful account on your Linux system. This user can do almost anything, including the creation of other users. The root user always has userid 0 (regardless of the name of the account).


You can delegate control of group membership to another user with the gpasswd command. In the example below we delegate permissions to add and remove group members to serena for the sports group. Then we su to serena and add harry to the sports group.

Group administrators do not have to be a member of the group. They can remove themselves from a group, but this does not influence their ability to add or remove members.

Information about group administrators is kept in the /etc/gshadow file.

To remove all group administrators from a group, use the gpasswd command to set an empty administrators list.


Similar to vipw, the vigr command can be used to manually edit the /etc/group file, since it will do proper locking of the file. Only experienced senior administrators should use vi or vigr to manage groups.

Exercise, Practice and Solution:

1. Create the groups tennis, football and sports.


groupadd tennis;
groupadd football; 
groupadd sports

2. In one command, make venus a member of tennis and sports.


usermod -a -G tennis,sports venus

3. Rename the football group to foot.


groupmod -n foot football

4. Use vi to add serena to the tennis group.


vi /etc/group

5. Use the id command to verify that serena is a member of tennis.


id (and after logoff logon serena should be member)

6. Make someone responsible for managing group membership of foot and sports. Test that it works.


gpasswd -A (to make manager)
gpasswd -a (to add member

Previous: Linux users
Next: Lnstallation Ubuntu Server

Follow us on Facebook and Twitter for latest update.