In this article I will cover the below topics and share multiple practical examples cover these scenarios
- Different types of group in Linux
- Add user to group (single)
- Add user to multiple groups
- Change primary group of the user
- Remove user from group
So when you say Linux add user to group, which group do you mean? There are two types of group in Linux
- Primary Group
- Supplementary or Secondary Group
Difference between Primary vs Supplementary Group
Primary group:
- The group that is listed in the group membership field for a user in
/etc/passwd
.
deepak:x:1000:1000::/home/deepak:/bin/bash
For example here deepak
is part of primary group with GID 1000
i.e. deepak
(so primary group name is same as loginname)
# grep 1000 /etc/group
deepak:x:1000:
- When we create user using
useradd
, depending upon USERGROUPS_ENAB variable in/etc/login.defs
a primary group is created/assigned to user. If this variable is set to yes, a group will be created for the user, with the same name as herloginname
. If the variable is set to no,useradd
will set the primary group of the new user to the value specified by the GROUP variable in/etc/default/useradd
, or 100 by default - On Linux, every file and directory has a user owner and a group owner. Group ownership is set when files are created, and unless configured otherwise, it is set to the primary group of the user who creates the file.
- A user at a time can be part of only one primary group.
Supplementary (or Secondary) Group:
- A user can be part of multiple supplementary group
- A group that a user is a member of but which membership is not defined in the
/etc/passwd
file. - When creating new files, the supplementary group will not automatically become the owner of those files.
1. Create a new user and add to existing primary group
- By default when we create a new user, a new primary group is created by the same name as of the user.
- But we can also use
useradd
to create a user and add this user to any existing group - So this group will not become the primary group of your new user
In this example I will create a new group "admin
"
# groupadd admin
Verify the group exists
# getent group admin
admin:x:1003:
Next I will create a new user "user1
" and add this user to "admin
" group using useradd -g <primary_group> <user_name>
# useradd -g admin user1
Verify the primary group of user1
# id user1
uid=1003(user1) gid=1003(admin) groups=1003(admin)
2. Create a new user and add to existing supplementary group
We want to create a new user and add him/her to supplementary group (please NOTE, we will add the user to supplementary group and not the primary group here)
I have below list of groups on my Linux server
# egrep 'admin|devops|qa_team' /etc/group admin:x:1003: devops:x:1004: qa_team:x:1005:
I will create a new user "user2
" and add this user to all these supplementary groups using useradd -G <sec_group1>,<sec_group2>,<sec_group3>.. <user_name>
# useradd -G admin,devops,qa_team user2
Verify the supplementary groups.
Please NOTE that since we did not specified primary group using -g
, a new group user2
is created and assigned as primary group to the user
# id user2
uid=1003(user2) gid=1006(user2) groups=1006(user2),1003(admin),1004(devops),1005(qa_team)
3. Create a new user and add to existing primary and supplementary group
Now we will combine both the above arguments i.e. -g
to add primary_group
and -G
to add supplementary_group
In this example i will create user3
with primary_group
as admin
and with supplementary_group
of devops
and qa_team
# useradd -g admin -G devops,qa_team user3
Verify the new user group details
# id user3 uid=1003(user3) gid=1003(admin) groups=1003(admin),1004(devops),1005(qa_team)
4. Change primary group of existing user
I have a user who is currently added to his own primary group
# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4)
I will change the primary group of this user to admin using usermod
# usermod -g admin user4
Verify the new primary group for user4
# id user4
uid=1004(user4) gid=1003(admin) groups=1003(admin)
5. Add user to Group (Supplementary or Secondary) using usermod
- To add user to group we can use use
usermod
orgpasswd
command - We can add user to supplementary groups only
- In this example I will add
user4
todevops
supplementary group
Syntax to add user to group: usermod -G <sec_group> <user_name>
# usermod -G devops user4
Verify the user details
# id user4
uid=1004(user4) gid=1003(admin) groups=1003(admin),1004(devops)
6. Add user to multiple groups (Supplementary or Secondary) using usermod
We can also add user to multiple supplementary groups using syntax usermod -G <sec_group1>,<sec_group2>,<sec_group3>.. <user_name>
In this example I will add user4
to multiple supplementary groups (devops
and qa_team
)
# usermod -G devops,qa_team user4
Verify the user details
# id user4 uid=1004(user4) gid=1003(admin) groups=1003(admin),1004(devops),1005(qa_team)
7. Add user to Group (Supplementary or Secondary) using gpasswd
- Similar to
usermod
we can also usergpasswd
to add user to group - The syntax to add user to group is
gpasswd -M <user_name> <group_name>
In this example I will add user4
to devops
as supplementary group
# gpasswd -M user4 devops
Verify the user details
# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4),1004(devops)
Alternatively you can also user gpasswd -a <user_name> <group_name>
In this example I will add user4
to qa_team
as supplementary group
# gpasswd -a user4 qa_team Adding user user4 to group qa_team
Verify the user details
# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4),1005(qa_team)
8. Add multiple users to same group
We need to user gpasswd
to add multiple users to same group
Currently I already have admin
group which does not contain any users at the moment
# egrep admin /etc/group
admin:x:1003:
The syntax to add multiple users to single group would be gpasswd -M <user_name1>,<user_name2>,<user_name3>.. <group_name>
In this example I will add my existing users i.e. user1
, user2
and user3
to admin as supplementary group
# gpasswd -M user1,user2,user3 admin
Verify the admin group details
# egrep admin /etc/group
admin:x:1003:user1,user2,user3
9. Remove user from Group (Supplementary or Secondary)
Currently my user4
is part of three different supplementary groups
# id user4 uid=1004(user4) gid=1006(user4) groups=1006(user4),1003(admin),1004(devops),1005(qa_team)
gpasswd
is the best tool to remove user4
from qa_team
group
# gpasswd -d user4 qa_team Removing user user4 from group qa_team
We can also use usermod
command to remove user from group. The problem with usermod
is that you must define the complete list of supplementary group which the user is part of and only remove the group which you wat to remove the user from.
For example, my user4
is part of devops
,admin
and qa_team
. So to remove user4
from qa_team
we will re-add user to group devops
and admin
(not to qa_team
)
# usermod -G devops,admin user4
Verify the user details
# id user4 uid=1004(user4) gid=1006(user4) groups=1006(user4),1003(admin),1004(devops)
I would recommend using gpasswd
to remove user from group
10. Remove multiple users from supplementary group
There is no single command to remove multiple users from single group but we can use a small script
Currently I have admin
which has three users
# egrep admin /etc/group
admin:x:1003:user1,user2,user3
I will write a small script to remove all the 3 users from admin group
11. Remove user from all Groups (Supplementary or Secondary)
- We can use
gpasswd
to remove user from group - But if a user is part of multiple groups then you need to execute
gpasswd
multiple times - Or write a script to remove user from all the supplementary groups
- Alternatively we can use
usermod -G "" <user_name>
Currently my user4
is part of multiple supplementary groups
# groups user4
user4 : user4 admin devops qa_team
To remove user from all supplementary groups, use:
# usermod -G "" user4
Verify the user details
# id user4 uid=1004(user4) gid=1006(user4) groups=1006(user4)
or use:
# groups user4 user4 : user4
Lastly I hope the steps from the article to add user to group, remove user from group and difference between primary group and supplementary group on Linux was helpful. So, let me know your suggestions and feedback using the comment section.
References:
10 practical examples to use USERADD command in linux
man page of useradd
man page of usermod
man page of gpasswd