10 practical examples to add or remove user from group in Linux

In this article I will cover the below topics and share multiple practical examples cover these scenarios

  • Different types of group in Linux
  • Add user to group (single)
  • Add user to multiple groups
  • Change primary group of the user
  • Remove user from group

So when you say Linux add user to group, which group do you mean? There are two types of group in Linux

  • Primary Group
  • Supplementary or Secondary Group

 

Difference between Primary vs Supplementary Group

Linux add user to group or remove user from group

Primary group: 

deepak:x:1000:1000::/home/deepak:/bin/bash

For example here deepak is part of primary group with GID 1000 i.e. deepak (so primary group name is same as loginname)

# grep 1000 /etc/group
deepak:x:1000:
  • When we create user using useradd, depending upon USERGROUPS_ENAB variable in /etc/login.defs a primary group is created/assigned to user. If this variable is set to yes, a group will be created for the user, with the same name as her loginname. If the variable is set to no, useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd, or 100 by default
  • On Linux, every file and directory has a user owner and a group owner. Group ownership is set when files are created, and unless configured otherwise, it is set to the primary group of the user who creates the file.
  • A user at a time can be part of only one primary group.

 

Supplementary (or Secondary) Group:

  • A user can be part of multiple supplementary group
  • A group that a user is a member of but which membership is not defined in the /etc/passwd file.
  • When creating new files, the supplementary group will not automatically become the owner of those files.

 

1. Create a new user and add to existing primary group

  • By default when we create a new user, a new primary group is created by the same name as of the user.
  • But we can also use useradd to create a user and add this user to any existing group
  • So this group will not become the primary group of your new user

In this example I will create a new group "admin"

# groupadd admin

Verify the group exists

# getent group admin
admin:x:1003:

Next I will create a new user "user1" and add this user to "admin" group using useradd -g <primary_group> <user_name>

# useradd -g admin user1

Verify the primary group of user1

# id user1
uid=1003(user1) gid=1003(admin) groups=1003(admin)

 

2. Create a new user and add to existing supplementary group

We want to create a new user and add him/her to supplementary group (please NOTE, we will add the user to supplementary group and not the primary group here)

I have below list of groups on my Linux server

# egrep 'admin|devops|qa_team' /etc/group
admin:x:1003:
devops:x:1004:
qa_team:x:1005:

I will create a new user "user2" and add this user to all these supplementary groups using useradd -G <sec_group1>,<sec_group2>,<sec_group3>.. <user_name>

# useradd -G admin,devops,qa_team user2

Verify the supplementary groups.

Please NOTE that since we did not specified primary group using -g, a new group user2 is created and assigned as primary group to the user

# id user2
uid=1003(user2) gid=1006(user2) groups=1006(user2),1003(admin),1004(devops),1005(qa_team)

 

3. Create a new user and add to existing primary and supplementary group

Now we will combine both the above arguments i.e. -g to add primary_group and -G to add supplementary_group
In this example i will create user3 with primary_group as admin and with supplementary_group of devops and qa_team

# useradd -g admin -G devops,qa_team user3

Verify the new user group details

# id user3
uid=1003(user3) gid=1003(admin) groups=1003(admin),1004(devops),1005(qa_team)

 

4. Change primary group of existing user

I have a user who is currently added to his own primary group

# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4)

I will change the primary group of this user to admin using usermod

# usermod -g admin user4

Verify the new primary group for user4

# id user4
uid=1004(user4) gid=1003(admin) groups=1003(admin)

 

5. Add user to Group (Supplementary or Secondary) using usermod

  • To add user to group we can use use usermod or gpasswd command
  • We can add user to supplementary groups only
  • In this example I will add user4 to devops supplementary group

Syntax to add user to group: usermod -G <sec_group> <user_name>

# usermod -G devops user4

Verify the user details

# id user4
uid=1004(user4) gid=1003(admin) groups=1003(admin),1004(devops)

 

6. Add user to multiple groups (Supplementary or Secondary) using usermod

We can also add user to multiple supplementary groups using syntax usermod -G <sec_group1>,<sec_group2>,<sec_group3>.. <user_name>
In this example I will add user4 to multiple supplementary groups (devops and qa_team)

# usermod -G devops,qa_team user4

Verify the user details

# id user4
uid=1004(user4) gid=1003(admin) groups=1003(admin),1004(devops),1005(qa_team)

 

7. Add user to Group (Supplementary or Secondary) using gpasswd

  • Similar to usermod we can also user gpasswd to add user to group
  • The syntax to add user to group is gpasswd -M <user_name> <group_name>

In this example I will add user4 to devops as supplementary group

# gpasswd -M user4 devops

Verify the user details

# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4),1004(devops)

Alternatively you can also user gpasswd -a <user_name> <group_name>

In this example I will add user4 to qa_team as supplementary group

# gpasswd -a user4 qa_team
Adding user user4 to group qa_team

Verify the user details

# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4),1005(qa_team)

 

8. Add multiple users to same group

We need to user gpasswd to add multiple users to same group
Currently I already have admin group which does not contain any users at the moment

# egrep admin /etc/group
admin:x:1003:

The syntax to add multiple users to single group would be gpasswd -M <user_name1>,<user_name2>,<user_name3>.. <group_name>

In this example I will add my existing users i.e. user1, user2 and user3 to admin as supplementary group

# gpasswd -M user1,user2,user3 admin

Verify the admin group details

# egrep admin /etc/group
admin:x:1003:user1,user2,user3

 

9. Remove user from Group (Supplementary or Secondary)

Currently my user4 is part of three different supplementary groups

# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4),1003(admin),1004(devops),1005(qa_team)

gpasswd is the best tool to remove user4 from qa_team group

# gpasswd -d user4 qa_team
Removing user user4 from group qa_team

We can also use usermod command to remove user from group. The problem with usermod is that you must define the complete list of supplementary group which the user is part of and only remove the group which you wat to remove the user from.

For example, my user4 is part of devops,admin and qa_team. So to remove user4 from qa_team we will re-add user to group devops and admin (not to qa_team)

# usermod -G devops,admin user4

Verify the user details

# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4),1003(admin),1004(devops)

I would recommend using gpasswd to remove user from group

 

10. Remove multiple users from supplementary group

There is no single command to remove multiple users from single group but we can use a small script
Currently I have admin which has three users

# egrep admin /etc/group
admin:x:1003:user1,user2,user3

I will write a small script to remove all the 3 users from admin group

remove user from group
remove multiple users from same group

 

11. Remove user from all Groups (Supplementary or Secondary)

  • We can use gpasswd to remove user from group
  • But if a user is part of multiple groups then you need to execute gpasswd multiple times
  • Or write a script to remove user from all the supplementary groups
  • Alternatively we can use usermod -G "" <user_name>

Currently my user4 is part of multiple supplementary groups

# groups user4
user4 : user4 admin devops qa_team

To remove user from all supplementary groups, use:

# usermod -G "" user4

Verify the user details

# id user4
uid=1004(user4) gid=1006(user4) groups=1006(user4)

or use:

# groups user4
user4 : user4

 

Lastly I hope the steps from the article to add user to group, remove user from group and difference between primary group and supplementary group on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

 

References:
10 practical examples to use USERADD command in linux
man page of useradd
man page of usermod
man page of gpasswd

Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.