Introduction
In Linux, a group serves as a collective unit for managing privileges across multiple users simultaneously. Essentially, it enables streamlined management of permissions for multiple users. By utilizing Linux groups, administrators can efficiently oversee and regulate access rights for various users.
This tutorial will elucidate the functioning of user groups in Linux, detailing the process of adding users to particular groups.
Prerequisites
To operate the commands, you’ll need three things:
- A Linux Environment: This refers to your operating system. Linux is the kernel upon which various operating systems are built. It provides the core functionality of your system. So, ensure you’re running a Linux-based operating system.
- A User Account with Elevated Privileges: To execute certain commands that affect system-wide settings or files, you’ll need elevated privileges. This typically means having either sudo (superuser do) access or root privileges. Sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. Root privileges give you unrestricted access to the entire system.
- Access to a Terminal Window or Command Line: This is your gateway to interacting with the system through text commands. You can open a terminal window or command line interface by pressing specific key combinations like Ctrl-Alt-T or Ctrl-Alt-F2, depending on your system configuration. Once you have access to the terminal, you can input commands to carry out various tasks or configurations on your Linux system.
What is a User Group in Linux
In Linux, users fulfill various roles or duties. For instance, some users require the capability to run applications, whereas others must be restricted from accessing certain files and directories.
Groups facilitate the creation of user categories with predefined permissions. Rather than individually configuring permissions for each user, you can streamline the process by assigning users to relevant groups, thereby granting them the necessary permissions.
Primary Group
The primary group, designated for the logged-in user, serves as the default association for any files they generate. This ensures that all files created by the user are automatically placed within this group. Notably, a user can be affiliated with only one primary group concurrently. Upon user creation, a primary group bearing the same name as the user is established, facilitating seamless inclusion of their files within that group.
Secondary Groups
A user has the flexibility to be part of multiple secondary groups, or even none at all. Secondary groups serve the purpose of organizing individual files and software applications efficiently. When a user is part of a group, they automatically gain access to the read, write, and execute permissions assigned to that specific group.
How to Create a User Group
1. To create a new group, enter the following:
sudo groupadd new_group
2. Replace new_group
with the name you want for your new group.
How to Add User to Group
Add an Existing User to an Existing Group
1. Use the adduser
command to add a user to a group:
sudo adduser user_name new_group
2. Use the useradd
command to add a user:
sudo useradd –G new_group user_name
3. You can also use the usermod
command to add a user to a group:
sudo usermod –a –G group_name user_name
The usermod
command uses the –append
and –group
options to append the user to a particular group. Without using –append
, the user could be dropped from other groups.
Add a User to Multiple Groups at Once
Use the usermod command to specify multiple groups to add to:
sudo usermod –a –G new_group,new_group2,new_group3 user_name
Create a User and Add to Group
1. This is useful for creating a new user on the fly for a specific software application. Enter the following:
sudo useradd –G new_group new_user
2. Next, assign a password to the new user:
sudo passwd new_user
Change a Users Primary Group
All preceding instructions have been employed for the administration of the secondary groups associated with a user. Typically, a user’s primary group aligns with their username.
To change a users primary group, enter the command:
sudo usermod –g new_group user_name
The lower-case –g
specifies the primary group. (Upper-case –G
refers to a secondary group.) A user can only have one primary group, so the old primary group user_name won’t be primary anymore for this user.
How to Remove a User From a Group
The gpasswd
tool is used for managing groups. To remove a user from a group:
sudo gpasswd –d user_name new_group
Delete a Group
To delete a group, use the command:
sudo groupdel new_group
How to List Groups in Linux
Linux includes various default groups, each serving distinct purposes. For instance, the sudo group facilitates permission delegation, while certain groups remain concealed, designated for system-level operations.
1. To view a list of groups on your system by displaying the /etc/groups file:
sudo nano /etc/groups
2. To display the groups that a user belongs to with the groups
command:
groups
3. The visual representation above illustrates the group memberships of the currently logged-in user, ‘sofija’. To view the groups associated with another user, simply specify their username.
groups other_user
4. The “id” command is a Unix/Linux utility that displays user and group information for the current user or a specified user. When executed without any arguments, it displays information about the current user, including their UID (user identifier), GID (primary group identifier), and supplementary group IDs. This information can be useful for system administrators and users to understand the user’s permissions and access levels within the system.
id user_name
Other Common Groups
There are a several common group names you might encounter in Linux:
- sudo: A user in this group can utilize the
sudo
command to escalate their privileges, enabling them to execute administrative tasks. - wheel: This group offers a traditional approach to granting privileges akin to
sudo
. Members of this group can also elevate their permissions for administrative actions. - cdrom: Members of this group are authorized to mount optical drives, enabling them to access and utilize optical media.
- adm: This group provides users with the ability to monitor Linux system logs, facilitating system analysis and troubleshooting.
- lpadmin: Users in this group possess the authority to configure printers, managing printer settings and configurations on the system.
- plugdev: Members of this group are granted access to external storage devices, allowing them to interact with and utilize external storage mediums seamlessly.
Conclusion
By now, you should grasp the concept of Linux groups and how to include or exclude members from them. If you need further clarification on particular commands, simply type “man” followed by the command into your terminal window to access its manual page.