Groups are the bread and butter of a Linux system. These are special lists that allow you to group multiple users into different categories. Along with securing your system’s application privileges, it allows you to finely control how each account in the system can access and share its files and folders.
This article shows how you can use the groups utility to add and modify existing groups in Linux. Further, it will also highlight how the Linux permissions system works in conjunction with the groups system.
How Do Groups and Permissions Work?
At its core, a Linux group is a collection of users that share the same permissions and privileges for a specific file or program. Every file in the system has a set of ownership and permission bits. One of the easiest ways to find this is to run ls -l
on your home directory.
That will list all the visible files and folders in the directory along with their ownership and permission bits. For the most part, the general format for this looks like:
-rwxrwxr-x 1 ramces maketecheasier 8.7k Oct 24 20:39 hello.txt
The first, third and fourth columns show both the permission and ownership bits of the current file. For example, the “rwxrwxr-x” valuetells the system that everyone can read this file, but only the user “ramces” and group “maketecheasier” can write to it.
These two bits work hand in hand to create a finely tuned access control system in Linux. The permission bits tell the system how a file can be used by the users and groups in the ownership bits.
Viewing the Group Memberships for a User in Linux
The first step to modify a group in Linux is to know which are available to a user to give you an idea of the active groups in the system.
Running the following command will list all the available groups for the current user:
id
Viewing the Available Groups in the System
Along with looking at user-specific groups, it is also possible to list every group in the system by running the following command:
sudo less /etc/group
This will print the entire “/etc/group” file in your terminal screen. Scroll through the file by pressing J or K.
By default, “/etc/group” is a colon-delimited file that contains both user and system-specific groups. Each line in thie file represents a currently active group in the machine.
The general format for each line looks like:
group-name:password:GID:users
- The group-name is the label for the group. In most cases, system groups start with an underscore to differentiate them from regular groups.
- The password is an optional field to create secure groups, which is useful if you are sharing the system with multiple people.
- GID is the Group ID for that particular group.
- Lastly, the users field is a comma-separated list that contains all the users that are part of that group.
Note: even if you are not in the root group, you can still open files as root. Learn how to do that.
Creating a New Group in Linux
To create a new group in Linux, use the groupadd
command. Unlike id
, this is a utility that only deals with group creation.
For example, I can run the following command to create a new group with the name “test.”
groupadd -v test
Creating a New User With a New Group
It is also possible to create both a new user and group in a single command, which is useful when you are setting up a shell scripting account with predetermined permissions.
To do this, run the following command:
sudo useradd -m -G maketecheasier -s /bin/bash test
- The –
m
flag tellsuseradd
to create the new user’s home directory, as, by default, Linux does not create a home directory for the “test” user. - The
-G
flag tellsuseradd
to create and add the “test” user to the “maketecheasier” group. - The
-s
flag sets the default login shell for the “test” user. In my case, I am telling theuseradd
utility to set the login shell for the “test” user to Bash.
Adding an Existing User to a New Group in Linux
Along with creating a group and its user, you can also add existing users to a group by running the following command:
sudo usermod -aG maketecheasier user
Adding Multiple Users to a New Group
Lastly, it is also possible to include multiple users to your new group. To do this, run the following command:
sudo gpasswd -M ramces,test maketecheasier
This will set the member roster for the “maketecheasier” group to include both “ramces” and “test.” However, it is important to note that the -M
flag always replaces the users value in the “/etc/group” file.
Appending new users to your group will also require you to include the users that are already in the group. For example, running the following command will append both “alice” and “bob” to the “maketecheasier” group:
sudo gpasswd -M ramces,test,alice,bob maketecheasier
Tip: learn how to switch to another user account with the sudo command.
Frequently Asked Questions
Is it possible to edit the /etc/group file to modify a group in Linux?
While it is possible to modify the “/etc/group” file, it can potentially ruin the file’s internal format, leading to systems with non-functional groups and missing permissions. As such, it is not a good practice to edit the “/etc/group” file directly.
My new group does not show up on my user's group list. Is my machine broken?
No! By default, the Linux groups system does not apply any changes that you make to online users. This approach protects these users from any sudden system changes that may prevent them from accessing a file or program.
To update your user’s group list, either log out from the current session or restart the entire machine.
Image credit: Unsplash. All alterations and screenshots by Ramces Red.
Our latest tutorials delivered straight to your inbox