All technological notes.
Group
Groups are a fundamental part of Linux’s permission model, helping manage access efficiently.Every user is in at least one group - Primary Group
Primary Group
usermod command.Secondary Groups
Group ID (GID)
Group ID (GID).1000 are reserved for system groups./etc/groupgroup_name:x:group_id:member1,member2
-rw-r--r--. 1 root root 1054 Nov 19 16:37 /etc/group
/etc/gshadowgroup_name:encrypted_password:group_admins:group_members
group_name
encrypted_password
! or *:
Empty field (::):
group_admins
group_members
----------. 1 root root 850 Nov 19 16:37 /etc/gshadow
| Command | Desc |
|---|---|
groups |
show the groups the current user is in |
id -Gn |
show the groups the current user is in |
groups user_name |
show the groups a specific user is in |
id user_name -Gn |
show the groups a specific user is in |
| CMD | DESC |
|---|---|
groupadd g_name |
create a new group |
groupadd g_name -g GID |
create a new group and specify a gid |
groupadd g_name -g GID -o |
create a new group and specify a duplicate gid |
groupadd g_name -r |
create a system group below 1000 |
/etc/groupsu -
groupadd -g 5000 linuxadmin
groupadd -o -g 5000 dba
# confirm
tail -2 /etc/group
# linuxadmin:x:5000:
# dba:x:5000:
# add user
usermod -aG dba user100
# confirm
id user100
# uid=1003(user100) gid=1003(user100) groups=1003(user100),5000(linuxadmin)
groups user100
# user100 : user100 linuxadmin
grep dba /etc/group
# dba:x:5000:user100
| CMD | DESC |
|---|---|
groupmod g_name -n new_name |
Modify group’s name |
groupmod g_name -g GID |
Modify group’s GID |
groupmod g_name -g GID -o |
Modify group’s GID with a duplicate gid |
updates /etc/group
Example
# Create a new user
useradd testuser
# Create a New Group
groupadd testgroup
# Change a User's Primary Group
usermod testuser -g testgroup
# Add a User to a Group
usermod testuser -aG testgroup,wheel
groupmod -n sysadm linuxadmin
groupmod -g 6000 sysadm
# confirm
grep sysadm /etc/group
# sysadm:x:6000:
# remove group
groupdel sysadm
grep sysadm /etc/group
| CMD | DESC |
|---|---|
gpasswd group_name |
Set or Change a Group Password |
gpasswd group_name -r |
Remove a Group Password |
gpasswd group_name -A admin_user |
Add a Group Administrator |
gpasswd group_name -a username |
Add a Member to a Group |
gpasswd group_name -M user1,user2 |
Add a list of member to a Group |
gpasswd group_name -d username |
Remove a Member from a Group |
Prompts for a new group password and updates /etc/gshadow.
Example
su -
# create users
useradd dev_admin
useradd dev1
useradd dev2
# set password for admin
passwd dev_admin
# create group
groupadd dev_group -g 3001
# Set group password
gpasswd dev_group
# add admin adn members
gpasswd dev_group -A dev_admin
gpasswd dev_group -a dev1
gpasswd dev_group -M root,rheladmin
# verify
tail /etc/group | grep dev_group
# dev_group:x:3001:root,rheladmin
tail /etc/gshadow | grep dev_group
# dev_group:$6$FRBtW/S9e$z8Xp7BKwwjBmv9pyIDfS.2cmwM9qNuO90sEfZe3nK9IeSOKZ2meY7mu9twHSRXcjrwlDvd7hkjlpfVUPHoIUZ/:dev_admin:root,rheladmin
su - dev_admin
# add user to group as admin
gpasswd dev_group -a dev2
# Adding user dev2 to group dev_group
gpasswd dev_group
| CMD | DESC |
|---|---|
groupdel g_name |
Delete a new group |
| CMD | DESC |
|---|---|
groups |
List Current logged-in user’s group |
groups username |
List group for a specific user |