Managing Groups in Linux

Photo by Andrew Moca on Unsplash

Managing Groups in Linux

Linux group management is an essential part of Linux system administration, allowing us to organize users into groups with pre-set permissions for easier management of file permissions and system resources.

Types of Groups

There are 2 categories of groups in the Linux operating system:

  • Primary group - When a new user is created on Linux using the useradd command, a group with the same name as the username is also created, and the user is added as the group's sole member. This group is the user's primary group. A user has only one primary group at any given time.

  • Secondary (supplementary) groups - Additional groups are used to extend permissions and access rights of a user beyond what is provided by the primary group. For example, if users need access to a shared directory or need to execute tasks that require different group permissions, they can be added to the relevant secondary groups. Users can be members of multiple secondary groups.

Key Files for Group Management

  • /etc/group: This file is a critical configuration file that defines the groups to which users belong. It's a text file that contains one entry per line, each describing a group.

    The password field stores a password for the group. It is usually empty (represented by an x or *), indicating that the group password is not used. Group passwords are a deprecated feature for managing group membership and access.
  • /etc/gshadow: This file complements the /etc/group file by providing a secure way to store group passwords and manage group membership. Similar to /etc/group, it contains one entry per line for each group, but with a focus on security-sensitive information.

Other Common Groups

There are several common group names you might encounter in Linux:

  • sudo – A member of this group can use the sudo command to elevate their privileges

  • cdrom – Allows the user to mount the optical drive

  • adm – Allows the user to monitor Linux system logs

  • lpadmin – Allows the user to configure printers

  • plugdev – Allows the user to access external storage devices

Hands-on Exercise Overview

This hands-on shows:

  • how to add, delete, and modify groups;

  • how to add users to and remove from the existing groups.

Hands-on Exercise

  1. To find out which groups a user is a member of, run:


  2. To find out which groups another user is a member of, run:

     groups username

  3. To create a new group in Linux, run:

     sudo groupadd groupname
  4. To confirm the new group is in the Linux /etc/group file:

     getent group groupname
    • getent: The command used to retrieve entries from databases configured in the system.

    • group: This specifies the database to query. In this case, group refers to the group database, which contains information about the groups on the system.

    • groupname: This is the name of the group you want to query.

When you create a new group, it’s a normal group with GID higher than 1000. You can also create a system group that automatically takes a group ID between SYS_GID_MIN and SYS_GID_MAX as defined in /etc/login.defs.
  1. To create a system group, run

     sudo groupadd -r groupname
    System groups are created for system purposes, such as running system services or daemon processes. They help in managing permissions and access rights for system processes and files.

  2. To modify a group name, use the groupmod command:

     sudo groupmod -n new-name old-name

  3. To add a user to an existing group while keeping them in their current groups, use the usermod command with the -a (append) and -G (groups) options:

     sudo usermod -aG groupname username

    Confirm if the user has been added by using the groups command.

  4. An alternative for adding the user to an existing group is using the gpasswd command:

     sudo gpasswd -a username groupname
    • gpasswd - a command used for managing /etc/group and /etc/gshadow group files. It allows administrators to modify group passwords and memberships, including adding or removing users from groups and setting or changing group passwords.

    • -a: Option that stands for "add", indicating that you want to add a user to a group.

After adding the current user to the specific group, that user must log in and log out for the changes to take effect.
  1. To remove a user from a specific group, use gpasswd command with -d option:

     sudo gpasswd -d username groupname

  2. To delete a group, use the groupdel command:

    sudo groupdel groupname

When a new file is created, the file will be created with the permissions that will include ownership of the primary group.


  1. Linux Crash Course - Managing Groups

  2. User Management in Linux by phoenixNAP

  3. Create New Groups in Linux With Groupadd Command

  4. Linux sudo command explained

  5. How to Add a User to a Linux Group