Linux group management is an essential part of Linux system administration, allowing us to organize users into groups with pre-set permissions for easier management of file permissions and system resources.
Types of Groups
There are 2 categories of groups in the Linux operating system:
Primary group - When a new user is created on Linux using the
useraddcommand, a group with the same name as the username is also created, and the user is added as the group's sole member. This group is the user's primary group. A user has only one primary group at any given time.Secondary (supplementary) groups - Additional groups are used to extend permissions and access rights of a user beyond what is provided by the primary group. For example, if users need access to a shared directory or need to execute tasks that require different group permissions, they can be added to the relevant secondary groups. Users can be members of multiple secondary groups.
Key Files for Group Management
/etc/group: This file is a critical configuration file that defines the groups to which users belong. It's a text file that contains one entry per line, each describing a group.
π‘The password field stores a password for the group. It is usually empty (represented by anxor*), indicating that the group password is not used. Group passwords are a deprecated feature for managing group membership and access./etc/gshadow: This file complements the/etc/groupfile by providing a secure way to store group passwords and manage group membership. Similar to/etc/group, it contains one entry per line for each group, but with a focus on security-sensitive information.
Other Common Groups
There are several common group names you might encounter in Linux:
sudo β A member of this group can use the sudo command to elevate their privileges
cdrom β Allows the user to mount the optical drive
adm β Allows the user to monitor Linux system logs
lpadmin β Allows the user to configure printers
plugdev β Allows the user to access external storage devices
Hands-on Exercise Overview
This hands-on shows:
how to add, delete, and modify groups;
how to add users to and remove from the existing groups.
Hands-on Exercise
To find out which groups a user is a member of, run:
groups
To find out which groups another user is a member of, run:
groups username
To create a new group in Linux, run:
sudo groupadd groupnameTo confirm the new group is in the Linux /etc/group file:
getent group groupnamegetent: The command used to retrieve entries from databases configured in the system.group: This specifies the database to query. In this case,grouprefers to the group database, which contains information about the groups on the system.groupname: This is the name of the group you want to query.
/etc/login.defs.To create a system group, run
sudo groupadd -r groupnameπ‘System groups are created for system purposes, such as running system services or daemon processes. They help in managing permissions and access rights for system processes and files.
To modify a group name, use the
groupmodcommand:sudo groupmod -n new-name old-name
To add a user to an existing group while keeping them in their current groups, use the
usermodcommand with the-a(append) and-G(groups) options:sudo usermod -aG groupname usernameConfirm if the user has been added by using the
groupscommand.
An alternative for adding the user to an existing group is using the
gpasswdcommand:sudo gpasswd -a username groupnamegpasswd- a command used for managing/etc/groupand/etc/gshadowgroup files. It allows administrators to modify group passwords and memberships, including adding or removing users from groups and setting or changing group passwords.-a: Option that stands for "add", indicating that you want to add a user to a group.
To remove a user from a specific group, use
gpasswdcommand with-doption:sudo gpasswd -d username groupname
To delete a group, use the
groupdelcommand:sudo groupdel groupname