In Linux, users are put into groups to control access to various files and devices. In many cases, the user will have to be in multiple groups. Did you know that you can add the user to multiple groups at once?
How to add a single user to multiple groups: To add a user to more than one group at a time you can use usermod: “usermod -a -G groupname, anothergroup username”. The -a switch, in usermod syntax, is important. As it tells usermod not to overwrite current groups.
Here is an example if we were to add the user max to the sudo group and the lpadmin group:
usermod -a -G sudo,lpadmin max
Note that the user will have to log out and back in again if he or she is currently logged in.
Another less common method is to use the gpasswd command to add a user to a group. But the gpasswd command will only allow you to add to one group at a time.
gpasswd --add max sudo
Add a user to multiple groups when creating the user
You can also add a user to the groups he should belong to while creating the user. Just add the -G argument to the useradd command. In the following example, we will add the user max and add him to the sudo and lpadmin groups.
useradd -G sudo,lpadmin max
This will also add the user to his primary group. The primary group is usually named after the user. So in the example above, the user max will belong to two groups: max and sudo. If you want to override this behaviour, you can specify the primary group with the lower case -g argument.
useradd -g users -G sudo,lpadmin max
I have added some more commands below that can be useful when working with groups. Keep reading if you want to know more.
Not all groups are the same
When working with groups in Linux, it is important to note that the user will have two kinds of group assignments.
The primary group
The first type of group assignment is the primary group. This is the user’s main group. Every user must belong to one, and only one, primary group. This group is used as the default group of files that the user creates and is basically only meant for this user and users he wants to grant access to his files.
The primary group usually has the same name as the user. Like the user max, most likely has the primary group max. This is the most common configuration in Linux. Some systems, however, will have all regular users belong to some generic primary group like users and then have administrators belong to a generic admin group.
The second type of group is a secondary group. Every user can be assigned to multiple secondary groups. The secondary group can be another user’s group or a special group that gives users some particular permissions. One example of a secondary group is the sudo group in Ubuntu and many other distros. Users that are assigned to the sudo group are allowed to use the sudo command to execute commands as the root user.
In the command examples above, the upper case -G always refers to the secondary groups and a lower case -g refers to the primary group. If only the upper case -G is specified, the command will not have any effect on the primary group and vice versa.
List groups a user belongs to
Before you add a user to some groups it could be helpful to know what groups he is already a member of. The quickest method to list all groups a particular user is a member of is to use the groups command. Here we will list all groups the user max belongs to:
If I just want to quickly get a list of groups I myself belong to. I can enter the group command without any arguments. It will then assume that I want the groups of the currently logged in user.
You could also get this from the /etc/group file. This file contains all the groups that exist in your system. As well as their members. The get all the groups the user max belongs to, use grep to extract all mentions of max in the group file.
grep max /etc/group
List users in a group
What if you want it the other way around? To print all the users that are in some group.
One way would be to use grep as we did above. But instead of searching for the user, we now search for the group name. Like in this example, where we try to find which users belong to the sudo group.
grep sudo /etc/group
Some Linux distributions also include the groupmems utility. Groupmems is a tool to administrate groups on a system. Since it is not always included, I only mention it here as a second option:
sudo groupmems -g sudo -l
Remove a user from a group
Surprisingly, usermod does not have any option to remove a user from a group. It does have the option of overwriting the current group memberships a user has. This is not very convenient, since you would have to list all the groups a user has and then enter them again on the command line. In which case you just need to skip the -a argument in the usermod command.
It is a lot easier to use the gpasswd command. You simply use the “–del username” argument. Here we will remove the user max from the sudo group:
gpasswd --del max sudo
List all existing groups
If I wanted to see all the groups that exist on a system, I would simply look at the /etc/group file. Using the cat command, that is quite easy to do:
It is also possible to use the getent command:
This will show you some extra information like the group id (GID) and a list of members of the group. If you just want the group names, the cut command can remove all the extra information:
getent group | cut -d ':' -f 1
That’s it for now
Hopefully, you know have a solid understanding of how to add users to groups now.