Linux Groups

Linux Groups are the collection of some Linux users. As above the user, it gives common permissions to the user. Different users which belong to a group has same group permissions. So how can we manage different Linux groups? How to add a new group in Linux? How to assign a user to a group? How to list existing Linux groups? In this lesson of Linux Course, we will answer these questions one by one.

 

Before going deeply on groups, let’s start with the types of groups. There are two types of groups in Linux. These are:

  • Primary Group
  • Secondary Group

 

Primary Groups is the group which is assigned to the user created files. Every user must have a primary group and this is generally the group which has the same name with user. For example, is your user is john, then your primary group is john also. But this can be changed. Primary groups are stored in /etc/passwd file like users.

 

Secondary group is the groups that are different than the primary group. There can be multiple secondary groups of a user. Or a user can have no secondary group. Secondary groups are stored in /etc/group file.

 


You can check Linux Cheat Sheet for useful other Linux Commands


Creating Linux Groups / Removing Linux Groups

Adding a New Group: Linux groupadd Command

To create a Linux group, we will use groupadd command. With this command, we will add a new group to Linux system. We can use this command with the name of the group to create a group. Here, we will add ipciscoLinux and ipciscoLinuxxx groups.

root@kali:/home/kali# groupadd ipciscoLinux

root@kali:/home/kali# groupadd ipciscoLinuxxx

 

Let’s list last five groups of all the groups with tail command. We will see our new two groups, ipciscoLinux and ipciscoLinuxxx.

root@kali:/home/kali# tail -5 /etc/group

ipciscoPython:x:1005:gokhan

gokhan:x:1006:

arwen:x:1007:

ipciscoLinux:x:1008:

ipciscoLinuxxx:x:1009:

 

Deleting Existing Groups

We can remove a linux group from the system with groupdel command. To delete a group, we will use groupdel command with the name of the group.

 

Let’s delete one of the groups above. We will delete ipciscoLinuxxx group.

 

root@kali:/home/kali# groupdel ipciscoLinuxxx

And let’s list last five groups of all the groups with tail command.

 

root@kali:/home/kali# tail -5 /etc/group

ipciscoNetwork:x:1004:gokhan,arwen

ipciscoPython:x:1005:gokhan

gokhan:x:1006:

arwen:x:1007:

ipciscoLinux:x:1008:

 

Users and Groups

Adding Groups to Users: usermod command

In Linux, to add a group to a user, we will use linux usermod command. With linux usermod command, we can add primary and secondary groups to a user. We can add one primary group as we have mentined above and multiple secondary groups separated with commas after this command. Here, the key point is using -g and -G options. -g option is used to assign a primary group to a user and -G is used to assign secondary groups to a user.

 

Let’s first see a user’s groups. To do this, we will use groups command with the username.  

 

Here, gokhan’s primary group is also gokhan  as you can see below:

 

root@kali:/home/kali# groups gokhan

gokhan : gokhan ipcisco ipciscoNetwork ipciscoPython

 

Now, let’s change it with ipcisco. And after this command, new primary group will be ipcisco and group gokhan will be removed under user gokhan.

 

root@kali:/home/kali# usermod -g ipcisco gokhan

root@kali:/home/kali# groups gokhan

gokhan : ipcisco ipciscoNetwork ipciscoPython

 

As you can see, user gokhan has one primary and two secondary groups. Now, let’s add another secondary group to this user. And this new secondary group is ipciscoLinux. Here, there is two points, one of them is using -a option for adding this group, not override other secondary groups. And the other is using capital G (-G) option to add secondary group. If we do not use -a option, we have to add all the secondary groups with the new one. This is not feasible.

 

root@kali:/home/kali# usermod -a -G ipciscoLinux gokhan

 

This command will add user gokhan also under ipciscoLinux group, withour removing other secondary groups.

 

root@kali:/home/kali# groups gokhan

gokhan : ipcisco ipciscoNetwork ipciscoPython ipciscoLinux

 

We can use both -g and -G options to change primary and secondary groups of a user together.

 

Let’s use usermod -G command without -a and see what happens.

 

root@kali:/home/kali# usermod -G ipciscoLinux gokhan

As you can see bellow, all secondary groups are removed, because we override new secondary group over others.

root@kali:/home/kali# groups gokhan

gokhan : ipcisco ipciscoLinux

Now, let’s add our secondary groups again and see how to add multiple secondary groups.

root@kali:/home/kali# usermod -G ipciscoLinux,ipciscoNetwork,ipciscoPython gokhan

root@kali:/home/kali# groups gokhan

gokhan : ipcisco ipciscoNetwork ipciscoPython ipciscoLinux

 


 

Listing Linux Groups

/etc/passwd and /etc/group files

As we have mentioned above, primary groups are stored in /etc/passwd file and secondary groups are stored in /etc/group file. With cat, less or tail commands, we can open these files and list linux groups.

 

root@kali:/home/kali# cat /etc/passwd

root:x:0:0:root:/root:/bin/bash

daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin

bin:x:2:2:bin:/bin:/usr/sbin/nologin

sys:x:3:3:sys:/dev:/usr/sbin/nologin

sync:x:4:65534:sync:/bin:/bin/sync

games:x:5:60:games:/usr/games:/usr/sbin/nologin

man:x:6:12:man:/var/cache/man:/usr/sbin/nologin

lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin

…

 

root@kali:/home/kali# cat /etc/group

root:x:0:gokhan

daemon:x:1:

bin:x:2:

sys:x:3:

adm:x:4:

mail:x:8:

news:x:9:

uucp:x:10:

…

 


 

Linux groups command

Linux groups command is an important command for group listing in Linux. With this command, we can list current user’s groups or a specific user’s groups. So, how can we use Linux groups command?

 

If we use groups command without any option, it shows the current user’s groups.

 

root@kali:/home/kali# groups

root

 

If we use groups command with a specific user, then it gives the users with its groups only. This is listing groups of a user.

 

root@kali:/home/kali# groups gokhan

gokhan : gokhan ipcisco ipciscoLinux ipciscoNetwork ipciscoPython

 


 

Linux getent command

Linux getent command is another way to list all Linux groups. To do this, we will use getent command like below:

 

root@kali:/home/kali# getent group

root:x:0:

daemon:x:1:

bin:x:2:

sys:x:3:

adm:x:4:

tty:x:5:

disk:x:6:

lp:x:7:

mail:x:8:

news:x:9:

…

 

If you would like to list only the names of the groups, then you can use the below commands:

 

root@kali:/home/kali# getent group | awk -F: '{ print $1}'

root

daemon

bin

sys

adm

tty

disk

lp

mail

news

…

 

root@kali:/home/kali# getent group | cut -d: -f1

root

daemon

bin

sys

adm

tty

disk

lp

mail

news

…

 


 

Listing with compgen command

We can list linux groupsn with also compgen command. We can use compgen command with -g option to list groups.

root@kali:/home/kali# compgen -g

 

To check only latest created groups, we can use this command with tail command. This is more practical. You can find an example below.

 

root@kali:/home/kali# compgen -g | tail -5

 


 

Listing Members of a Group

To list the members of a group, we will use getent command with the name of the group. For example, if we would like to list the users under ipciscoNetwork group, we will use the below command:

 

root@kali:/home/kali# getent group ipciscoNetwork

ipciscoNetwork:x:1004:gokhan,arwen

 

As you can see here, gokhan and arwen are in the IPCiscoNetwork group.

 

Back to: Kali Linux Course

Leave a Reply

Your email address will not be published. Required fields are marked *