Groups in Linux refer to the user groups. In Linux, there can be many users of a single system, (normal user can take uid from 1000 to 60000, and one root user (uid 0) and 999 system users (uid 1 to 999)). In a scenario where there are many users, there might be some privileges that some users have and some don’t, and it becomes difficult to manage all the permissions at the individual user level. So using groups, we can group together a number of users, and set privileges and permissions for the entire group.
groupadd command is used to create a new user group.
Usage: groupadd [options] GROUP Options: -f, --force exit successfully if the group already exists, and cancel -g if the GID is already used -g, --gid GID use GID for the new group -h, --help display this help message and exit -K, --key KEY=VALUE override /etc/login.defs defaults -o, --non-unique allow to create groups with duplicate (non-unique) GID -p, --password PASSWORD use this encrypted password for the new group -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into -P, --prefix PREFIX_DIR directory prefix --extrausers Use the extra users database
Every new group created is registered in the file “/etc/group“. To verify that the group has been created, enter the command.
~# tail /etc/group crontab:x:105: messagebus:x:106: input:x:107: kvm:x:108: render:x:109: syslog:x:110: ubuntu:x:1000: ssh:x:111: systemd-coredump:x:999: lxd:x:998:
The file shows group information in the following format:
group_name : password : group-id : list-of-members
Using groupadd with options:
1. -f, –force: This option forces the command to silently abort if the group with given already exists. If this option is used with the -g or –gid option and the group if given already exists, the command forcefully ignores the given group id and creates a new and unique group id.
~# groupadd ubuntu groupadd: group 'ubuntu' already exists ~# groupadd -f ubuntu
2. -g, –gid GID: This option is used to provide a group id (numeric) to the new group, and it should be non-negative and unique unless explicitly created to be non-unique (using -o option). If this option is not used, the default id is assigned, which is greater than every other group already present.
~# groupadd -g 3400 cf ~# tail -1 /etc/group cf:x:3400:
3. -h, –help: Display help message and exit.
4. -K, –key KEY=VALUE: Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others). Multiple -K options can be specified. GID_MIN and GID_MAX are the parameters set in /etc/login.defs which defines the minimum and maximum values that a group id can take.
~# groupadd -K GID_MIN=1000 -K GID_MAX=1500 test ~# tail /etc/group input:x:107: kvm:x:108: render:x:109: syslog:x:110: ubuntu:x:1000: ssh:x:111: systemd-coredump:x:999: lxd:x:998: cf:x:3400: test:x:1001;
5. -o, –non-unique: This option permits to add a group with a non-unique GID.
6. -p, –password PASSWORD: The encrypted password, as returned by crypt(3). The default is to disable the password. This password is visible to the users. You should make sure the password respects the system’s password policy. The group passwords are stored in “/etc/gshadow” file.
~# groupadd -p abc test2 ~# tail -1 /etc/group test2:x:3401: ~# tail -1 /etc/gshadow test2:abc::
7. -r, –system: Create a system group. The numeric identifiers of new system groups are chosen in the SYS_GID_MIN-SYS_GID_MAX range, defined in login.defs, instead of GID_MIN and GID_MAX.
~# groupadd -r sys1 ~# tail -1 /etc/group sys1:x:997:
8. -R, –root CHROOT_DIR: Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
- To add a new user into the group, the group is mentioned using -g option in the command useradd.
sudo useradd -g group_name new_user_name
- To add an existing user to a group, use the usermod command
usermod -g group_name existing_user_name