- Adding to Root Group using Useradd Command
- Adding to Root Group using usermod
- Editing /etc/passwd file
- Setting as Sudo User
- about groups
- Basic management of groups and users
- Viewing existing groups on Linux
- Create a new group with the groupadd command
- Create a group with a custom group id (gid)
- Creating a new user using the useradd command
- Adding an existing user to existing groups
- Adding a user to the sudo group
- Display user and group information
- Changing primary group for an existing user
- Remove a user from a group
- How to delete a user
- How to delete a group
- Working with Linux Groups, Users, and Directories
- Linux Primary Groups
- Linux Secondary Groups
- What is the difference between Primary and Secondary groups in Linux?
- Creating and Deleting User Accounts
- Understanding the Sudo Linux Group and User
- Whitelisting Commands With Sudo
- Working with Groups
- Creating and Removing Directories
- Changing Directory and File Permissions
- Chmod Command
- Chmod Octal Format
- Additional File Permissions
- Changing File Ownership
- What are Linux User and Group Permissions?
- Read, Write, & Execute Permissions
- Viewing File Permissions
- Types of groups in Linux
- Conclusion
- Conclusion
Adding to Root Group using Useradd Command
useradd -m -G root user3
groups user3
user3 : user3 rootuseradd -c “Imitation Root” -d /home/root_user -m -k /etc/skel -s /bin/bash -u 0 -o -g root root_userAdding to Root Group using usermod
adduser user1
adduser user2
groupadd testThese are the groups I have in my Linux box.
groups
root bin daemon sys adm disk wheelusermod -G root user1usermod -g 0 -o root_userEditing /etc/passwd file
root:x:0:0:root:/root:/bin/bash
temproot:x:128:128:temprootroot:x:0:0:root:/root:/bin/bash
temproot:x:0:0:temprootNote: This is not the recommended method for granting root access
If you are not familiar with Linux permissions and how to manage them, take a look at this article.
In this tutorial, we will cover how to create groups in Linux and briefly explain how to manage them.
Table of Contents
- Types of groups in Linux
- Basic management of groups and users
- Conclusion
Setting as Sudo User
The sudo configuration file is /etc/sudoers and you can edit this file using visudo command: # visudo.
Using visudo protects from conflicts and guarantees that the right syntax is used.
Add the entry given below in the file:
bob, tom ALL=(ALL) ALLThis entry allows bob and all the other members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, as well as the privilege of running the command /usr/oracle/backup.pl.
bob, %operator ALL= /sbin/, /usr/sbin, /usr/oracle/backup.plabout groups
Groups can be created with the groupadd command. The example below shows the creation
of five (empty) groups.
The first field is the group’s name. The second field is the group’s (encrypted) password (can
be empty). The third field is the group identification or GID. The fourth field is the list of
members, these groups have no members.
You can permanently remove a group with the groupdel command.
You can permanently remove a group with the groupdel command.
Exercise, Practice and Solution:
1. Create the groups tennis, football and sports.
groupadd tennis;
groupadd football;
groupadd sports2. In one command, make venus a member of tennis and sports.
usermod -a -G tennis,sports venus3. Rename the football group to foot.
groupmod -n foot football4. Use vi to add serena to the tennis group.
vi /etc/group5. Use the id command to verify that serena is a member of tennis.
id (and after logoff logon serena should be member)6. Make someone responsible for managing group membership of foot and sports. Test that
it works.
gpasswd -A (to make manager)
gpasswd -a (to add memberBasic management of groups and users
The groupadd command is the most used tool for creating new groups. The basic syntax of the groupadd command is:
groupadd [options] group_name
You can view all the available options in the help menu of the command. Type in groupadd -h in the terminal to read the description of all the options.
Viewing existing groups on Linux
To view all the groups, we can just cat the file:
cat /etc/group
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,edxd tty:x:5:syslog disk:x:6: ... lxd:x:118: edxd:x:1000: matt:x:1001: testusers:x:1002: testers:x:1003:edxduser anothergroup:x:1005:edxduser docker:x:1006:edxd
You can also view the groups using the getent (get entries) command:
getent group
The command getent is used for viewing the entries in some text databases. Some examples of these databases would be the group file, passwd file, etc.
Create a new group with the groupadd command
To create a new group using the groupadd command, you just have to specify the group name after the command. Remember to use sudo before the command to get root privileges:
sudo groupadd bytexd_group
Now let’s take a look at the /etc/group file to see if this new group was added to the list:
cat /etc/group
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,edxd tty:x:5:syslog disk:x:6: ... lxd:x:118: edxd:x:1000: matt:x:1001: testusers:x:1002: testers:x:1003:edxduser anothergroup:x:1005:edxduser docker:x:1006:edxd bytexd_group:x:1007:
Create a group with a custom group id (gid)
In Linux, when a new group is created, the group is assigned a unique identifier number, called the group id or GID in short.
The GIDs are assigned using the next available number in the system file named login.defs.
We can use the -g or --gid flag to specify the gid when creating a group. Let’s create a group with a gid of 1100:
sudo groupadd -g 1100 new_gid
Let’s see if the group was created or not. Type in:
getent group | grep new_gid
new_gid:x:1100:
As you can see, the group new_gid has been created with the group id (gid) of 1100. If the gid you specified is already used to identify a group, you can use the -o flag to specify a non-unique option, which will allow you to create multiple groups with the same group id.
sudo groupadd -o -g 1000 duplicate_gid_group
Creating a new user using the useradd command
sudo useradd bytexd_user
sudo cat /etc/passwd
Or, use the getent command:
sudo getent passwd
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin ... sshd:x:109:65534::/run/sshd:/usr/sbin/nologin landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin pollinate:x:111:1::/var/cache/pollinate:/bin/false edxd:x:1000:1000:,,,:/home/edxd:/bin/bash edxduser:x:1001:1002:Temporary user for Production Team:/var/matt:/bin/sh bytexd_user:x:1002:1101::/home/bytexd_user:/bin/sh
getent group | grep bytexd
bytexd_group:x:1007: bytexd_user:x:1101:
Adding an existing user to existing groups
Let’s look at the syntax of the command:
sudo usermod -a -G [group1,group2,…] [username]
sudo usermod -a -G bytexd_group bytexd_user
Let’s take a look at the change:
getent group | grep bytexd_group
bytexd_group:x:1007:bytexd_user
sudo usermod -a -G group1,group2 username
Adding a user to the sudo group
sudo usermod -a -G sudo bytexd_user
Now let’s see who belongs to the sudo group:
getent group | grep sudo
getent group | grep sudo
Display user and group information
id bytexd_user
uid=1002(bytexd_user) gid=1101(bytexd_user) groups=1101(bytexd_user),27(sudo),1007(bytexd_group)
Changing primary group for an existing user
sudo usermod -g group_name user_name
Remove a user from a group
sudo gpasswd -d user_name group_name
sudo gpasswd -d bytexd_user sudo
getent group | grep sudo
sudo:x:27:edxd
How to delete a user
sudo userdel [options] user_name
sudo userdel bytexd_user
getent passwd | grep bytexd
How to delete a group
sudo groupdel [options] group_name
Now let’s delete the group we created earlier (bytexd_group):
sudo groupdel bytexd_group
Let’s check if there is any group called bytexd_group:
getent group | grep bytexd
The output shows no entries listed. Thus, the group named bytexd_group has been deleted.
Working with Linux Groups, Users, and Directories
Linux Primary Groups
cat /etc/passwdpostfix:x:106:113::/var/spool/postfix:/usr/sbin/nologin
example_user:x:1000:1001:,,,:/home/example_user:/bin/bashid example_userYour output resembles the example, which displays the primary group as example_group.
uid=1000(example_user) gid=1001(example_group) groups=1001(example_group),27(sudo)id -gn example_userexample_groupLinux Secondary Groups
groups example_userexample_user : example_group sudosudo usermod -a -G second_example_group example_usersudo usermod -a -G second_example_group,third_example_group,fourth_example_group example_userWhat is the difference between Primary and Secondary groups in Linux?
Creating and Deleting User Accounts
useradd <name>passwd <username>$ passwd
Changing password for lmartin.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfullyapt-get install adduseradduser <name>root@localhost:~# adduser cjones Adding user `cjones' ... Adding new group `cjones' (1001) ... Adding new user `cjones' (1001) with group `cjones' ... Creating home directory `/home/cjones' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for cjones Enter the new value, or press ENTER for the default Full Name []: Chuck Jones Room Number []: 213 Work Phone []: 856-555-1212 Home Phone []: Other []: Is the information correct? [Y/n] Yuserdel <name>userdel -r <name>Understanding the Sudo Linux Group and User
sudo apt-get install <package>apt-get install sudoyum install sudoThe visudo command should be used to edit the sudoers file. At a command line, log into your system as root and enter the command visudo.
sudo visudoWhitelisting Commands With Sudo
When allowing individual commands using the above syntax, it is important to use the absolute path to the command. The which command can be used to find this absolute path:
which command-nameWorking with Groups
$ newgrp <marketing>Creating and Removing Directories
To make a directory use the command:
mkdir <directory name>mkdir -m a=rwx <directory name>rm <file>To remove a directory:
rm -r <directory name>It is important to note that if you remove a directory all the files inside are deleted as well.
Changing Directory and File Permissions
drwxr-xr-x 2 user user 4096 Jan 9 10:11 documents
-rw-r--r-- 1 user user 675 Jan 7 12:05 .profile
drwxr-xr-x 4 user user 4096 Jan 7 14:55 public`drwxr-xr-x` are the permissions
`2` is the number of files or directories
`user` is the owner
`user` is the group
`4096` is the size
`Jan 9 10:11` is the date/time of last access
`documents` is the directorySince a directory itself is a file, any directory shows 4096 as it’s size. This does not reflect the size of the contents of the directory.
Chmod Command
The command chmod is short for change mode. Chmod is used to change permissions on files and directories. The command chmod may be used with either letters or numbers (also known as octal) to set the permissions. The letters used with chmod are in the table below:
d is a directory
rw- the group has read and write permissions
r– all others have read only permissions
Note that the dash (-) denotes permissions are removed. Therefore, with the “all others” group, r– translates to read permission only, the write and execute permissions were removed.
Conversely, the plus sign (+) is equivalent to granting permissions: chmod u+r,g+x <filename>
u is for user
r is for read
g is for group
x is for executeChmod Octal Format
To use the octal format, you have to calculate the permissions for each portion of the file or directory. The first ten characters mentioned above correspond to a four digit numbers in octal. The execute permission is equal to the number one (1), the write permission is equal to the number two (2), and the read permission is equal to the number four (4). Therefore, when you use the octal format, you need to calculate a number between 0 and 7 for each portion of the permission. A table has been provided below for clarification.

Although octal format may seem difficult to understand, it is easy to use once you get the gist of it. However, setting permissions with r, w, and x may be easier. Below are examples of how to use both letters and octal format to set permissions on a file or directory.
Sample syntax:
chmod <octal or letters> <file/directory name>Letter format:
chmod go-rwx Work(Deny rwx permission for the group and others)
dr-------- 2 user user 4096 Dec 17 14:38 WorkOctal format: chmod 444 Work
dr--r--r-- 2 user user 4096 Dec 17 14:38 WorkAn octal table showing the numeric equivalent for permissions is provided below.
Additional File Permissions
chmod +t /root/stickychmod g+s /usr/bin/workchmod g+s /var/doc-store/chmod u+s /var/doc-store/Changing File Ownership
chown cjones:marketing list.htmlchown -R cjones:marketing /srv/smb/leadership/What are Linux User and Group Permissions?
Read, Write, & Execute Permissions
Permissions are the “rights” to act on a file or directory. The basic rights are read, write, and execute.
- Read: a readable permission allows the contents of the file to be viewed. A read permission on a directory allows you to list the contents of a directory.
- Write: a write permission on a file allows you to modify the contents of that file. For a directory, the write permission allows you to edit the contents of a directory (e.g. add/delete files).
- Execute: for a file, the executable permission allows you to run the file and execute a program or script. For a directory, the execute permission allows you to change to a different directory and make it your current working directory. Users usually have a default group, but they may belong to several additional groups.
Viewing File Permissions
To view the permissions on a file or directory, issue the command ls -l <directory/file>. Remember to replace the information in the <directory/file> with the actual file or directory name. Below is sample output for the ls command:
-rw-r--r-- 1 root root 1031 Nov 18 09:22 /etc/passwdTypes of groups in Linux
There are mainly two types of groups in Linux:
- Primary Group: Each user belongs to a primary group. The group is created when the user is created, and the name of the user and the group is generally the same.
- Secondary Group: A user may belong to one or more secondary groups except from the primary group. Secondary groups are useful for managing permissions for multiple users.
Conclusion
Login in as root and running commands is dangerous because all commands are with the highest privileges. Accident mistakes can even delete root directories and unsafe to run programs with a root shell.
Conclusion
We hope you liked the tutorial. If you have some questions or comments in general, feel free to leave them down below and we’ll get back to you as soon as possible. Thank you for reading!






