How to Assign Users to a Group on Linux
Groups in Linux are collections of users that streamline the assignment of rights and access to various system assets. Each group holds a defined set of permissions that extend to all its users, which makes managing access more straightforward.
By assigning users to groups, you can implement structured access control and clarify user roles throughout the environment.
This guide outlines how to assign users to groups in a Linux system.
Requirements
- You are operating on an Ubuntu machine with a non-root user account that has sudo privileges.
Inspecting Available Groups
When managing groups and users, it’s helpful to have insight into the current group structure and which users belong to which groups. Use the steps below to examine group data.
Display All System Groups
To get a list of all groups present on your system, run the command below:
$ cat /etc/group
This displays every group configured in your system, including their corresponding group IDs (GIDs) and the users associated with them.
A typical output might look like this:
group1:x:101:user1
group2:x:102:user2
group3:x:103:user3
group4:x:104:user4,user1
Explanation of each part of the output:
- group: Name of the group
- x: Placeholder for the password field
- 101: Group ID (GID) that uniquely identifies the group
- user: Username of the group member
See Groups of the Current User
To identify which groups your current user is part of, use the following command:
$ groups
This reveals a list of groups that the currently logged-in user is associated with. For instance:
group1 group2 group3 group4
See Groups of a Specific User
To check group memberships for a certain user, run the command below, replacing username with the desired account:
$ groups username
An example output could resemble this:
group1 group2
View User and Group Identifiers
To obtain a user’s full identity details—like user ID, group ID, and supplemental group memberships—use the following command:
$ id username
This will generate output similar to:
uid=10(username) gid=10(defaultgroup) groups=10(group1),4(group2),109(group3),110(group4)
Assigning a User to a Group
When a user is added to a group, they inherit that group’s permissions. This allows them to access files, directories, and system services aligned with the group’s privileges.
Include a User in an Existing Group
To add a user to an already existing group, use the following command:
$ sudo usermod -a -G groupname username
- groupname: Replace this with the group you want the user to join.
- username: Substitute this with the name of the user being added.
The -a (append) option combined with -G (group) ensures the user is included in the specified group without losing current group affiliations.
Confirm Group Membership
Check the groups that a particular user belongs to with this command:
$ groups username
Sample output may look like this:
username : group1 group2 group3 group4 group5
Important: If you omit the -a option, the user will be removed from all groups except the one specified:
$ sudo usermod -G groupname username
Warning: This command overwrites all existing group associations for the user, leaving only the specified group.
Verify Current Group Membership
To double-check which groups the user belongs to, use the same command:
$ groups username
You should see something like this if the user was removed from all other groups:
username : group6
Add a User to Several Groups at Once
If you want to grant a user access to multiple resource groups simultaneously, you can do so with a single command:
$ sudo usermod -a -G group1,group2,group3 username
- group1,group2,group3: Replace with the list of target groups.
- username: Provide the name of the user to be added.
This method allows the user to join multiple groups without impacting their current group memberships.
Check Updated Group Membership
Run the following to see the full list of groups the user is part of, including the new additions:
$ groups username
A typical result might look like:
username : group6 group1 group2 group3
Modifying the Default Group of a User
Each Linux user is linked to a default group, which is typically named after the user account. You can modify this default group to assign alternate permissions and access settings for that user.
Set a New Default Group
To assign a different group as the user’s default, use the command below:
$ sudo usermod -g newdefaultgroup username
- newdefaultgroup: Replace with the desired default group name.
- username: Replace with the name of the user whose default group you wish to change.
The -g flag sets a new default group while maintaining the user’s existing group memberships. Any files or directories the user creates afterward will be owned by the new default group.
Confirm the Default Group Change
Run the following to verify the user’s updated group information:
$ id username
The default group should now reflect the new group you assigned. For example:
uid=1000(username) gid=1000(newdefaultgroup) groups=1000(group1),4(group2),109(group3),110(group6)
Removing a User from a Group
To revoke a user’s access to certain group privileges or resources, you can remove them from that group using the following method.
Delete a User from a Group
Use the command below to remove a user from a group:
$ sudo gpasswd -d username groupname
- username: Replace with the user you wish to remove.
- groupname: Replace with the group from which the user will be removed.
The -d flag deletes the user from the specified group. As a result, they will lose any access rights or privileges granted by that group.
Check the Updated Group Membership
To confirm the removal, execute the following:
$ groups username
You should see output like the following, indicating that the user is no longer part of the removed group:
username : group1 group2 group3
Conclusion
You’ve now seen how to manage Linux user groups effectively. This includes adding users to one or more groups, updating a user’s default group, and removing users from groups. These tools help you maintain better control over user access and enhance system security.
