- Users and groups
- Overview
- Permissions and ownership
- How to Add a User to a Linux Group
- What is a User Group in Linux
- Primary Group
- Secondary Groups
- How to Create a User Group
- How to Add User to Group
- Add an Existing User to an Existing Group
- Add a User to Multiple Groups at Once
- Create a User and Add to Group
- Change a Users Primary Group
- How to Remove a User From a Group
- Delete a Group
- How to List Groups in Linux
- Other Common Groups
- How to add users to a group in Linux
- Users
- Groups
- Creating a user
- How to add alice to the group ‘wheel’ to give sudo access
Users and groups
Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.
Overview
A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.
Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.
Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».
Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.
Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.
Permissions and ownership
The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.
A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.
Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:
total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux
The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.
total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared
In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command:
How to Add a User to a Linux Group
In Linux, a group is a unit in which you can manage privileges for several users simultaneously. Linux groups allow you to manage multiple user permissions quickly and easily.
In this tutorial learn how user groups work in Linux, and how to add users to specific groups.
- A system running Linux
- A user account with sudo or root privileges
- Access to a terminal window/command line (Ctrl-Alt-T, Ctrl-Alt-F2)
What is a User Group in Linux
In Linux, different users have different roles or responsibilities. Some users might need the ability to execute applications, while others are restricted from accessing specific files and folders.
Groups let you create categories of users with pre-set permissions. Instead of managing permissions for each user account, you can simply add a user to a group to grant the appropriate permissions.
Primary Group
The primary group is set to the logged-in user. Any files the user creates are automatically added to that group. A user can only belong to one primary group at a time. A primary group with the same name as the user is created, and any files created by the user are included in that group.
Secondary Groups
A user can belong to any number of secondary groups (including none). Secondary groups are created to manage individual files and software applications. Members of the group inherit the read, write, and execute privileges for that group.
Note: Refer to our in-depth guide on how to create users in Linux for more info on user management.
How to Create a User Group
1. To create a new group, enter the following:
2. Replace new_group with the name you want for your new group.
How to Add User to Group
Add an Existing User to an Existing Group
1. Use the adduser command to add a user to a group:
sudo adduser user_name new_group
2. Use the useradd command to add a user:
sudo useradd –G new_group user_name
3. You can also use the usermod command to add a user to a group:
sudo usermod –a –G group_name user_name
The usermod command uses the –append and –group options to append the user to a particular group. Without using –append , the user could be dropped from other groups.
Add a User to Multiple Groups at Once
Use the usermod command to specify multiple groups to add to:
sudo usermod –a –G new_group,new_group2,new_group3 user_name
Create a User and Add to Group
1. This is useful for creating a new user on the fly for a specific software application. Enter the following:
sudo useradd –G new_group new_user
2. Next, assign a password to the new user:
Change a Users Primary Group
All previous commands have been used to manage the secondary groups a user belongs to. In most cases, a user’s primary group is the same as their username.
To change a users primary group, enter the command:
sudo usermod –g new_group user_name
The lower-case –g specifies the primary group. (Upper-case –G refers to a secondary group.) A user can only have one primary group, so the old primary group user_name won’t be primary anymore for this user.
How to Remove a User From a Group
The gpasswd tool is used for managing groups. To remove a user from a group:
sudo gpasswd –d user_name new_group
Note: The gpasswd tool can also be used for other administrative tasks such as defining group administrators and setting a password for access to group resources. Use the Linux man command man gpasswd for details.
Delete a Group
To delete a group, use the command:
How to List Groups in Linux
Linux comes with several different groups by default. Some of these, like the sudo group, can be used to grant permissions. Others are hidden, used for system tasks.
1. To view a list of groups on your system by displaying the /etc/groups file:
2. To display the groups that a user belongs to with the groups command:
3. The image above shows the groups that the logged-in user ‘sofija’ belongs to. You can display groups for a different user by specifying the username:
4. Another method to display the groups a user belongs to, including user ID (uid) and group ID (gid), is to use the id command:
Other Common Groups
There are a several common group names you might encounter in Linux:
- sudo – A member of this group can use the sudo command to elevate their privileges
- wheel – This is an older method of granting sudo-like privileges
- cdrom – Allows the user to mount the optical drive
- adm – Allows the user to monitor Linux system logs
- lpadmin – Allows the user to configure printers
- plugdev – Allows the user to access external storage devices
You should now have a good understanding of Linux groups and how to add and remove members from those groups. For more information on specific commands, you can enter the man command to display a manual in your terminal window.
How to add users to a group in Linux
Linux offers versatile user/group structures. In this article, we will explore how to create and add users to a group.
Note: These instructions work when using Red Hat Enterprise Linux, Fedora, and CentOS. They have also been verified on Fedora.
Users
In Linux, every process has an associated user, which tells you who initiated the process. Every file/directory is owned by a user and a group. Users who are associated with a file/directory can tell which user has access to that file and what they can do with it. A user who is associated with a process determines what that process can access.
Groups
Groups are collections of users. Groups determine the specific access rights users have to files, directories, and processes. As shown below, a user can be part of more than one group at a given time.
To see what user you are logged in as and what groups you are in, run the id command:
For example, uid=1000(kkulkarn) shows that I am logged in as kkulkarn (my username) and my user id is 1000 .
gid=1000(kkulkarn) tells what primary group I am in, and groups=. tells what other groups I am in. These other groups are known as supplementary groups.
Creating a user
Run the command shown below to create the user alice . sudo is required as a prefix if you get a Permission denied error.
Since we did not set a password when we created the user alice, to switch users and become alice, we need to run following command:
It will prompt: New password and Retype new password . I set the password as demo, and the system responded: BAD PASSWORD because it is too short and therefore vulnerable to attacks. But I continued, and the password was set; here is the following message output:
passwd: all authentication tokens updated successfully.
Screenshot by author, CC BY
Now let’s switch to the new user, alice, by using su — alice, as shown below. Enter the password demo when prompted.
As you can see, the prompt shows that now we are working as alice@localhost. Check pwd (the present working directory) and you will see we are in the home directory for the user alice.
Note: To use sudo, you need to be part of a supplementary group called wheel ; otherwise you may see an error: < username>is not in sudoers file. This incident will be reported :
Here’s how to fix that situation.
How to add alice to the group ‘wheel’ to give sudo access
and you will see the following output:
That tells us what primary and supplementary groups alice is part of.
Let’s modify alice to be part of group wheel using the following command:
Using the command usermod and options -aG, tells the system to add alice to the supplementary group wheel . Note that the usermod command will not show any output if you run it correctly. If you then run id alice , you should see this output:
Since alice is now part of the group wheel , we can switch the user to alice, and she should be able to create the directory dir1 as sudo user:
If you run ls -la , you can see that dir1 has both the user and the group as root user, as we ran mkdir command as sudo user. But if you run it without sudo , dir1 would be owned by the user alice and the group alice .
Now that you’ve seen a user and a group in Linux, how do you create a user and modify it to add it to a group? The last thing you might want to do is delete the user you created for this demo. I won’t explain how to do that, but I will leave you with the commands below; run it and see the output yourself:
id alice sudo userdel -r alice id alice
For more information, check the help for these commands by using the —help or -h option, or run man to open Linux Manual Pages.