- Users and groups
- Overview
- Permissions and ownership
- How to Add a User to a Linux Group
- What is a User Group in Linux
- Primary Group
- Secondary Groups
- How to Create a User Group
- How to Add User to Group
- Add an Existing User to an Existing Group
- Add a User to Multiple Groups at Once
- Create a User and Add to Group
- Change a Users Primary Group
- How to Remove a User From a Group
- Delete a Group
- How to List Groups in Linux
- Other Common Groups
- How to get the primary group of a user?
- 2 Answers 2
Users and groups
Users and groups are used on GNU/Linux for access control—that is, to control access to the system’s files, directories, and peripherals. Linux offers relatively simple/coarse access control mechanisms by default. For more advanced options, see ACL, Capabilities and PAM#Configuration How-Tos.
Overview
A user is anyone who uses a computer. In this case, we are describing the names which represent those users. It may be Mary or Bill, and they may use the names Dragonlady or Pirate in place of their real name. All that matters is that the computer has a name for each account it creates, and it is this name by which a person gains access to use the computer. Some system services also run using restricted or privileged user accounts.
Managing users is done for the purpose of security by limiting access in certain specific ways. The superuser (root) has complete access to the operating system and its configuration; it is intended for administrative use only. Unprivileged users can use several programs for controlled privilege elevation.
Any individual may have more than one account as long as they use a different name for each account they create. Further, there are some reserved names which may not be used such as «root».
Users may be grouped together into a «group», and users may be added to an existing group to utilize the privileged access it grants.
Note: The beginner should use these tools carefully and stay away from having anything to do with any other existing user account, other than their own.
Permissions and ownership
The UNIX operating system crystallizes a couple of unifying ideas and concepts that shaped its design, user interface, culture and evolution. One of the most important of these is probably the mantra: «everything is a file,» widely regarded as one of the defining points of UNIX. This key design principle consists of providing a unified paradigm for accessing a wide range of input/output resources: documents, directories, hard-drives, CD-ROMs, modems, keyboards, printers, monitors, terminals and even some inter-process and network communications. The trick is to provide a common abstraction for all of these resources, each of which the UNIX fathers called a «file.» Since every «file» is exposed through the same API, you can use the same set of basic commands to read/write to a disk, keyboard, document or network device.
A fundamental and very powerful, consistent abstraction provided in UNIX and compatible operating systems is the file abstraction. Many OS services and device interfaces are implemented to provide a file or file system metaphor to applications. This enables new uses for, and greatly increases the power of, existing applications — simple tools designed with specific uses in mind can, with UNIX file abstractions, be used in novel ways. A simple tool, such as cat, designed to read one or more files and output the contents to standard output, can be used to read from I/O devices through special device files, typically found under the /dev directory. On many systems, audio recording and playback can be done simply with the commands, » cat /dev/audio > myfile » and » cat myfile > /dev/audio ,» respectively.
Every file on a GNU/Linux system is owned by a user and a group. In addition, there are three types of access permissions: read, write, and execute. Different access permissions can be applied to a file’s owning user, owning group, and others (those without ownership). One can determine a file’s owners and permissions by viewing the long listing format of the ls command:
total 13740 drwxr-xr-x 2 root root 4096 Jan 12 00:33 grub -rw-r--r-- 1 root root 8570335 Jan 12 00:33 initramfs-linux-fallback.img -rw-r--r-- 1 root root 1821573 Jan 12 00:31 initramfs-linux.img -rw-r--r-- 1 root root 1457315 Jan 8 08:19 System.map26 -rw-r--r-- 1 root root 2209920 Jan 8 08:19 vmlinuz-linux
The first column displays the file’s permissions (for example, the file initramfs-linux.img has permissions -rw-r—r— ). The third and fourth columns display the file’s owning user and group, respectively. In this example, all files are owned by the root user and the root group.
total 16 drwxrwx--- 1 root vboxsf 16384 Jan 29 11:02 sf_Shared
In this example, the sf_Shared directory is owned by the root user and the vboxsf group. It is also possible to determine a file’s owners and permissions using the stat command:
How to Add a User to a Linux Group
In Linux, a group is a unit in which you can manage privileges for several users simultaneously. Linux groups allow you to manage multiple user permissions quickly and easily.
In this tutorial learn how user groups work in Linux, and how to add users to specific groups.
- A system running Linux
- A user account with sudo or root privileges
- Access to a terminal window/command line (Ctrl-Alt-T, Ctrl-Alt-F2)
What is a User Group in Linux
In Linux, different users have different roles or responsibilities. Some users might need the ability to execute applications, while others are restricted from accessing specific files and folders.
Groups let you create categories of users with pre-set permissions. Instead of managing permissions for each user account, you can simply add a user to a group to grant the appropriate permissions.
Primary Group
The primary group is set to the logged-in user. Any files the user creates are automatically added to that group. A user can only belong to one primary group at a time. A primary group with the same name as the user is created, and any files created by the user are included in that group.
Secondary Groups
A user can belong to any number of secondary groups (including none). Secondary groups are created to manage individual files and software applications. Members of the group inherit the read, write, and execute privileges for that group.
Note: Refer to our in-depth guide on how to create users in Linux for more info on user management.
How to Create a User Group
1. To create a new group, enter the following:
2. Replace new_group with the name you want for your new group.
How to Add User to Group
Add an Existing User to an Existing Group
1. Use the adduser command to add a user to a group:
sudo adduser user_name new_group
2. Use the useradd command to add a user:
sudo useradd –G new_group user_name
3. You can also use the usermod command to add a user to a group:
sudo usermod –a –G group_name user_name
The usermod command uses the –append and –group options to append the user to a particular group. Without using –append , the user could be dropped from other groups.
Add a User to Multiple Groups at Once
Use the usermod command to specify multiple groups to add to:
sudo usermod –a –G new_group,new_group2,new_group3 user_name
Create a User and Add to Group
1. This is useful for creating a new user on the fly for a specific software application. Enter the following:
sudo useradd –G new_group new_user
2. Next, assign a password to the new user:
Change a Users Primary Group
All previous commands have been used to manage the secondary groups a user belongs to. In most cases, a user’s primary group is the same as their username.
To change a users primary group, enter the command:
sudo usermod –g new_group user_name
The lower-case –g specifies the primary group. (Upper-case –G refers to a secondary group.) A user can only have one primary group, so the old primary group user_name won’t be primary anymore for this user.
How to Remove a User From a Group
The gpasswd tool is used for managing groups. To remove a user from a group:
sudo gpasswd –d user_name new_group
Note: The gpasswd tool can also be used for other administrative tasks such as defining group administrators and setting a password for access to group resources. Use the Linux man command man gpasswd for details.
Delete a Group
To delete a group, use the command:
How to List Groups in Linux
Linux comes with several different groups by default. Some of these, like the sudo group, can be used to grant permissions. Others are hidden, used for system tasks.
1. To view a list of groups on your system by displaying the /etc/groups file:
2. To display the groups that a user belongs to with the groups command:
3. The image above shows the groups that the logged-in user ‘sofija’ belongs to. You can display groups for a different user by specifying the username:
4. Another method to display the groups a user belongs to, including user ID (uid) and group ID (gid), is to use the id command:
Other Common Groups
There are a several common group names you might encounter in Linux:
- sudo – A member of this group can use the sudo command to elevate their privileges
- wheel – This is an older method of granting sudo-like privileges
- cdrom – Allows the user to mount the optical drive
- adm – Allows the user to monitor Linux system logs
- lpadmin – Allows the user to configure printers
- plugdev – Allows the user to access external storage devices
You should now have a good understanding of Linux groups and how to add and remove members from those groups. For more information on specific commands, you can enter the man command to display a manual in your terminal window.
How to get the primary group of a user?
The following command will list all of the groups of someUser (the primary group and the supplementary groups):
@simlev I reached here looking for info on that. On my recent arch linux install that doesn’t seem to be the case. It shows «wheel» as the first group. But doing id -gn shows the primary group that I would expect.
@reportaman I cannot confirm this: I just installed a new arch, ran useradd myuser; usermod -aG wheel myuser and got gid=1000(myuser) groups=1000(myuser),998(wheel) .
2 Answers 2
See the FreeBSD handbook (information also valid for Linux):
Group ID (GID)
The Group ID (GID) is a number used to uniquely identify the primary group that the user belongs to. Groups are a mechanism for controlling access to resources based on a user’s GID rather than their UID. This can significantly reduce the size of some configuration files and allows users to be members of more than one group. It is recommended to use a GID of 65535 or lower as higher GIDs may break some software.
If so, running id will show gid= :
id uid=1000() gid=1000() groups=1000(),4(adm),24(cdrom),27(sudo)
If you want the command to return just the primary group name, see man id :
-g, --group print only the effective group ID -G, --groups print all group IDs -n, --name print a name instead of a number, for -ugG
so, id -gn should give you what you want.