top of page

How to manage groups

Oct 18, 2024

2 min read

1

135

0




Main files

View all groups on the system cat /etc/group.


The /etc/gshadow is an important file for group management. Passwords for restricted groups are stored there as well as information about group administrators and users.


The structure of the files is like this: group_name:encrypted_password:group_admins:group_members


Never directly edit /etc/gshadow always use vigr -s.

General group management


Let's add John to the group teachers. usermod -aG teachers john.


Remember to use the -a option when adding people to groups. If you don't, it will override all secondary groups the member is a part of.


The new group for the user is applied when they log out and back in. If they don't want to do that and use the new group right away, that's when we use the newgrp command. E.g., newgrp teachers if you are logged in as John. Type newgrp again to reverse the change made via newgrp teachers.


If you want to remove a user from a group you use the gpasswd command. Let's remove John from the group printers. gpasswd -d john groupname.


Create group

To create a new group do groupadd groupname.


Remember to check out groupadd --help for more available options.


Set group password

Set a group password like this, gpasswd groupname.

Remove group password, gpasswd -r groupname.


You can also use groupmod to set a password for a group but the input has to be encrypted like the example below. Make sure you use single quotes, we need the terminal to read this literally, if you use double quotes the text inside allows for variable expansion and command substitution.


usermod -p '$6$AwAUwNhalFc.SUp.$QWjo5uH33Cihp.FSk.ndMzJFk.NML82MZIqfCMyT.w777D4z1qIP76ONw3cUZUI//VNzqjpqDK/A6v7Drj4bd1' groupname


To get an encrypted password value use openssl passwd -6.


Set group administrator

gpasswd -A username groupname

After you do that, check /etc/gshadow and look at the third field, you should see the username you entered there. This user can now add and remove users from that group.


You can use newgrp sales to change the primary group to sales. This is only a temporary primary group change, when you exit, it's back to your original primary group. Remember that the newgrp command opens a subshell where the user is a member of the group sales. You can either close that subshell or use the command newgrp with no options to return to you default primary group.


Use vigr -g to change the /etc/groups file, not vim, of course we use vim, not nano ... what are we monsters? ( Joking! ) :)


See group members

To see members of a group you can do a few things.

  • groupmems -g groupname -l

  • lid -g groupname

  • cat /etc/group | grep groupname

  • getent group groupname


See group membership per user

If you want to see groups that a specific user is a member of, you have a few options.

  • id username

  • groups username

  • cat /etc/group | grep username


The first group listed is the primary group.


This is all you need to know for the RHCSA exam in regards to groups. Of course I will add to this information if needed or somebody writes me a captivating comment here. :)

Related Posts

Comments

Share Your ThoughtsBe the first to write a comment.

© 2035 by Maya Nelson.
Powered and secured by Wix

Call

123-456-7890

Write

Follow

  • Facebook
  • Twitter
  • LinkedIn
  • Instagram
bottom of page