Linux System Administration for Beginners
User and Group Management
Create delete and modify local groups and group memberships
Keeping your Linux server secure and organized often involves managing groups and assigning users the appropriate permissions. In this guide, you'll learn how to create, delete, and modify local groups, manage memberships, and adjust primary versus secondary group assignments.
Why Use Groups?
Groups let you grant permissions to multiple users at once. For example, imagine a shared directory for your development team:
- Team members: John, Jack, Jane
- Directory:
/srv/dev-project - Required access: read/write
Instead of adjusting permissions per user, you can:
- Create a developers group
- Add John, Jack, and Jane to developers
- Change the directory’s group ownership to developers
- Grant the group read/write rights
Now any member of developers automatically has the correct permissions. Remove a user from the group to revoke access, or add new members to grant permissions instantly.
Beyond file access, group membership controls special privileges:
- wheel or sudo group → run commands as root
- docker group → manage Docker containers
Note
Each user has one primary group (used when creating files or running processes) and zero or more secondary groups.
Creating a User and a Group
First, ensure you have a user (john) and create the developers group:
sudo useradd john
sudo groupadd developers
Managing Group Memberships
Use the gpasswd tool to add or remove users from secondary groups:
# Add John to developers
sudo gpasswd --add john developers
# or short form
sudo gpasswd -a john developers
# Verify John's groups
groups john
# Remove John from developers
sudo gpasswd --delete john developers
# or short form
sudo gpasswd -d john developers
Changing a User’s Primary Group
To switch John’s primary group to developers, use usermod with the --gid option:
sudo usermod --gid developers john
# Verify change
groups john
# Output: john : developers
Note
gpasswd syntax is gpasswd [--add|--delete] username groupusermod syntax is usermod --gid group username
Renaming and Deleting Groups
Rename a group from developers to programmers:
sudo groupmod --new-name programmers developers
# or short form
sudo groupmod -n programmers developers
Delete a group when it’s no longer needed:
sudo groupdel programmers
Warning
If the group is the primary group for any user, groupdel will fail with:
groupdel: cannot remove the primary group of user 'john'
Change the user’s primary group first:
sudo usermod --gid john john
Then run:
sudo groupdel programmers
Quick Reference Table
| Command | Description |
|---|---|
sudo useradd <user> | Create a new user |
sudo groupadd <group> | Create a new group |
sudo gpasswd -a <user> <group> | Add a user to a secondary group |
sudo gpasswd -d <user> <group> | Remove a user from a secondary group |
sudo usermod --gid <group> <user> | Change a user’s primary group |
sudo groupmod -n <new> <old> | Rename a group |
sudo groupdel <group> | Delete a group |
groups <user> | List all groups for a user |
Links and References
Practice these commands on a test environment to master Linux group administration!
Watch Video
Watch video content
Practice Lab
Practice lab