groupadd / groupdel / usermod (Group Management)
To manage groups in Linux environments such as Ubuntu and AlmaLinux, you use the groupadd, groupdel, usermod, and groups commands. Group information is stored in the /etc/group file. By assigning multiple groups to a user, you can control access permissions to files and commands in fine-grained detail.
Syntax
# -----------------------------------------------
# Creating a group
# -----------------------------------------------
# groupadd {group-name}
# → Creates a new group
# → The group ID (GID) is assigned automatically
# Example: sudo groupadd kiryu-clan
# groupadd -g {GID} {group-name}
# → Creates a group with an explicit GID
# Example: sudo groupadd -g 1200 kiryu-clan
# -----------------------------------------------
# Deleting a group
# -----------------------------------------------
# groupdel {group-name}
# → Deletes the specified group
# → Fails if the group is the primary group of any user.
# Change the user's primary group first before deleting
# Example: sudo groupdel kiryu-clan
# -----------------------------------------------
# Adding/removing members from a group (usermod)
# -----------------------------------------------
# usermod -aG {group-name} {username}
# → Adds a user to a supplementary group
# → The -a (append) option is required. Without it, existing group memberships are overwritten
# Example: sudo usermod -aG kiryu-clan kazuma
# usermod -g {group-name} {username}
# → Changes the user's primary group
# Example: sudo usermod -g kiryu-clan kazuma
# gpasswd -d {username} {group-name}
# → Removes a user from a group
# Example: sudo gpasswd -d kazuma kiryu-clan
# -----------------------------------------------
# Checking groups
# -----------------------------------------------
# groups [{username}]
# → Lists the groups the specified user belongs to
# → If the username is omitted, shows the current user's groups
# Example: groups kazuma
# id [{username}]
# → Displays UID, GID, and all group memberships
# Example: id kazuma
# getent group {group-name}
# → Retrieves group details from /etc/group
# Example: getent group kiryu-clan
Command Reference
| Operation | Command | Description |
|---|---|---|
| Create a group | groupadd {group-name} | Creates a new group. The GID is assigned automatically. |
| Create with a specific GID | groupadd -g {GID} {group-name} | Creates a group with an explicitly specified group ID. |
| Delete a group | groupdel {group-name} | Deletes the specified group. The group must not be the primary group of any user. |
| Add to a supplementary group | usermod -aG {group} {user} | Adds a user to a supplementary group. Always include -a; omitting it will remove the user from all existing groups. |
| Change primary group | usermod -g {group} {user} | Changes the user's primary group. |
| Remove from a group | gpasswd -d {user} {group} | Removes a user from the specified group. |
| Check group memberships | groups [{username}] | Lists the groups a user belongs to. If omitted, shows the current user's groups. |
| Check UID and GID | id [{username}] | Displays the UID, GID, and all group memberships at once. |
| Get group details | getent group {group-name} | Retrieves group details (GID and member list) from /etc/group. |
| List all groups | cat /etc/group | Displays the full contents of /etc/group. You can review group names, GIDs, and members at a glance. |
Examples
Create a group and add users
# ----------------------------------------------- # Create a group and add multiple users # ----------------------------------------------- # Create the kiryu-clan group sudo groupadd kiryu-clan # Verify the group was created getent group kiryu-clan
Run the following command:
$ getent group kiryu-clan kiryu-clan:x:1200:
The following example demonstrates this:
# Add kazuma to the kiryu-clan group # Using -a preserves existing group memberships when adding to the new group sudo usermod -aG kiryu-clan kazuma # Add majima to the same group sudo usermod -aG kiryu-clan majima # Check the group members getent group kiryu-clan
Run the following command:
$ getent group kiryu-clan kiryu-clan:x:1200:kazuma,majima
Check a user's group memberships
# ----------------------------------------------- # Check group memberships with groups and id commands # ----------------------------------------------- # List the groups kazuma belongs to groups kazuma
Run the following command:
$ groups kazuma kazuma : kazuma kiryu-clan sudo
The following example demonstrates this:
# Display UID, GID, and supplementary groups in detail with the id command id kazuma
Run the following command:
$ id kazuma uid=1001(kazuma) gid=1001(kazuma) groups=1001(kazuma),27(sudo),1200(kiryu-clan)
Remove a user from a group and delete the group
# ----------------------------------------------- # Group management cleanup steps # ----------------------------------------------- # Remove majima from the kiryu-clan group sudo gpasswd -d majima kiryu-clan
Run the following command:
$ sudo gpasswd -d majima kiryu-clan Removing user majima from group kiryu-clan
The following example demonstrates this:
# Remove all remaining users from kiryu-clan, then delete the group itself # (Deletion is possible even with members remaining, but it will fail # if the group is set as any user's primary group) sudo gpasswd -d kazuma kiryu-clan sudo groupdel kiryu-clan # Confirm the group has been deleted (no output means deletion was successful) getent group kiryu-clan
Run the following command:
$ getent group kiryu-clan (no output means deletion was successful)
Inspect the structure of /etc/group
# -----------------------------------------------
# Understanding the /etc/group format
# Format: {group-name}:{password}:{GID}:{member-list}
# The password field is usually x (shadowed) or empty
# -----------------------------------------------
# Check the sudo group entry
getent group sudo
Run the following command:
$ getent group sudo sudo:x:27:kazuma
The following example demonstrates this:
# Extract only groups with a GID of 1000 or higher # awk splits each line by colon and filters on the third field (GID) awk -F: '$3 >= 1000' /etc/group
Run the following command:
$ awk -F: '$3 >= 1000' /etc/group kazuma:x:1001: majima:x:1002: kiryu-clan:x:1200:kazuma,majima
Overview
Linux access permissions are managed in three layers — user, group, and others — and groups let you grant permissions to multiple users at once. The standard workflow is to create a group with groupadd and then add users with usermod -aG. Always include the -a (append) option with usermod -aG. Without it, all existing group memberships are overwritten, which can inadvertently remove the user from groups like sudo. Note that group changes are not reflected in an already-running shell session. Use newgrp {group-name} to switch groups temporarily, or log out and back in to apply the changes. Group information is stored in the /etc/group file, with one group per line in the format {group-name}:{password}:{GID}:{member-list}. For general user management, see the useradd / userdel / usermod (user management) page as well.
If you find any errors or copyright issues, please contact us.
シェアする