シェアする
Adding, Deleting, and Modifying Groups (groupadd, groupdel, groupmod) - Images: Japanese
Hey there, everyone!
Continuing on from last time, let's look at how to add and delete groups, and how to manage group membership.
To add a new group, use 'groupadd'. The usage is straightforward — just pass the group name you want to create as the first argument. Here we're adding a group called gtest:
[root@localhost ~]# groupadd gtest
Let's verify that in /etc/group:
[root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: gtest:x:501:
You can see gtest:x:501: has been added at the bottom. Group creation successful.
Next, let's look at modifying group settings. To change a group's settings, use groupmod. This command can change several things, so you'll need to use options. Let's go over the two most commonly used ones.
First is the -n option, which renames a group. Pass the new group name as the first argument and the current group name as the second. Here we rename gtest to gtest1:
[root@localhost ~]# groupmod -n gtest1 gtest [root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: test:x:500: gtest1:x:501:
You can see it's now showing gtest1:x:501:. Note that the first argument is the new group name, not the old one — it's easy to mix that up, so keep it in mind.
The other commonly used option is '-g', which changes the GID — the number that identifies a group internally. You won't use this very often, so just knowing it exists is enough. The syntax is: first argument is the new GID number, second is the target group name:
[root@localhost ~]# groupmod -g 1000 gtest1 [root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: test:x:500: gtest1:x:1000:
You can see gtest1:x:1000: — the GID has been updated. Those two options are the main ones you need to know for groupmod.
Now let's look at deleting groups. Use 'groupdel' for that. Just like groupadd, pass the group name as the first argument. Here we delete the gtest group we created earlier:
[root@localhost ~]# groupdel gtest
Let's check /etc/group again:
[root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74:
Compared to before, gtest:x:501: is gone. Deletion confirmed.
Now let's cover how to add and remove users from a group.
For adding or removing users, use 'gpasswd'. Despite having "passwd" (password) in the name — which is indeed one of its original purposes — this command is most commonly used to manage group membership.
To add a user, use the -a option; to remove a user, use the -d option. In both cases, pass the username as the first argument and the target group name as the second. Let's try it out.
First, create the gtest group again with groupadd:
[root@localhost ~]# groupadd gtest
Then create two new users, test and test1:
[root@localhost ~]# adduser test [root@localhost ~]# adduser test1
Now run this command, using the -a (add) option:
[root@localhost ~]# gpasswd -a test gtest adding user test to group gtest
"adding user test to group gtest" — it's telling us the user has been added. test is now a member of the gtest group.
Let's double-check with /etc/group:
[root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: gtest:x:500:test test:x:501: test1:x:502:
Look at the line gtest:x:500:test — test has been added successfully.
Now let's use -d to remove them. The usage is basically the same as -a, so let's run through it quickly:
[root@localhost ~]# gpasswd -d test gtest Removing user test from group gtest [root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: gtest:x:500: test:x:501: test1:x:502:
The line is now gtest:x:500: with test gone. That's how -a and -d work.
Now here's a slightly more advanced option: -M. This clears all the current members of a group and replaces them all at once. Let's try it out.
First, add test back to the gtest group:
[root@localhost ~]# gpasswd -a test gtest adding user test to group gtest
Right now, only test is in the gtest group:
[root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: gtest:x:500:test test:x:501: test1:x:502:
Now let's use -M to overwrite the membership with root and test1.
When using -M, the first argument is the user list and the second is the group name. For multiple users, separate them with a comma — no spaces. So it's gpasswd -M root,test1 gtest, not gpasswd -M root test1 gtest. Also, writing root, test1 with a space after the comma is not valid either — spaces are used to separate arguments, so be careful there.
Let's run it:
[root@localhost ~]# gpasswd -M root,test1 gtest
Checking the result:
[root@localhost ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: mail:x:12:mail,postfix uucp:x:14: man:x:15: games:x:20: gopher:x:30: video:x:39: dip:x:40: ftp:x:50: lock:x:54: audio:x:63: nobody:x:99: users:x:100: floppy:x:19: vcsa:x:69: utmp:x:22: utempter:x:35: cdrom:x:11: tape:x:33: dialout:x:18: saslauth:x:76: postdrop:x:90: postfix:x:89: fuse:x:499: sshd:x:74: gtest:x:500:root,test1 test:x:501: test1:x:502:
The line now shows gtest:x:500:root,test1 — a clean overwrite. When you need to clear out a group's members and replace them all at once — say during a service overhaul — -M is the way to go.
Since /etc/group is a plain text file, you might be tempted to just edit it directly — and yes, that works fine when you want to make sweeping changes all at once.
When editing /etc/group directly, you can use vi or vim, but the recommended approach is to use the vigr command instead.
Using vigr ensures that the changes are applied properly once you're done editing, and it also locks the file while you're working so no other user can modify it at the same time. The author recommends it for those reasons. To use it, just run:
[root@localhost ~]# vigr
That opens vi with /etc/group loaded. Edit it using the existing entries as a reference, save with :w, and the changes will be applied as your group configuration.
Note that the syntax validation may vary depending on the OS, so be careful about formatting errors.
One last thing: group operations generally require root or a user with administrator privileges. That's the case on most UNIX-like operating systems, though the author hasn't verified every single one.
In the next article, we'll get into permissions. See you there!
This article was written by Sakurama.
Author's beloved small mammal |
桜舞 春人 Sakurama HarutoA Tokyo-based programmer who has been creating various content since the ISDN era, with a bit of concern about his hair. A true long sleeper who generally feels unwell without at least 10 hours of sleep. His dream is to live a life where he can sleep as much as he wants. Loves games, sports, and music. Please share some hair with him. |
If you find any errors or copyright issues, please contact us.
