How to create, modify, and delete local group accounts in Linux

A group must exist before a user can be added to that group. Several command-line tools are used to manage local group accounts. In this post, we will see how to create, modify, and delete local group accounts in Linux.

Creating Groups from the Command Line

1. The groupadd command creates groups. Without options the groupadd command uses the next available GID from the range specified in the /etc/login.defs file while creating the groups.

2. The -g option specifies a particular GID for the group to use.

[[email protected] ~]$ sudo groupadd -g 10000 group01
[[email protected] ~]$ tail /etc/group
...output omitted...
group01:x:10000:

Note: Given the automatic creation of user private groups (GID 1000+), it is generally recommended to set aside a range of GIDs to be used for supplementary groups. A higher range will avoid a collision with a system group (GID 0-999).

3. The -r option creates a system group using a GID from the range of valid system GIDs listed in the /etc/login.defs file. The SYS_GID_MIN and SYS_GID_MAX configuration items in /etc/login.defs define the range of system GIDs.


[[email protected] ~]$ sudo groupadd -r group02
[[email protected] ~]$ tail /etc/group
...output omitted...
group01:x:10000:
group02:x:988:

Modifying Existing Groups from the Command Line

1. The groupmod command changes the properties of an existing group. The -n option specifies a new name for the group.

[[email protected] ~]$ sudo groupmod -n group0022 group02
[[email protected] ~]$ tail /etc/group
...output omitted...
group0022:x:988:

Notice that the group name is updated to group0022 from group02.

2. The -g option specifies a new GID.

[[email protected] ~]$ sudo groupmod -g 20000 group0022
[[email protected] ~]$ tail /etc/group
...output omitted...
group0022:x:20000:

Notice that the GID is updated to 20000 from 988.

Deleting Groups from the Command Line

The groupdel command removes groups.

[[email protected] ~]$ sudo groupdel group0022

Note: You cannot remove a group if it is the primary group of any existing user. As with userdel, check all file systems to ensure that no files remain on the system that are owned by the group.

Changing Group Membership from the Command Line

1. The membership of a group is controlled with user management. Use the usermod -g command to change a user’s primary group.

[[email protected] ~]$ id user02
uid=1006(user02) gid=1008(user02) groups=1008(user02)
[[email protected] ~]$ sudo usermod -g group01 user02
[[email protected] ~]$ id user02
uid=1006(user02) gid=10000(group01) groups=10000(group01)

2. Use the usermod -aG command to add a user to a supplementary group.

[[email protected] ~]$ id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03)
[[email protected] ~]$ sudo usermod -aG group01 user03
[[email protected] ~]$ id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03),10000(group01)

Note: The use of the -a option makes usermod function in append mode. Without -a, the user will be removed from any of their current supplementary groups that are not included in the -G option’s list.

Beginners Guide to User and Group Administration on a Linux System
How to Switch User Account and Configure sudo in Linux
How to create, modify, and delete local user accounts in Linux
How to create, modify, and delete local group accounts in Linux
How to set a password management policy for users, and manually lock and unlock user accounts in CentOS/RHEL

How to create, modify, and delete local group accounts in Linux

Creating Groups from the Command Line

Modifying Existing Groups from the Command Line

Deleting Groups from the Command Line

Changing Group Membership from the Command Line

Latest Posts