How to create, modify, and delete local group accounts in Linux
A group must exist before a user can be added to that group. Several command-line tools are used to manage local group accounts. In this post, we will see how to create, modify, and delete local group accounts in Linux.
Creating Groups from the Command Line
1. The groupadd command creates groups. Without options the groupadd command uses the next available GID from the range specified in the /etc/login.defs file while creating the groups.
2. The -g option specifies a particular GID for the group to use.
[user01@host ~]$ sudo groupadd -g 10000 group01
[user01@host ~]$ tail /etc/group
...output omitted...
group01:x:10000:
3. The -r option creates a system group using a GID from the range of valid system GIDs listed in the /etc/login.defs file. The SYS_GID_MIN and SYS_GID_MAX configuration items in /etc/login.defs define the range of system GIDs.
[user01@host ~]$ sudo groupadd -r group02
[user01@host ~]$ tail /etc/group
...output omitted...
group01:x:10000:
group02:x:988:
Modifying Existing Groups from the Command Line
1. The groupmod command changes the properties of an existing group. The -n option specifies a new name for the group.
[user01@host ~]$ sudo groupmod -n group0022 group02
[user01@host ~]$ tail /etc/group
...output omitted...
group0022:x:988:
Notice that the group name is updated to group0022 from group02.
2. The -g option specifies a new GID.
[user01@host ~]$ sudo groupmod -g 20000 group0022
[user01@host ~]$ tail /etc/group
...output omitted...
group0022:x:20000:
Notice that the GID is updated to 20000 from 988.
Deleting Groups from the Command Line
The groupdel command removes groups.
[user01@host ~]$ sudo groupdel group0022
Changing Group Membership from the Command Line
1. The membership of a group is controlled with user management. Use the usermod -g command to change a user’s primary group.
[user01@host ~]$ id user02
uid=1006(user02) gid=1008(user02) groups=1008(user02)
[user01@host ~]$ sudo usermod -g group01 user02
[user01@host ~]$ id user02
uid=1006(user02) gid=10000(group01) groups=10000(group01)
2. Use the usermod -aG command to add a user to a supplementary group.
[user01@host ~]$ id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03)
[user01@host ~]$ sudo usermod -aG group01 user03
[user01@host ~]$ id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03),10000(group01)