How To Add Users to a Group in Linux: A Step-by-Step Guide

Learn about creating, managing, and removing users from groups in Linux. This guide covers both GUI and command-line approaches.

Grant Knoetze, Contributor

August 15, 2023

10 Min Read
Linux spelled out on wooden blocks
Alamy

In Linux, user management is critical for maintaining system security and optimal performance.

Linux provides fine-grained control over user management and offers the concept of groups, which are basically collections of user accounts with shared permissions. When you add new users to a Linux group, they automatically gain the group’s permissions.

In this article, we will cover the steps involved in adding a user to a group. This includes exploring the methods available in the Linux graphical user interface (GUI) and the terminal.

Understanding Users and Groups in Linux

In Linux, user accounts are typically linked with one or more groups. Groups gather user accounts together, and these accounts share common permissions determined by the group they belong to. The permissions govern the extent of users’ access to files, folders, and devices.

When a user is added to a group, the user acquires the permissions of that group, allowing the user to access the shared resources within the group and perform group-level actions.

Related:How To Learn Linux: A Comprehensive Guide for Beginners

Why You Might Need To Add Users to a Group

Administrators may decide to use groups for easier user management and fine-grained control over permissions and system resource access. The concept is like role-based access control (RBAC), which you may already be used to.

Groups are designed to enhance security; streamline workflows; facilitate team collaboration; and provide access to relevant information while eliminating the clutter of files and folders that are unnecessary to specific users.

Using groups in Linux takes advantage of the full versatility of Linux.

Listing Users and Groups

It can be helpful to first map the users and groups present on the system.

You can obtain a list of all users on the system by using the cat /etc/passwd command. We use the cat command to display all the users contained in the passwd file, located in the /etc directory. You can see an example of this in Figure 1.

showing that the cat /etc/passwd command list of all users on the system

image001_9

Figure 1. The users listed in the /etc/passwd directory.

To list all the groups on the system, use the cat /etc/group command. This command displays all the groups in the group file, as can be seen in Figure 2.

showing that the cat /etc/group command lists all the groups on the system

image002_6

Figure 2. The output of the cat /etc/group command, displaying all the groups on the system in the group file. 

Adding Users to Groups in the GUI

For this explainer, I will use the GNOME Users and Groups tool, which is part of the GNOME system utilities package. GNOME is a popular desktop environment for Linux. When you install the operating system, you may be given the option to include the GNOME desktop environment. It’s worth noting that there are other popular desktop environments available for Linux, as well.

If you are using GNOME on distributions like Ubuntu or Kali, you can install the Users and Groups tool by running the sudo apt-get install gnome-system-tools command in the terminal. Figure 3 illustrates this process.

shows how to install the Gnome Users and Groups tool using the sudo apt-get install gnome-system-tools command

image003_8

Figure 3. The sudo apt-get install gnome-system-tools command is run in the Ubuntu terminal.

Other popular tools for managing users and groups within different desktop environments include specific options designed for each environment. For example, KDE offers its own tool for managing users and groups in the GUI.

To access the Users and Groups tool, simply search for its name and open it, as can be seen in Figure 4.

shows the search for the Users and Groups tool in GNOME

image004_4

Figure 4. Search for and open the Users and Groups tool in GNOME.

Once you are in the Users and Groups GUI, select “Manage Groups” (see Figure 5).

shows selecting Managed Groups option in the Users and Groups GUI tool

image005_4

Figure 5. Where to select “Manage Groups” inside the Users and Groups GUI.

Before adding a user to a group, you can verify that the group does not already exist using the commands we learned at the beginning of this article. Double-click on the group you would like to modify from the provided list (Figure 6). Now you can simply designate members for the group by clicking on the checkbox next to their respective names (Figure 7). Conversely, to remove a user from the group, simply uncheck the checkbox next to their name.

shows available groups for you to scroll through in the GUI tool

image006_2

Figure 6. The available groups for you to scroll through.

shows checkbox next to a user’s name in GUI tool

image007_1

Figure 7. Check or uncheck the checkbox next to a user’s name to add them to a group or remove them from a group.

Adding Users to Groups in the Terminal

In the Linux terminal, there are various commands available for tasks like adding users to groups and managing users and groups. You can always first verify the existence of the group you want to add the user to, using the commands introduced earlier in this article. If that group does not exist, you can create it using the groupadd command.

Adding users to groups using the usermod command

While the primary purpose of the usermod command is to modify account settings, we can also use it to add a user to a group.

To add a user to a group, the command would look like this:

sudo usermod -aG  

The -a flag (which stands for “add) ensures the addition of the user to the group without removing them from their original primary group. In this context, the -a flag is used in conjunction with the G flag. The usermod command can function with other flags, as well. To access these options, run usermod --help to get help and see the range of flags available.

In Figure 8, you will notice that I have used the above command to add the user “grant” to the “adm” group. Furthermore, in the same figure, I have run the id command followed by the grant username to verify the list of groups the user belongs to.

shows usermod command used in Linux terminal to add a user to a group

image008_2

Figure 8. Using the usermod command to add a user to a group.

Adding users to groups using the useradd command

If you want to create a new user and at the same time add them to a group, use the useradd command. As always, to get help and look for extra flags or switches, invoke the --help command.

In our case, we will use useradd with the -G flag, resulting in the following command:

sudo useradd -G  

Refer to Figure 9 to see where I have used the above command to create a new user and assign them to a group. You can verify the user’s group memberships by using the id command.

shows useradd command used to simultaneously create a new user and add the user to a group

image009_0

Figure 9. The useradd command is used to simultaneously create a new user and add the user to a group.

Adding users to groups using the gpasswd command

The gpasswd command is typically used to manage group passwords. However, the command can also be used to add a user to a group.

Start by checking the existing groups. If the group does not exist, use the groupadd command to create it. As with all Linux commands, after entering the command, you can append --help to access help specific to that command. This help output often includes details about the available flags or switches for the command, along with their explanations and sometimes examples.

For this example, we will be using the -a flag. When using the gpasswd command to add a user to a group, the command will look something like this:

sudo gpasswd  

This process is shown in Figure 10.

shows gpasswd command used in Linux terminal to add a user to the root group

image010_0

Figure 10. The gpasswd command is used to add a user to the root group.

You can always verify the changes you are making by using the id command, which provides user information. For example, executing id Katye will display information for the Katye user in the terminal, including the groups the user belongs to.

How to remove a user from a group

Users can be removed from groups by using the commands we have just learned. Alternatively, you can easily achieve this through the Users and Groups tool in GUI by unchecking the user’s association with the group.

The gpasswd command can be used for removing a user from a group in Linux. Here is the command structure for removing a user from a group using gpasswd:

sudo gpasswd -d  

We use the -d flag for deletion. As always, you can invoke the --help command to access guidance and use the id command to verify changes afterward.

See Figure 11 for an illustration of how the gpasswd command removes a user from a group.

shows gpasswd command used in Linux terminal to add and remove a user from a group

image011_0

Figure 11. The gpasswd command is used to add and remove a user from a group.

Final Thoughts

Having fine-grained control over access to files, folders, applications, and commands holds substantial advantages for system administrators. For example, this level of control over privileges, permissions, and access to resources enables an enhanced security posture.

In addition, using groups can contribute to the management of user accounts. It simplifies the overall administration of accounts and improves efficiency. Furthermore, groups can assist in user classification based on factors like department affiliation, skillsets, and positions within the organization.

Frequently Asked Questions

Q: What are groups in Linux?

A: Groups are essentially collections of user accounts that share the same privileges, permissions, and access to resources. Using groups is an effective way of organizing and managing users on Linux systems. For system administrations, using groups is a powerful tool to ensure smooth system operations and enhanced security.

Q: How do I create a group in Linux?

A: First, you can check if a group exists by using the cat command to display groups listed in the /etc/group file (i.e.: cat /etc/group)  on the terminal. If the group does not exist, you can create it using the groupadd command.

Alternatively, you can create a new group in the GUI if you are using a desktop environment (such as GNOME) and the environment’s available tools. The process is detailed in this section of the article.

Q: How do I add a user to a group in Linux?

A: This article goes over the GUI procedures and the terminal commands for adding a user to a group. The various commands include gpasswd, useradd, and usermod.

Q: How do I remove a user from a group in Linux?

A: You have two options for removing a user from a group: using the available GUI tools or using terminal commands. For example, the gpasswd command can be used to remove a user from a group.

Here are several links to additional resources to help you on your way.

General documentation

Linux documentation

ITPro Today Linux resources

About the Author

Grant Knoetze

Contributor

Grant Knoetze is a cybersecurity analyst with a special interest in DFIR, programming languages, incident response, red-teaming, and malware analysis. His full-time job includes teaching and instructing in various topics from basic Linux all the way through to malware incident response, and other advanced topics. He is also a speaker at various conferences worldwide.

www.grantknoetze.com

https://github.com/Grant-Knoetze

https://www.linkedin.com/in/grant-knoetze-563b0b1b6/

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like