LabEx
Log InJoin Free

Manage Linux Groups with groupadd, usermod, and groupdel

CompTIABeginner
Practice Now

Introduction

In this lab, you will learn the essential skills for managing user groups in a Linux environment. You will gain hands-on experience with the core command-line utilities for group administration, including groupadd to create new groups, usermod to modify user memberships, and groupdel to remove groups from the system.

You will follow a practical workflow, starting with the creation of a new group. You will then add an existing user to this group, and use inspection commands like grep and groups to verify the changes. To complete the lab, you will practice removing the group and confirming its deletion, covering the full lifecycle of group management.

Create a New Linux Group with groupadd

In this step, you will learn how to create a new user group on your Linux system. In Linux, groups are a crucial mechanism for managing permissions for multiple users simultaneously. Instead of assigning permissions to each user individually, you can assign them to a group, and any user who is a member of that group will inherit those permissions. This simplifies system administration, especially in environments with many users.

For this exercise, let's assume you are a system administrator for a company and need to create a new group for an incoming research and development team. We will use the groupadd command to accomplish this. This command requires administrative privileges, which you can obtain using sudo.

First, open your terminal. It should open in the default directory, ~/project. Now, let's create a new group named research.

Execute the following command:

sudo groupadd research

The sudo command elevates your privileges to perform this administrative task. groupadd is the command to create the group, and research is the name we've chosen for our new group.

If the command is successful, it will not produce any output. To confirm that the group has been created, you can check the /etc/group file. This file stores information about all the groups on the system. We can use the grep command to search for our newly created group within this file.

grep research /etc/group

You should see a new line in the output that corresponds to the research group. The format is group_name:password_placeholder:group_id:members. Your Group ID (GID) might be different from the example below, which is normal as the system assigns it automatically.

research:x:5003:

This output confirms that the research group now exists on your system, ready for users to be added to it.

Add a User to a Secondary Group with usermod

In this step, you will add an existing user to the research group you created. In Linux, each user has a primary group and can belong to multiple secondary groups (also called supplementary groups). This allows for flexible permission management. Now that the research group is ready, we'll add the current user, labex, to it as a secondary group. This will grant the labex user any permissions assigned to the research group without changing their primary group.

To modify a user's group memberships, we use the usermod command. This is a powerful utility for changing user account details.

We will use the usermod command with the -aG options:

  • -G: Specifies the new list of secondary groups.
  • -a: Stands for "append". This is a very important option. It adds the user to the specified group(s) without removing them from their current groups. If you omit -a, the user will be removed from all other secondary groups not listed in the command.

In your terminal, execute the following command to add the labex user to the research group:

sudo usermod -aG research labex

This command requires sudo because it modifies system-level user information. research is the group we are adding the user to, and labex is the user being modified. Like groupadd, this command will not produce any output if it executes successfully.

You can immediately verify the change by inspecting the /etc/group file again.

grep research /etc/group

You should now see the labex user listed at the end of the line for the research group.

research:x:5003:labex

This confirms that labex is now a member of the research group.

Inspect Group and User Memberships with grep and groups

In this step, you'll learn more efficient ways to inspect a user's group memberships. While we have already used grep on the /etc/group file to see the members of a specific group, there are more direct methods to view all the groups a particular user belongs to. This is a common task for system administrators to verify permissions and configurations.

First, let's use grep again, but this time to find every secondary group the user labex is a member of. By searching for the username in the /etc/group file, you can see all the group entries where labex is listed as a member.

Execute this command in your terminal:

grep labex /etc/group

The output will show every line in /etc/group that contains the string "labex". This will include the research group we added the user to, as well as any other default secondary groups. Your output may include additional groups depending on your system configuration.

sudo:x:27:labex
ssl-cert:x:121:labex
labex:x:5000:
public:x:5002:labex
research:x:5003:labex

While this works, a more direct and user-friendly command for this task is groups. This command is specifically designed to list all the groups (both primary and secondary) for a given user.

To see all the groups the labex user belongs to, run the following command:

groups labex

This command provides a clean, one-line summary of the user's group affiliations.

labex : labex sudo ssl-cert public research

In this output, the name before the colon (labex) is the user being queried. The list after the colon shows all the groups. The first group in the list (labex) is the user's primary group. All subsequent groups (sudo, ssl-cert, public, research) are the secondary groups. This command is often the quickest way to get a complete picture of a user's group memberships.

Delete a Group with groupdel and Verify its Removal

In this final step, you will learn how to remove a group from the system. This is a common administrative task when a team is disbanded or a project is completed, and its associated group is no longer needed. To delete a group, we use the groupdel command.

Just like creating a group, deleting one is an administrative action that requires sudo privileges. It's important to note that you cannot delete the primary group of an existing user. You must first change the user's primary group before deleting the old one. However, since research was only a secondary group for labex, we can delete it without any issues.

In your terminal, execute the following command to delete the research group:

sudo groupdel research

The groupdel command, when successful, will not produce any output. It simply removes the group's entry from the system's group database, primarily the /etc/group file.

To confirm that the group has been successfully removed, we can use the same grep command we used to check for its existence earlier.

grep research /etc/group

This time, the command should produce no output. It will immediately return you to the command prompt. This absence of output is the confirmation that the line containing research has been removed from the /etc/group file, and therefore, the group no longer exists on the system.

Summary

In this lab, you learned the fundamentals of managing user groups in a Linux environment. You started by creating a new group named research using the sudo groupadd command, a crucial tool for organizing users and simplifying permission management. To confirm the successful creation of the group, you inspected the /etc/group file with the grep command, verifying that the new group entry was added correctly.

The lab also covered the complete lifecycle of group management. You learned how to add an existing user to a secondary group with the usermod command and how to inspect group memberships using tools like grep and groups. Finally, you practiced removing a group from the system using the groupdel command and verifying its deletion, completing your understanding of essential group administration tasks.

Related CompTIA Courses
CompTIA Linux+ Certification Training Labs

CompTIA Linux+ Certification Training Labs

comptialinux
CompTIA A+ Certification Training Labs

CompTIA A+ Certification Training Labs

comptia
CompTIA Network+ Certification Training Labs

CompTIA Network+ Certification Training Labs

comptia