If you have a look at the /etc/groups file, you’ll see a list of all the user groups on your Linux server (or desktop).
But first off..
What are groups?
Let’s imagine that you are the user ‘testuser’. By default, when you add a user on a Linux system, unless you choose otherwise when you create it, the user will be created in a group of his/her own. This group would also be called ‘testuser’. This group contains exactly one user: testuser. Great.
However, groups allow you and other users of the same system to share permissions: access to documents, programs and more. For example, if you testuser was suddenly added to a group called ‘admins’, and that admins group had access to many files in otherwise confidential areas of the Linux system (for example, configuration files in the /etc folder), then ‘testuser’ would now also be able to access these files also.
Here’s an excerpt from a typical directory layout (using the command ls -l):
-rw-r----- 1 syslog adm 5740 Jul 4 23:06 auth.log
The above file belongs to the user ‘syslog’, and also the group called ‘adm’. The permissions of the file allow the user ‘syslog’ to read and write to the file (rw-), the group ‘adm’ can read the file only (r–), and everyone else, can’t do anything to the file (—). If we added our fictitious users ‘testuser’ to the group ‘adm’, then they would be able to read this file.
How do I create a New Group?
To add a new group, all you need to do is use the groupadd command like so:
groupadd <groupname>
Add an Existing User to a Group
Next we’ll add the user ‘testuser’ to the group ‘adm’:
usermod -a -G adm testuser
Change a User’s Primary Group
If you want to switch the primary group that a user is assigned to, use the usermod command with the lower case g switch:
usermod -g <groupname> username
View the Group Assignments of a User
If you want to view which groups a user is a member of, you can use the id command. It shows you the uid (user ID number), the username, the gid (the group ID number), the group name, and the gid and group names of any additional groups the user may be part of. You may also specify someone elses username to view their details.
$ id uid=1000(testuser) gid=1000(testuser) groups=1000(testuser), 4(adm)
How to look at all the groups on a system and edit specific details (advanced).
If you are willing to get your hands dirty (and yes, this means you could severely break things), then you can run the vigr command, which allows you to edit the groups file (you need to be root).
$ vigr
you can manually change the group names, gids and user memberships of any groups within the text editor.
Add a New User and Assign a Group in One Command
Sometimes you might need to add a new user that has access to a particular resource or directory, like adding a new FTP user. You can do so with the useradd command, using the -G flag:
For example, to create a brand new user named ‘testuser2’ to the postfix group, you’d issue the following command:
useradd -G postfix testuser2
Don’t forget to assign a password for that user:
passwd testuser2
Add a User to Multiple Groups
You can add a user to more than one group by specifying them in a comma-delimited list:
usermod -a -G postfix,adm,othergroup testuser2
Finally, Have a look at the adduser and addgroup commands also. Adduser makes it easy to interactively make new users without worrying about remembering the flags.
What if I want to be able to run root commands as a user (sudo)
Easy! Just add that particular username to the sudo group. Then that user can run any root user (sysadmin) command by prefixing it with ‘sudo’. Make sure you only give access to the sudo group to users you really trust!
usermod -aG sudo <username_of_person_you_want_to_give_root_to>