10 practical examples to add or remove user from group in Linux
In this article I will cover the below topics and share multiple practical examples cover these scenarios
- Different types of group in Linux
- Add user to group (single)
- Add user to multiple groups
- Change primary group of the user
- Remove user from group
So when you say Linux add user to group, which group do you mean? There are two types of group in Linux
- Primary Group
- Supplementary or Secondary Group
Difference between Primary vs Supplementary Group
Primary group:
For example here deepak is part of primary group with GID 1000 i.e. deepak (so primary group name is same as loginname)
- When we create user using useradd , depending upon USERGROUPS_ENAB variable in /etc/login.defs a primary group is created/assigned to user. If this variable is set to yes, a group will be created for the user, with the same name as her loginname . If the variable is set to no, useradd will set the primary group of the new user to the value specified by the GROUP variable in /etc/default/useradd , or 100 by default
- On Linux, every file and directory has a user owner and a group owner. Group ownership is set when files are created, and unless configured otherwise, it is set to the primary group of the user who creates the file.
- A user at a time can be part of only one primary group.
Supplementary (or Secondary) Group:
- A user can be part of multiple supplementary group
- A group that a user is a member of but which membership is not defined in the /etc/passwd file.
- When creating new files, the supplementary group will not automatically become the owner of those files.
1. Create a new user and add to existing primary group
- By default when we create a new user, a new primary group is created by the same name as of the user.
- But we can also use useradd to create a user and add this user to any existing group
- So this group will not become the primary group of your new user
In this example I will create a new group » admin «
Verify the group exists
Next I will create a new user » user1 » and add this user to » admin » group using useradd -g
Verify the primary group of user1
2. Create a new user and add to existing supplementary group
We want to create a new user and add him/her to supplementary group (please NOTE, we will add the user to supplementary group and not the primary group here)
I have below list of groups on my Linux server
I will create a new user » user2 » and add this user to all these supplementary groups using useradd -G , , ..
Verify the supplementary groups.
Please NOTE that since we did not specified primary group using -g , a new group user2 is created and assigned as primary group to the user
3. Create a new user and add to existing primary and supplementary group
Now we will combine both the above arguments i.e. -g to add primary_group and -G to add supplementary_group
In this example i will create user3 with primary_group as admin and with supplementary_group of devops and qa_team
Verify the new user group details
4. Change primary group of existing user
I have a user who is currently added to his own primary group
I will change the primary group of this user to admin using usermod
Verify the new primary group for user4
5. Add user to Group (Supplementary or Secondary) using usermod
- To add user to group we can use use usermod or gpasswd command
- We can add user to supplementary groups only
- In this example I will add user4 to devops supplementary group
Syntax to add user to group: usermod -G
Verify the user details
6. Add user to multiple groups (Supplementary or Secondary) using usermod
We can also add user to multiple supplementary groups using syntax usermod -G , , ..
In this example I will add user4 to multiple supplementary groups ( devops and qa_team )
Verify the user details
7. Add user to Group (Supplementary or Secondary) using gpasswd
- Similar to usermod we can also user gpasswd to add user to group
- The syntax to add user to group is gpasswd -M
In this example I will add user4 to devops as supplementary group
Verify the user details
Alternatively you can also user gpasswd -a
In this example I will add user4 to qa_team as supplementary group
Verify the user details
8. Add multiple users to same group
We need to user gpasswd to add multiple users to same group
Currently I already have admin group which does not contain any users at the moment
The syntax to add multiple users to single group would be gpasswd -M , , ..
In this example I will add my existing users i.e. user1 , user2 and user3 to admin as supplementary group
Verify the admin group details
9. Remove user from Group (Supplementary or Secondary)
Currently my user4 is part of three different supplementary groups
gpasswd is the best tool to remove user4 from qa_team group
We can also use usermod command to remove user from group. The problem with usermod is that you must define the complete list of supplementary group which the user is part of and only remove the group which you wat to remove the user from.
For example, my user4 is part of devops , admin and qa_team . So to remove user4 from qa_team we will re-add user to group devops and admin (not to qa_team )
Verify the user details
I would recommend using gpasswd to remove user from group
10. Remove multiple users from supplementary group
There is no single command to remove multiple users from single group but we can use a small script
Currently I have admin which has three users
I will write a small script to remove all the 3 users from admin group
remove multiple users from same group
11. Remove user from all Groups (Supplementary or Secondary)
- We can use gpasswd to remove user from group
- But if a user is part of multiple groups then you need to execute gpasswd multiple times
- Or write a script to remove user from all the supplementary groups
- Alternatively we can use usermod -G «»
Currently my user4 is part of multiple supplementary groups
To remove user from all supplementary groups, use:
Verify the user details
Lastly I hope the steps from the article to add user to group, remove user from group and difference between primary group and supplementary group on Linux was helpful. So, let me know your suggestions and feedback using the comment section.
[How To] Remove User from group in Linux
User groups are used to configure file system access of the operating system. Since in Linux all objects of the OS are files, then with the help of groups you can configure or restrict access to any features of the system.
In a previous article, we talked about how to see a list of Linux groups that the user is member of. Here we will discuss how to remove a user from the group, so it can no longer have access to the files with that group permissions.
We will use gpasswd command. It has the following syntax:
The -d option means remove.
For example lets remove testuser from the adm group:
With the usermod command you can remove the current user from all additional groups:
Just be careful with this command by applying it to the current user, otherwise you will remove yourself from the sudo group and will no longer be able to perform administrative actions. In Ubuntu, where there is no direct access to the root user, this can create serious problems for newbies.
In some distributions, you can also use the deluser command. In the same way, first specify the user name, and then the group name from which we are going to remove it:
If you accidentally delete a user from the group in which he should be, you can return everything back. See the article “How to add a user to a Linux group“.
How do I remove a user from a group?
Which command should I use to remove a user from a group in Debian?
When adding a user to a group, it can be done with:
However, I could not find a similar command (accepting a group and user as arguments) for removing the user from the group. The closest I could get is:
Is there a command like usermod OPTION group user with OPTION an option to make usermod (or a similar program) remove the user from group?
11 Answers 11
You can use gpasswd :
then the new group config will be assigned at the next login, at least on Debian. If the user is logged in, the effects of the command aren’t seen immediately.
On Debian, the adduser package contains a deluser program which removes a user from a group if you pass both as arguments:
If your distribution doesn’t have adduser , you can edit /etc/group and /etc/gshadow manually.
removes all secondary/supplementary groups from username, leaving them as a member of only their primary group. this worked in Solaris 5.9
This is the “old school” approach.
Most *nix systems maintain group information into a plain text file /etc/group , where
each line contains the fields
delimited by the : character.
Now suppose you want to remove a user named thisuser from a group named thatgroup . Start by backing up /etc/group , then use the editor of your preference with su privileges to edit the file /etc/group and remove the thisuser reference from the thatgroup line entry, e.g.,
original line is something like this:
thatgroup:x:1274:someuser,thisuser,anotheruser
after editing should be left like this:
thatgroup:x:1274:someuser,anotheruser