As Linux administrator, we often need to deal with permission issues. I’ve written about how to manage file permissions. In this tutorial, I’m going to show you how to add or remove a user to or from a group in Linux.
As a multi-user operating system, Linux uses groups to manage system resources. By adding a user to a group, you give the user permission to access something, such as adding to sudo
group allows to execute command as super user. You, too, can remove user from a group to disable the correlative accessibility.
In Ubuntu and Debian Linux, there are a few command line tools to manage user groups, e.g., gpasswd
, adduser
, addgroup
, usermod
, and groupmod
. Use either one as you prefer, since all commands in this tutorial do the same thing.
NOTE: In the following command, I'll use 'merilyn' as the user, and 'gerbera' media server as the group. Replace them to yours!
How to Add a User to a Group:
1. gpasswd
The gpasswd command is used to administer /etc/group, and /etc/gshadow. You can the command below to add user (“merilyn” for example) to a group (“gerbera”).
sudo gpasswd --add merilyn gerbera
sudo is required since you need root, the super user privilege to do the change. And you can remove user from a group via the --delete
flag. For instance, remove ‘merilyn’ from ‘gerbera’.
sudo gpasswd --delete merilyn gerbera
2. adduser, addgroup
As the name indicates, the commands are used to add users and groups to the Linux system. You can use the commands to add user (merilyn) to group (gerbera):
sudo adduser merilyn gerbera
Or:
sudo addgroup merilyn gerbera
Both commands do the same! And indeed they call gpasswd
command to do the job, because they are created as a convenient front-end to these low level tools.
3. usermod
The usermod command modifies the system account files to reflect the changes that are specified on the command line.
I don’t like this command, because it uses NOT easy to remember flags, reversed group-name and user-name order, and NO visual feedback!
sudo usermod -a -G gerbera merilyn
As you see, group name ‘gerbera’ go first of the user name ‘merilyn’ in this command. No output, you may run one more command, e.g., cat /etc/group |grep 'merilyn'
, to verify it.
However, usermod
can add a user to multiple groups via single command:
sudo usermod -a -G GROUP1,GROUP2,GROUP3 USER
Remove a user from a group in Linux:
There are corresponding commands to remove user from group, so to disable something, e.g, sudo permission, accessibility to printer, removable devices, etc. You can see here for what privileges the common groups grant to their members.
Besides sudo gpasswd --delete USER GROUP
mentioned in the previous step, you may also run one of the following commands to do the trick:
sudo deluser merilyn gerbera
or
sudo delgroup merilyn gerbera
Choose one as you prefer and Enjoy!