Linux and its distributions provide the groups in order to manage and organize users. The most popular use case for the Linux groups is setting read, write, and execute privileges of the files and directories according to the group. By using Linux groups a file can be shared with the other group users by setting specific access privileges. The Linux groups also used the sudo command to configure sudoers privileges. The groupadd command is used to add a new group in Linux.
List Groups
Before adding a group list existing groups is a good habit. There are different ways to list existing groups. The bash “env groups” command can be used to list existing groups like below.
cat /etc/group
The output is like below. The group names listed with the shell and group ID information.
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,ismail tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:ismail floppy:x:25: tape:x:26: sudo:x:27:ismail ...
Create Group with groupadd Command
In order to add group the groupadd command is used. This command requires root privilege as this a system related change. The sudo command should be added to add a group as a regular user. The groupadd command has the followion syntax.
groupadd OPTION NAME
- OPTION is used to provide some options or group add operation. This is optional.
- NAME is the group name we want to add. This is required.
Now lets a brand new group named “linuxtect”.
sudo groupadd linuxtect
If the addition is completed succesfully there will be no output. The new group named will be added to the end of the /etc/group file where we can check like below.
cat /etc/group
The group list like below. We can see that the linuxtect group is at the bottom. The GID (group ID) of the linuxtect is 1003.
... sambashare:x:133:ismail systemd-coredump:x:999: mlocate:x:134: lightdm:x:135: nopasswdlogin:x:136: xrdp:x:137: ali:x:1001: ahmet:x:1002: wireshark:x:138: mysql:x:139: linuxtect:x:1003:
“Group Allready Exists” Error
While adding a new group we may get the following “group already exists” error. As we can expect provided group name already exists and used.
groupadd: group 'linuxtect' adready exists
We can suppress this message and force the group creation which will overwrite the previous group with the -f option. The -f option is used to force group creation even errors.
groupadd -f linuxtect
Alternatively the –force option can be used too. The –force is the long form of the -f option.
groupadd --force linuxtect
Create Group with Specific GID (Group ID)
GID or Group ID or Group identifier is used to identify the group with a number. Every group has a different GID. By default when a new group is created with the groupadd command a unique GID is generated and assigned into the new group. The system groups generally have GID between 0 – 1000 and user created group IDs start from 1000 and increased. But we can specify a specific group ID for the groupadd command. The -g option is used to specify and set group ID for the new group.
sudo groupadd -g 1111 linuxtect
“GID allready exists” Error
If specified GID already exists and used by another group we will get the “groupadd: GID ‘1111’ already exists” error. We can prevent or solve this error by making the GID non-unique with the -o option like below.
sudo groupadd -o -g 1111 linuxtect
Create System Group
Some Linux groups are called a system group. System group is used to manage system users and privileges which are generally not used by the regular users. System groups used to create backups, system maintenance, accessing devices, etc. System groups use the GID between 0 and 1000 which is defined in login.defs configuration file. We can also create a system group. In order to create a system group with the groupadd command, the -r option is used.
sudo groupadd -r mysys
Alternatively the –system option can be used to create a system group which is the long form of the -r option.
sudo groupadd -r mysys
Create Group with Password
Like a regular user a group can be used with a password. Even it may seem more secure it is not practical and every user should know the password. But if you wan you can create a gorup with a password by using the -p option like below. After the -p option the group password is specified.
sudo groupadd -p s3cr3tpass linuxtect
Add User To The Group
A user can be added to the group with the usermod command. The -a option is used to add the user into the group which is specified with the -G option. In the following example, we will add the user ismail into the group named linuxtect.
sudo usermod -a -G linuxtect ismail