The use of groups in Linux forms the basis of access control on local systems and networks. In brief, everything is considered a file in Linux – from basic text documents to hard drives – and those files all have an owning group. If you aren’t in the group that controls a specific file, you might not have read or write access to that file, so your abilities as a user could be diminished in that respect.
This article will discuss the handful of ways in which you can add users to groups. Whether you’re creating a new user or modifying an existing one, you should find something helpful here.
Which Group Owns a File?
The most straightforward way to find out which groups control which files on your system is to access that information with the
ls utility. Type
ls into your terminal in any directory containing files, and you will see something like the following image.
The screenshot here shows the
ls -l command listing various files’ attributes in longform (the
The first printout shows the sparse contents of the test user’s home directory. In that directory there are two sub-directories (“disks” and “image”) and a binary file (“photorec.ses”). The readout of “drwxr-xr-x” shows first that it is a directory (“d”); then it shows the permissions of the directory’s owner (“rwx”), its group (“r-x”), and all other users (“r-x”).
The owner is allowed read (“r”), write (“w”), and execute (“x”) access on that directory, which makes sense. Users in the “test” group, that’s named after the individual user, get “r-x” permissions. All other users are also allowed read and execute access.
Properties of the other sub-directory and file in test’s home directory vary somewhat from that initial directory. Test, for instance, isn’t allowed to write to the “image” directory because root owns that directory. In the following image look what happens if test tries to create a text file there.
Adding a New User to a Group
Suppose you wanted to give another user access to test’s files through the “test” group. You could do this for a new user by adding a parameter to the
useradd command. Specifically, you can use:
useradd -m -G test -s /bin/bash master
to create a new user named “master” which is joined to the “test” group.
-m option creates the new user’s home directory at “/home/master.”
-G test adds master to the supplemental group “test.”
-s /bin/bash makes master’s default shell the bash shell.
You can find any user’s group associations by using the command:
See the output in the following image.
Add an Existing User to a Group
If you already had the “master” user in place, you could modify that user with
usermod -aG <additional-groups>
-G option here is similar to the
useradd command above. You can specify multiple groups here with a comma-separated list, such as “test,video,optical.”
Make sure to use the
-a option to append these groups to the existing user. If you omit the
-a parameter, you will remove the existing user from any groups not provided in your comma-separated list.
How About Removing a Group?
You can use the command:
gpasswd -d <user> <group>
gpasswd -d master test will remove the “master” user from the “test” group.
You should now have the knowledge to add users to groups and change which groups and users on your system have access to yours and others’ files.
Don’t take these simple commands lightly. They may only begin a long journey into system security, but they make sure users are properly separated and can’t abuse their power either knowingly or unknowingly.
Our latest tutorials delivered straight to your inbox