How to Add Users to Groups from the Linux Command Line

The use of groups in Linux forms the basis of access control on local systems and networks. In brief, everything is considered a file in Linux – from basic text documents to hard drives – and those files all have an owning group. If you aren’t in the group that controls a specific file, you might not have read or write access to that file, so your abilities as a user could be diminished in that respect.

This article will discuss the handful of ways in which you can add users to groups. Whether you’re creating a new user or modifying an existing one, you should find something helpful here.

The most straightforward way to find out which groups control which files on your system is to access that information with the ls utility. Type ls into your terminal in any directory containing files, and you will see something like the following image.

Ls longform

The screenshot here shows the ls -l command listing various files’ attributes in longform (the -l option).

The first printout shows the sparse contents of the test user’s home directory. In that directory there are two sub-directories (“disks” and “image”) and a binary file (“photorec.ses”). The readout of “drwxr-xr-x” shows first that it is a directory (“d”); then it shows the permissions of the directory’s owner (“rwx”), its group (“r-x”), and all other users (“r-x”).

The owner is allowed read (“r”), write (“w”), and execute (“x”) access on that directory, which makes sense. Users in the “test” group, that’s named after the individual user, get “r-x” permissions. All other users are also allowed read and execute access.

Properties of the other sub-directory and file in test’s home directory vary somewhat from that initial directory. Test, for instance, isn’t allowed to write to the “image” directory because root owns that directory. In the following image look what happens if test tries to create a text file there.

Denied access

Suppose you wanted to give another user access to test’s files through the “test” group. You could do this for a new user by adding a parameter to the useradd command. Specifically, you can use:

to create a new user named “master” which is joined to the “test” group.

The -m option creates the new user’s home directory at “/home/master.” -G test adds master to the supplemental group “test.” -s /bin/bash makes master’s default shell the bash shell.

You can find any user’s group associations by using the command:

See the output in the following image.

Groups list

If you already had the “master” user in place, you could modify that user with

The -G option here is similar to the useradd command above. You can specify multiple groups here with a comma-separated list, such as “test,video,optical.”

Make sure to use the -a option to append these groups to the existing user. If you omit the -a parameter, you will remove the existing user from any groups not provided in your comma-separated list.

You can use the command:

For example, gpasswd -d master test will remove the “master” user from the “test” group.

Useradd remove user

You should now have the knowledge to add users to groups and change which groups and users on your system have access to yours and others’ files.

Don’t take these simple commands lightly. They may only begin a long journey into system security, but they make sure users are properly separated and can’t abuse their power either knowingly or unknowingly.

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.