Linux user multiple groups

Four methods to add an User to specific group in Linux

Linux groups are organization units used to manage user accounts in Linux.

It has unique numerical identification number for each users and groups in the Linux system.

It’s called a userid (UID) and a groupid (GID). The main purpose of groups is to define a set of privileges to the members of the group.They all can perform the particular operations but not others.

There are two types of default groups available in Linux. Each user should have exactly one primary group and any number of secondary groups.

• Primary Group: Primary group has been added to the user during the user account creation. It’s typically the name of the user. The primary group is applied to the user when performing any actions such as creating new files (or directories), modifying files, or executing commands, etc,. The user primary group information is stored in the /etc/passwd file.
• Secondary Group: Is known as Supplementary Groups. It allows the group of users to perform the particular action in the same group members files.For example, if you would like to allow few users to run Apache (httpd) service command then it will suit perfectly.

You may interested in the following articles which is related to user management.

It can be done using the following four methods.

• usermod: The usermod command modifies the system account files to reflect the changes that are specified on the command line.
• gpasswd: The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.
• Shell Script: Shell scripts allows administrator to automate the required tasks.
• Manual Method: We can manually add the users into any group by editing the /etc/group file.

I assume that you already have the necessary group and users for this activity. In this example, we are going to use following users user1 , user2 , user3 and groups mygroup and mygroup1 .

Before making the changes, I would like to check the users and group information.I could see the below users were associate with their own group and not with others.

I could see there is no users are associated in this group.

Method-1: Using usermod command

The usermod command modifies the system account files to reflect the changes that are specified on the command line.

How to add an existing user to Secondary or Supplementary group using usermod command?

To add an existing user to a secondary group, use the usermod command with -G option and the name of the group.
Syntax

You will be getting an error message if the given user or group doesn’t exist in your system. If you doesn’t get any error then the user has been added to the corresponding group.

Let us see the output using id command. Yes, it’s added successfully.

How to add an existing user to multiple secondary or supplementary groups using usermod command?

To add an existing user to multiple secondary groups, use the usermod command with -G option and the name of the groups with comma.

In this example, we are going to add the user2 into mygroup and mygroup1 .

Let me see the output using id command. Yes, user2 is successfully added into mygroup and mygroup1 .

How to change a User’s Primary group?

To change a user’s primary group, use the usermod command with -g option and the name of the group.

We have to use -g to change user’s primary group.

Let’s see the output. Yes, it has been successfully changed. Now, it’s showing mygroup as user3 primary group instead of user3 .

Method-2: Using gpasswd Command?

The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.

How to add an existing user to Secondary or Supplementary group using gpasswd command?

To add an existing user to a secondary group, use the gpasswd command with -M option and the name of the group.

In this example, we are going to add the user1 into mygroup .

Let us see the output using id command. Yes, user1 is successfully added into mygroup .

How to add Multiple User’s to Secondary or Supplementary group using gpasswd command?

To add the multiple users to a secondary group, use the gpasswd command with -M option and the name of the group.

In this example, we are going to add the user2 and user3 into mygroup1 .

Let us see the output using getent command. Yes, user2 and user3 are successfully added into mygroup1 .

How to Remove an user from a group using gpasswd Command?

To remove the user from the group, use the gpasswd command with -d option and the name of the user and group.

In this example, we are going to remove the user1 from mygroup .

Method-3: Using Shell Script

Based on the above examples what we came to know is the usermod command is not capable to add multiple users into the group but it can be done through the gpasswd command.

However, it will overwrite the existing users which are currently associated on the group.

For example, user1 has already associated with mygroup . If you would like to add user2 and user3 into the mygroup with gpasswd command, it doesn’t work as expected and it over right the group instead of modifying it.

What would be the solution if you would like to add multiple users to multiple groups?

There is no default option available in both of the commands to achieve this.

Hence, we need to write a small shell script to achieve this.

Method-3a: How to add Multiple Users to Secondary or Supplementary group using gpasswd command?

Create the following small shell script if you would like to add the multiple users to secondary or supplementary group using gpasswd command.

Create The Users list. Each user should be in separate line.

Use the following shell script to add multiple users to single secondary group.

Set an executable permission to group-update.sh file.

Finally run the script to achieve this.

Let us see the output using getent command. Yes, user1 , user2 and user3 are successfully added into mygroup .

Method-3b: How to add Multiple users to Multiple Secondary or Supplementary group using gpasswd command?

Create the following small shell script if you would like to add the multiple users into multiple secondary or supplementary group using gpasswd command.

Create the Users list. Each user should be in separate line.

Create the Groups list. Each group should be in separate line.

Use the following shell script to add multiple users to multiple secondary groups.

Set an executable permission to group-update-1.sh file.

Finally run the script to achieve this.

Let me see the output using getent command. Yes, user1 , user2 and user3 are successfully added into mygroup .

Also, user1 , user2 and user3 are successfully added into mygroup1 .

Method-4: Manual method to add a user to a group in Linux?

We can manually add the users into any group by editing the /etc/group file.

Open the /etc/group file and search the group name where you want to update the users. Finally update the Users into the corresponding group.

Источник

Adding a user to multiple groups in Linux

In Linux, users are put into groups to control access to various files and devices. In many cases, the user will have to be in multiple groups. Did you know that you can add the user to multiple groups at once?

How to add a single user to multiple groups: To add a user to more than one group at a time you can use usermod: “usermod -a -G groupname, anothergroup username”. The -a switch, in usermod syntax, is important. As it tells usermod not to overwrite current groups.

Here is an example if we were to add the user max to the sudo group and the lpadmin group:

Note that the user will have to log out and back in again if he or she is currently logged in.

Another less common method is to use the gpasswd command to add a user to a group. But the gpasswd command will only allow you to add to one group at a time.

Add a user to multiple groups when creating the user

You can also add a user to the groups he should belong to while creating the user. Just add the -G argument to the useradd command. In the following example, we will add the user max and add him to the sudo and lpadmin groups.

This will also add the user to his primary group. The primary group is usually named after the user. So in the example above, the user max will belong to two groups: max and sudo. If you want to override this behaviour, you can specify the primary group with the lower case -g argument.

I have added some more commands below that can be useful when working with groups. Keep reading if you want to know more.

Not all groups are the same

When working with groups in Linux, it is important to note that the user will have two kinds of group assignments.

The primary group

The first type of group assignment is the primary group. This is the user’s main group. Every user must belong to one, and only one, primary group. This group is used as the default group of files that the user creates and is basically only meant for this user and users he wants to grant access to his files.

The primary group usually has the same name as the user. Like the user max, most likely has the primary group max. This is the most common configuration in Linux. Some systems, however, will have all regular users belong to some generic primary group like users and then have administrators belong to a generic admin group.

Secondary groups

The second type of group is a secondary group. Every user can be assigned to multiple secondary groups. The secondary group can be another user’s group or a special group that gives users some particular permissions. One example of a secondary group is the sudo group in Ubuntu and many other distros. Users that are assigned to the sudo group are allowed to use the sudo command to execute commands as the root user.

In the command examples above, the upper case -G always refers to the secondary groups and a lower case -g refers to the primary group. If only the upper case -G is specified, the command will not have any effect on the primary group and vice versa.

List groups a user belongs to

Before you add a user to some groups it could be helpful to know what groups he is already a member of. The quickest method to list all groups a particular user is a member of is to use the groups command. Here we will list all groups the user max belongs to:

If I just want to quickly get a list of groups I myself belong to. I can enter the group command without any arguments. It will then assume that I want the groups of the currently logged in user.

You could also get this from the /etc/group file. This file contains all the groups that exist in your system. As well as their members. The get all the groups the user max belongs to, use grep to extract all mentions of max in the group file.

List users in a group

What if you want it the other way around? To print all the users that are in some group.

One way would be to use grep as we did above. But instead of searching for the user, we now search for the group name. Like in this example, where we try to find which users belong to the sudo group.

Some Linux distributions also include the groupmems utility. Groupmems is a tool to administrate groups on a system. Since it is not always included, I only mention it here as a second option:

Remove a user from a group

Surprisingly, usermod does not have any option to remove a user from a group. It does have the option of overwriting the current group memberships a user has. This is not very convenient, since you would have to list all the groups a user has and then enter them again on the command line. In which case you just need to skip the -a argument in the usermod command.

It is a lot easier to use the gpasswd command. You simply use the “–del username” argument. Here we will remove the user max from the sudo group:

List all existing groups

If I wanted to see all the groups that exist on a system, I would simply look at the /etc/group file. Using the cat command, that is quite easy to do:

It is also possible to use the getent command:

This will show you some extra information like the group id (GID) and a list of members of the group. If you just want the group names, the cut command can remove all the extra information:

That’s it for now

Hopefully, you know have a solid understanding of how to add users to groups now.

Источник

How to Manage Users with Groups in Linux

When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs).

We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups.

For the purpose of this piece, I’m going to assume the following:

You need to create two users with usernames:

You need to create two groups:

Olivia needs to be a member of the group editors , while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA , whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs.

I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo . If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations.

Creating the users

The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords.

The first thing we do is create the users. To do this, issue the commands:

We have now created our users. If you look in the /home directory, you’ll find their respective homes (because we used the -m option, which creates a home directory).

Next each user must have a password. To add passwords into the mix, you’d issue the following commands:

When you run each command, you will be prompted to enter (and verify) a new password for each user.

That’s it, your users are created.

Creating groups and adding users

Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are:

That’s it. If you issue the command less /etc/group , you’ll see our newly created groups listed ( Figure 1 ).

Figure 1: Our new groups ready to be used.

With our groups created, we need to add our users. We’ll add user nathan to group readers with the command:

We’ll add the user olivia to the group editors with the command:

Now we’re ready to start managing the users with groups.

Giving groups permissions to directories

Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command:

Next, remove write permission from the group with the command:

Now we remove the others x bit from the /READERS directory (to prevent any user not in the readers group from accessing any file within) with the command:

At this point, only the owner of the directory (root) and the members of the readers group can access any file within /READERS .

Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary:

At this point, any member of the editors group can access and modify files within. All others (minus root) have no access to the files and folders within /EDITORS .

The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy.

Using access control lists

Now, let’s get tricky. Say you have a single folder— /DATA— and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders.

The structure of this command looks like this:

Where OPTION is the available options, X is either u (for user) or g (for group), NAME is the name of the user or group, and DIRECTORY is the directory to be used. We’ll be using the option -m for modify. So our command to add the group reader for read access to the /DATA directory would look like this:

Now any member of the readers group can read the files contained within /DATA , but they cannot modify them.

To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command;

The above command would give any member of the editors group both read and write permission, while retaining the read-only permissions to the readers group.

All the control you need

And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands:

Источник