RHCSA Rapid Track

Bookmark this page
P1234567891011121314151617
PreviousNext

Managing Local Group Accounts

Objectives

After completing this section, students should be able to create, modify, and delete local group accounts.

Managing Local Groups

A group must exist before a user can be added to that group. Several command-line tools are used to manage local group accounts.

Creating Groups from the Command Line

  • The groupadd command creates groups. Without options the groupadd command uses the next available GID from the range specified in the /etc/login.defs file while creating the groups.

  • The -g option specifies a particular GID for the group to use. 

    [user01@host ~]$ sudo groupadd -g 10000 group01
[user01@host ~]$ tail /etc/group
...output omitted...
group01:x:10000:

    Note

    Given the automatic creation of user private groups (GID 1000+), it is generally recommended to set aside a range of GIDs to be used for supplementary groups. A higher range will avoid a collision with a system group (GID 0-999).

  • The -r option creates a system group using a GID from the range of valid system GIDs listed in the /etc/login.defs file. The SYS_GID_MIN and SYS_GID_MAX configuration items in /etc/login.defs define the range of system GIDs. 

    [user01@host ~]$ sudo groupadd -r group02
[user01@host ~]$ tail /etc/group
...output omitted...
group01:x:10000:
group02:x:988:

Modifying Existing Groups from the Command Line

  • The groupmod command changes the properties of an existing group. The -n option specifies a new name for the group. 

    [user01@host ~]$ sudo groupmod -n group0022 group02
[user01@host ~]$ tail /etc/group
...output omitted...
group0022:x:988:

    Notice that the group name is updated to group0022 from group02.

  • The -g option specifies a new GID. 

    [user01@host ~]$ sudo groupmod -g 20000 group0022
[user01@host ~]$ tail /etc/group
...output omitted...
group0022:x:20000:

    Notice that the GID is updated to 20000 from 988.

Deleting Groups from the Command Line

  • The groupdel command removes groups. 

    [user01@host ~]$ sudo groupdel group0022

    Note

    You cannot remove a group if it is the primary group of any existing user. As with userdel, check all file systems to ensure that no files remain on the system that are owned by the group.

Changing Group Membership from the Command Line

  • The membership of a group is controlled with user management. Use the usermod -g command to change a user's primary group. 

    [user01@host ~]$ id user02
uid=1006(user02) gid=1008(user02) groups=1008(user02)
[user01@host ~]$ sudo usermod -g group01 user02
[user01@host ~]$ id user02
uid=1006(user02) gid=10000(group01) groups=10000(group01)

  • Use the usermod -aG command to add a user to a supplementary group. 

    [user01@host ~]$ id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03)
[user01@host ~]$ sudo usermod -aG group01 user03
[user01@host ~]$ id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03),10000(group01)

    Important

    The use of the -a option makes usermod function in append mode. Without -a, the user will be removed from any of their current supplementary groups that are not included in the -G option's list.

References

group(5), groupadd(8),groupdel(8), and usermod(8) man pages

PreviousNext
Revision: rh199-8.2-3beeb12