In this tutorial, we will learn how to create a Group in Linux using groupadd command.
What is a Linux Group?
A Linux group is used to manage the privileges of a user. We can define a set of privileges to a group such as read, write access to a specific resource. Then all the users in the group automatically gets the access to that resource.
In simple terms, a group is a collection of users. It helps us in granting privileges to a group of users quickly. For example, “sudo” is a group and any user in that group automatically gets the superuser privileges.
How to Create a Group in Linux?
Linux groupadd command is used to create a group in Linux. It’s a linux specific command and it can be used across all the distributions such as Ubuntu, CentOS, and Debian.
Linux groupadd Command Syntax
The groupadd command syntax is:
groupadd [options] GROUP
Let’s look at some examples to understand the usage of groupadd command and its various options.
Linux Create Group
The groupadd command can be run by root user or as a superuser using sudo privileges.
root@localhost:~# groupadd test_users
If the group is created, there won’t be any error or success message.
The groups information is stored in /etc/group file. We can check this file for the newly created group information.
root@localhost:~# cat /etc/group | grep test_users
test_users:x:1004:
root@localhost:~#
The number above denoted the group id, which is an integer value. We can also use the getent command to get the group details.
root@localhost:~# getent group test_users
test_users:x:1004:journaldev
root@localhost:~#
Error if the group already exists
If the group already exists, then the error message is displayed. Let’s run the above command again.
root@localhost:~# groupadd test_users
groupadd: group 'test_users' already exists
root@localhost:~#
Creating a Group with Group ID
We can specify the group id also while creating the group using -g option.
root@localhost:~# groupadd -g 1005 test_users1
root@localhost:~# cat /etc/group | grep 1005
test_users1:x:1005:
root@localhost:~#
If the group id is already in use, you will get an error message.
root@localhost:~# groupadd -g 1005 test_users2
groupadd: GID '1005' already exists
root@localhost:~#
Linux groupadd Force Success Option
We can specify -f or –force option to exit successfully if the group already exists.
root@localhost:~# groupadd -f test_users
root@localhost:~#
If we are creating a group with force success option and the group id already exists, then group id is ignored and the group is created.
root@localhost:~# groupadd -f -g 1005 test_users2
root@localhost:~# cat /etc/group | grep test_users2
test_users2:x:1006:
root@localhost:~#
Notice that the Linux group is created with a different group id because we used the -f option.
Linux groupadd help
If you want some help with the groupadd command usage, use the -h option.
root@localhost:~# groupadd -h
Usage: groupadd [options] GROUP
Options:
-f, --force exit successfully if the group already exists,
and cancel -g if the GID is already used
-g, --gid GID use GID for the new group
-h, --help display this help message and exit
-K, --key KEY=VALUE override /etc/login.defs defaults
-o, --non-unique allow to create groups with duplicate
(non-unique) GID
-p, --password PASSWORD use this encrypted password for the new group
-r, --system create a system account
-R, --root CHROOT_DIR directory to chroot into
--extrausers Use the extra users database
root@localhost:~#
Linux groupadd -K Option
We can use -K option to override the GID_MIN and GID_MAX values present in the /etc/login.defs file.
It means that the new group id will be taken from the range provided using the -K option. Let’s look at an example to clearly understand this feature.
root@localhost:~# cat /etc/login.defs | grep GID
GID_MIN 1000
GID_MAX 60000
root@localhost:~#
root@localhost:~# groupadd -K GID_MIN=20000 -K GID_MAX=21000 test_users6
root@localhost:~# cat /etc/group | grep test_users6
test_users6:x:20000:
root@localhost:~#
If you look at the earlier commands, the group ids assigned were close to 1000. But in the above groupadd command, group id used is 20000.
Creating a Group with Password
We can use the -p option to create a group with password.
root@localhost:~# groupadd -p abc123 test_users_pwd
root@localhost:~#
But, I have never used it myself or not seen anyone using it. In fact, the man page of gpasswd states this as a security issue.
root@localhost:~# man gpasswd
Notes about group passwords
Group passwords are an inherent security problem since more than one person is permitted to
know the password. However, groups are a useful tool for permitting co-operation between
different users.'
Creating a System Group
We can use -r option to create a system group.
There is no difference between a normal group and a system group. The only difference is the group id assignment.
For normal groups, the group ids are assigned from 1000 to 60000 (default value). For a system group, the group id is less than 1000.
Again, the group id has no significance or doesn’t provide any additional privileges.
root@localhost:~# groupadd -r system_group
root@localhost:~# cat /etc/group | grep system_group
system_group:x:999:
root@localhost:~#
Notice that the group id assigned is 999.
Conclusion
We can use groupadd command to add groups in Linux. It’s a very simple and common command that can be used with any Linux distributions to create a group.
