How to Create a Group in Linux – groupadd Command

In this tutorial, we will learn how to create a Group in Linux using groupadd command.

What is a Linux Group?

A Linux group is used to manage the privileges of a user. We can define a set of privileges to a group such as read, write access to a specific resource. Then all the users in the group automatically gets the access to that resource.

In simple terms, a group is a collection of users. It helps us in granting privileges to a group of users quickly. For example, “sudo” is a group and any user in that group automatically gets the superuser privileges.

How to Create a Group in Linux?

Linux groupadd command is used to create a group in Linux. It’s a linux specific command and it can be used across all the distributions such as Ubuntu, CentOS, and Debian.

Linux groupadd Command Syntax

The groupadd command syntax is:

groupadd [options] GROUP

Let’s look at some examples to understand the usage of groupadd command and its various options.

Linux Create Group

The groupadd command can be run by root user or as a superuser using sudo privileges.

root@localhost:~# groupadd test_users

If the group is created, there won’t be any error or success message.

The groups information is stored in /etc/group file. We can check this file for the newly created group information.

root@localhost:~# cat /etc/group | grep test_users
test_users:x:1004:
root@localhost:~#

The number above denoted the group id, which is an integer value. We can also use the getent command to get the group details.

root@localhost:~# getent group test_users
test_users:x:1004:journaldev
root@localhost:~#

Error if the group already exists

If the group already exists, then the error message is displayed. Let’s run the above command again.

root@localhost:~# groupadd test_users
groupadd: group 'test_users' already exists
root@localhost:~# 

Creating a Group with Group ID

We can specify the group id also while creating the group using -g option.

root@localhost:~# groupadd -g 1005 test_users1
root@localhost:~# cat /etc/group | grep 1005
test_users1:x:1005:
root@localhost:~# 

If the group id is already in use, you will get an error message.

root@localhost:~# groupadd -g 1005 test_users2
groupadd: GID '1005' already exists
root@localhost:~# 

Linux groupadd Force Success Option

We can specify -f or –force option to exit successfully if the group already exists.

root@localhost:~# groupadd -f test_users
root@localhost:~#

If we are creating a group with force success option and the group id already exists, then group id is ignored and the group is created.

root@localhost:~# groupadd -f -g 1005 test_users2
root@localhost:~# cat /etc/group | grep test_users2
test_users2:x:1006:
root@localhost:~# 

Notice that the Linux group is created with a different group id because we used the -f option.

Linux groupadd help

If you want some help with the groupadd command usage, use the -h option.

root@localhost:~# groupadd -h
Usage: groupadd [options] GROUP

Options:
  -f, --force                   exit successfully if the group already exists,
                                and cancel -g if the GID is already used
  -g, --gid GID                 use GID for the new group
  -h, --help                    display this help message and exit
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -o, --non-unique              allow to create groups with duplicate
                                (non-unique) GID
  -p, --password PASSWORD       use this encrypted password for the new group
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into
      --extrausers              Use the extra users database

root@localhost:~# 

Linux groupadd -K Option

We can use -K option to override the GID_MIN and GID_MAX values present in the /etc/login.defs file.

It means that the new group id will be taken from the range provided using the -K option. Let’s look at an example to clearly understand this feature.

root@localhost:~# cat /etc/login.defs | grep GID
GID_MIN			 1000
GID_MAX			60000
root@localhost:~# 
root@localhost:~# groupadd -K GID_MIN=20000 -K GID_MAX=21000 test_users6
root@localhost:~# cat /etc/group | grep test_users6
test_users6:x:20000:
root@localhost:~# 

If you look at the earlier commands, the group ids assigned were close to 1000. But in the above groupadd command, group id used is 20000.

Creating a Group with Password

We can use the -p option to create a group with password.

root@localhost:~# groupadd -p abc123 test_users_pwd
root@localhost:~# 

But, I have never used it myself or not seen anyone using it. In fact, the man page of gpasswd states this as a security issue.

root@localhost:~# man gpasswd

   Notes about group passwords
       Group passwords are an inherent security problem since more than one person is permitted to
       know the password. However, groups are a useful tool for permitting co-operation between
       different users.'

Creating a System Group

We can use -r option to create a system group.

There is no difference between a normal group and a system group. The only difference is the group id assignment.

For normal groups, the group ids are assigned from 1000 to 60000 (default value). For a system group, the group id is less than 1000.

Again, the group id has no significance or doesn’t provide any additional privileges.

root@localhost:~# groupadd -r system_group
root@localhost:~# cat /etc/group | grep system_group
system_group:x:999:
root@localhost:~#

Notice that the group id assigned is 999.

Conclusion

We can use groupadd command to add groups in Linux. It’s a very simple and common command that can be used with any Linux distributions to create a group.

References:

• StackExchange Discussion on Group Password Use Cases
• AskUbuntu Discussion on System Groups