Managing users and their group memberships efficiently is a fundamental task in Linux and Unix system administration. It ensures that users have the right access to the system's resources and data. By understanding how to create users, groups, and associate users with groups, system administrators can establish granular control over who has access to what resources. In this tutorial, we will explain how to add a user to multiple groups in Linux and Unix.
In this guide, we are going to learn the following topics:
- Create user accounts using the
useradd
command. - Create the necessary groups using the
groupadd
command. - Add users to multiple groups using the
usermod
command. - Verify user group membership using the
id
andgroups
commands and the key differences between these two commands. - Additionally, we will learn how to add multiple users to multiple groups.
For demonstration purposes, we will create a new user called "test" and add this user to groups named "sysadmin", "devops", and "management".
Table of Contents
Create a New User
The useradd
command is used to create a new user account. This command adds a new user account according to the options specified on the command line and the default values in the system. It updates system files and sets defaults for the new user.
Create a user called "test" using command:
$ sudo useradd test
This command creates a new user account with the username "test".
Set password to the newly created user:
$ sudo passwd test
Unlike
adduser
command, which is more interactive and user-friendly,useradd
command requires you to manually specify all options, like home directory and shell, or it will use the system defaults.
Display User and Group Information
The id
command is used to display the user and group information for a specified user. If no username is specified, it shows the information about the current user.
This command is very useful for verifying a user's permissions and memberships. It's straightforward and provides a concise summary of a user's identity on the system.
To check the existing groups of the "test" user, we use id
command like below:
$ id test
This command displays the user ID, group ID, and the groups the "test" user belongs to.
Sample Output:
uid=1001(test) gid=100(users) groups=100(users)
Create Groups
The groupadd
command is used to create a new group. Groups are a fundamental aspect of Linux/Unix permissions. Using groups, we can specify permissions for a collection of users at once.
Create the groups "sysadmin", "devops", and "management":
$ sudo groupadd sysadmin
$ sudo groupadd devops
$ sudo groupadd management
These commands create the new groups "sysadmin", "devops", and "management".
Add User to Multiple Groups
Add the "test" user to the above groups:
$ sudo usermod -a -G sysadmin,devops,management test
The usermod
command is used to modify a user's account. The -a
option appends the user to the specified groups, and the -G
option specifies the groups to add the user to (in this case, "sysadmin", "devops", and "management").
Create New User with Several Groups
In our previous example, we assigned the exisitng user to multiple groups. You can also create a new user and add them to multiple groups in a single command. The command to do this would be:
$ sudo useradd -G sysadmin,devops,management test
Here's a breakdown of the command:
sudo
- This runs the command with superuser (root) privileges, which is required to create a new user.useradd
- This command creates a new user account.-G sysadmin,devops,management
- This option specifies the groups that the new user should be added to. In this case, the user "test" is being added to the "sysadmin", "devops", and "management" groups.test
- This is the username of the new user being created.
By using this single command, you can accomplish the following tasks in one step:
- Create a new user account with the username "test".
- Add the "test" user to the "sysadmin", "devops", and "management" groups.
This can be a more efficient way to set up a new user account and manage their group memberships, especially if the user needs to be part of multiple groups from the start.
Keep in mind that if you want to add a user to additional groups later, you can use the usermod
command, as shown in the previous example:
$ sudo usermod -a -G additional_group test
This adds the "test" user to the "additional_group" without removing them from any of the other groups they were already a member of.
Check User's Group Membership
Check the groups of the "test" user:
$ id test
This command will now show that the "test" user is a member of the "sysadmin", "devops", and "management" groups, in addition to any other groups the user may belong to.
Sample Output:
uid=1001(test) gid=100(users) groups=100(users),1000(sysadmin),1001(devops),1002(management)
We can also use groups
command to show the groups a user is a member of. When used without arguments, it displays the groups the current user belongs to. If a username is provided, it shows the groups that user belongs to.
$ groups test
The id
command provides more comprehensive user information, including the user ID and primary group ID, while the groups
command is more focused on just listing the groups a user belongs to.
Please check the following guide to know various methods to list the members of a Group in Linux:
Key Differences between id
and groups
commands
The id
and groups
commands are both used to display information about user groups, but they have some key differences:
id
command: Displays the user's UID (User ID), GID (Primary Group ID), and a list of all the groups the user belongs to.groups
command: Displays only the list of groups the user belongs to.id
command: Provides more detailed information, including the user's UID and primary GID, in addition to the list of groups.groups
command: Focuses solely on the list of groups the user is a member of.id
command: Can be used to get information about any user on the system by specifying the username (e.g.,id test
).groups
command: By default, shows the groups for the current user, but can also be used to get the groups for a specific user (e.g.,groups test
).id
command: Can be run by any user to get information about their own user account.groups
command: Can also be run by any user to get information about their own group membership.
In summary, the id
command provides more comprehensive user information, including the user ID and primary group ID, while the groups
command is more focused on just listing the groups a user belongs to. Both commands can be useful, depending on the specific information you need to retrieve about a user's group membership.
Add Multiple Users to Multiple Groups
It is possible to add multiple users to multiple groups in Linux and Unix systems, though the process may require a few steps or a script, as there isn't a single built-in command that directly supports adding multiple users to multiple groups simultaneously.
You can use a for loop
in the shell to iterate over users and groups, adding each user to each group. This method is useful if you have a predefined list of users and groups.
for user in user1 user2 user3; do for group in group1 group2 group3; do sudo usermod -a -G $group $user done done
This script loops through each user and adds them to each group listed. The usermod -a -G $group $user
command appends the user to the group without removing them from any other groups.
Please note that you should have already created the users and groups before running the above command.
This method provide a flexible approach to managing users and groups in bulk.
Conclusion
Learning how to add users to multiple groups is an essential skill for any Linux or Unix system administrator. In this guide, we discussed how to create users and assign group membership to them with examples in Linux. We also explained how to add multiple users to multiple groups at once using a for loop
script. Hope this helps.
Related Read: