Terminus
Create Groups In Linux

Create Groups In Linux

The short answer

To create a new user group in Linux, you can use the [.inline-code]groupadd[.inline-code] command as follows:

$ sudo groupadd <group>

Where:

  • [.inline-code]<group>[.inline-code] is the name of the group you want to create.

For example, the following command will create a new group called [.inline-code]developers[.inline-code]:

$ sudo groupadd developers

Note that the [.inline-code]sudo[.inline-code] command here is used to execute the [.inline-code]groupadd[.inline-code] command with superuser privileges, which is required in order to make system-wide changes.

You can learn more about [.inline-code]sudo[.inline-code] by reading our other articles on how to add a user to sudoers and how to spawn a root shell using sudo su.

[#create-a-group-with-a-specific-gid] Creating a group with a specific GID [#create-a-group-with-a-specific-gid]

In Linux, groups are automatically assigned a numeric identifier (GID) by the system upon creation based on a value defined in the [.inline-code]/etc/login.defs[.inline-code] file.

To create a group with a specific GID instead, you can use the [.inline-code]groupadd[.inline-code] command with the [.inline-code]-g[.inline-code] flag as follows:

$ sudo groupadd -g <gid> <group>

Where:

  • [.inline-code]<group>[.inline-code] is the name of the new group.
  • [.inline-code]<gid>[.inline-code] is the specific GID you want to assign to the new group.

For example, this command will create a new group named [.inline-code]testers[.inline-code] with a group identifier of [.inline-code]1003[.inline-code]:

$ sudo groupadd -g 1003 testers

Note that when creating a new group, the minimum group ID that can be assigned is typically [.inline-code]1000[.inline-code], as it might otherwise conflict with system groups and potentially cause unexpected system behaviors and issues.

[#easily-recall-syntax-with-ai] Easily retrieve this command using the Warp’s AI Command Suggestions [#easily-recall-syntax-with-ai]

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Suggestions feature:

Entering the [.inline-code]create group with gid[.inline-code] into the AI Command Suggestions will prompt a [.inline-code]groupadd[.inline-code] command that can then be quickly inserted into your shell by doing [.inline-code]CMD+ENTER[.inline-code].

[#create-a-docker-group] Creating a docker group[#create-a-docker-group]

The [.inline-code]docker[.inline-code] group allows arbitrary users on the system to run and manage Docker containers without the need of superuser privileges (i.e., [.inline-code]sudo[.inline-code]) by gaining permission to interact with the Docker daemon.

To verify whether the [.inline-code]docker[.inline-code] group already exists, you can use the following [.inline-code]grep[.inline-code] command:

$ grep docker /etc/group

If the aforementioned command doesn’t produce any output, you can then use the following [.inline-code]groupadd[.inline-code] command to create the [.inline-code]docker[.inline-code] group:

$ sudo groupadd docker

You can then add a new user to the [.inline-code]docker[.inline-code] group use the following [.inline-code]usermod[.inline-code] command:

$ sudo usermod -aG docker <username>

Where:

  • [.inline-code]<username>[.inline-code] is the name of the user you want to add to the [.inline-code]docker[.inline-code] group.

Finally, to verify that the currently logged in user can execute Docker commands, you can run the following [.inline-code]docker[.inline-code] command:

$ docker ps

Note that to ensure that the group membership takes effect, the user may need to log out and log back in again.

[#create-a-group-with-a-script] Creating a group using a Bash script [#create-a-group-with-a-script]

To automatically create a new group if it doesn't exist, you can use a Bash script as follows:

#!/bin/bash

# Define a new variable `group` that contains the name of the group
group="developers"

# Check if the group doesn't exist
if grep -q "$group" /etc/group; then
  echo "$group already exists"
  exit 1
else
  # Attempt to create the group using `groupadd`
  groupadd $group

  # Check if the `groupadd` command succeeded
  if [[ $? -eq 0 ]]; then
    echo "$group created"
  else
    echo "Error creating $group"
    exit 1
  fi
fi

You can then give the script execution permission using the [.inline-code]chmod[.inline-code] command as follows:

$ chmod +x create_group.sh

Finally, you can execute the script with superuser privileges using the [.inline-code]sudo[.inline-code] command as follows:

$ sudo ./create_group.sh

[#list-existing-groups] Listing existing groups [#list-existing-groups]

In Linux, the [.inline-code]/etc/group[.inline-code] file is a text-based database used for managing user accounts and group memberships.

To verify the existence of a group on the system, and therefore its successful creation, you can filter the content of this file using the [.inline-code]grep[.inline-code] command as follows:

$ grep <group> /etc/group

Where:

  • [.inline-code]<group>[.inline-code] is the name of the group you’re searching for.

For example, this command will output the entries relative to the [.inline-code]developers[.inline-code] group:

$ grep developers /etc/group
developers:x:1000:johndoe

Where:

  • [.inline-code]developers[.inline-code] is the group’s name.
  • [.inline-code]x[.inline-code] is a placeholder for the group’s optional password.
  • [.inline-code]1000[.inline-code] is the group’s identifier (GID).
  • [.inline-code]johndoe[.inline-code] is the username of the group’s unique member.

You can learn more about fetching users and groups information by reading our other article on how to list users and groups in Linux.

[#add-users-to-a-group] Adding users to a group [#add-users-to-a-group]

To add a user to one or more secondary groups, you can use the [.inline-code]usermod[.inline-code] command with the [.inline-code]-a[.inline-code] flag (short for [.inline-code]--append[.inline-code]) and [.inline-code]-G[.inline-code] flag (short for [.inline-code]--groups[.inline-code]) as follows:

$ sudo usermod -a -G <groups> <username>

Where:

  • [.inline-code]<groups>[.inline-code] is a list of comma-separated group names or GIDs.
  • [.inline-code]<username>[.inline-code] is the username of the user you want to add to the specified groups.

For example, this command will add the group named [.inline-code]developers[.inline-code] to the user named [.inline-code]johndoe[.inline-code]:

$ sudo usermod -a -G developers johndoe

You can learn more about managing users by reading our other article on how to create and configure a new user in Linux.

[#create-a-shared-group-folder] Creating a shared folder for a specific group [#create-a-shared-group-folder]

A shared folder is a centralized location in the filesystem where multiple users part of the same group can store, access, and modify files simultaneously.

These folders are often created in locations that are easily accessible to multiple users or services on the system, such as the root folder (i.e., [.inline-code]/[.inline-code]).

To create a new shared folder, you can use the [.inline-code]mkdir[.inline-code] command as follows:

$ sudo mkdir <folder>

Where:

  • [.inline-code]<folder>[.inline-code] is the path to the shared folder.

Next, you can change the shared folder’s ownership by assigning it to a specific group using the [.inline-code]chown[.inline-code] command as follows:

$ sudo chown :<group> <folder>

Where:

  • [.inline-code]<group>[.inline-code] is the name of the group.
  • [.inline-code]<folder>[.inline-code] is the path to the shared folder.

Finally, you can change the shared folder’s permissions to only allow the owner and the group to manage it using the [.inline-code]chmod[.inline-code] command as follows:

$ sudo chmod 770 <folder>

For example, the following commands will create a new shared folder named [.inline-code]projects[.inline-code] in the root directory, assign it to the group named [.inline-code]developers[.inline-code], and change its permissions so that only the owner (i.e., [.inline-code]root[.inline-code]) and the group (i.e., [.inline-code]developers[.inline-code]) can read, write, and execute in it:

$ sudo mkdir /projects
$ sudo chown :developers /projects
$ sudo chmod 770 /projects

You can learn more about the [.inline-code]chmod[.inline-code] command by reading our other article on how to change permissions in Linux.