Manage Linux user groups
Last updated on: 2020-06-11
Authored by: Chris Silva
This article covers the basics of managing user groups on a Linux® server.
You need to have the following prerequisites:
- Basic understanding of Secure Shell (SSH®)
- Sudo or administrative access to your server
- A Cloud Server running supported versions of Linux
- Basic knowledge of file and directory permissions on a Linux server
User groups in Linux allow a group of users specific access or permissions to directories or files on the Linux operating system. This access depends on the group permissions for the file or directory.
Note: For more information on directory and file permissions, see Changing Linux permissions.
The following example shows how group permissions affect a user’s access.
drwxr-xr-x. 5 root root 4096 Jun 9 11:09 . drwxr-xr-x. 3 root root 4096 Jun 9 11:03 .. drwxr-xr-x. 2 root apache 4096 Jun 9 11:04 files -rw-rw-r--. 1 root apache 0 Jun 9 11:09 somefile drwxr-xr-x. 2 root apache 4096 Jun 9 11:04 test drwxr-xr-x. 2 testuser apache 4096 Jun 9 11:04 websitefiles
The permissions for this directory indicate:
testuseruser is the owner of the directory websitefiles. The owner has
rwx, which translates to read, write, and execute on the directory.
- The user,
r-x, which means that they can read and execute on the directories.
- The user,
rw-rw-r--on the file somefile, which means they can read and write to the file.
Directory versus file permissions
There are a few differences between directory and file permissions to consider when adding a user to a group. For a file, read, write, and execute mean precisely that. The user can perform those tasks on a file. However, in a directory, the permissions have the following meanings:
- Read: Allows a user to list the contents of a directory.
- Write: Allows a user to create new files or directories within the directory.
- Execute: Allows a user to traverse into the directory.
When you need a user to share the permissions associated with a group, you should add the user to the associated group.
testuser user permissions:
# id testuser uid=1002(testuser) gid=1002(testuser) groups=1002(testuser)
This output shows that the user has only their default groups and has not been assigned to any supplemental groups.
testuser access to the files directory, the user must be part of the
Note: Some users also create a separate group for their web developers that includes the
so that the functionality of Apache® on the directory is not disabled.
Example: Add a user to a group
This example adds
testuser to the
Check the group
First, check the
apache group before making changes:
# getent group apache apache❌48:
You can see that no other users are part of the
testuser to group
testuser to the group, run the following command from the terminal:
usermod -aG apache testuser
-aG translates to append and groups. The use of
-a ensures that you add the user
to a group rather than replacing their default group.
Now, if you view the groups for
apache, you see
testuser in the group.
# getent group apache apache❌48:testuser
If you view
testuser, you can see the user now has the
# id testuser uid=1002(testuser) gid=1002(testuser) groups=1002(testuser),48(apache)
The test user now has access to the group-level permissions for directories and files with a group
Syntax to add users to groups
Use the same process to add users to other groups with the following command:
usermod -aG <group> <user>
You can also add the user to multiple groups at once:
usermod -aG <group1>,<group2>,etc <user>
As long as the group to which you add the user has the appropriate permissions for the directory they need to access, this operation gives the user the access they need to manage the files and directories.