Table of Contents
- Introduction
- What are "Groups" in Linux?
- Core Group Management Commands
- Real-World Scenario: Team Access Control in a Cloud Project
- Conclusion
- Let's Connect
Introduction
Welcome back to Day 6 of my Linux Mastery series. Yesterday, we handled user management, and today, we dive into something equally crucial: group management.
If users are like individual employees, groups are like departments, and managing departments is how you keep things organized in a company. The same thing applies in Linux.
What are "Groups" in Linux?
A group in Linux is a way to assign a shared set of permissions to multiple users. It simplifies access control.
There are two types of groups:
Primary Group: Automatically created with a user and is their default group.
Secondary Group: Optional groups the user can be added to, for shared access.
We also have the Group account Database:
- Group Account Properties: /etc/group
- Group Admin Properties: /etc/gshadow
Core Group Management Commands
| Group Management Commands | Purpose |
|---|---|
groupadd 'group'
|
Create a new group |
grep 'groupname' etc/group
|
Check group account properties |
grep 'groupname' etc/gshadow
|
Check group admin properties |
groupmod -g 'groupname'
|
Modify group ID |
gpasswd -a 'username' 'groupname'
|
Add a single member/user to a group |
gpasswd -d 'username' 'groupname'
|
Remove a single member/user from a group |
gpasswd -M 'user1,user2,user3' 'groupname'
|
Add/Remove multiple users in a group. Note: When doing this it replaces existing users. For retaining of existing users include their names when running this command |
gpasswd -A 'username' 'groupname'
|
Make a user/member the group admin |
gpasswd -A 'user1, user2, user3, etc' 'groupname'
|
Assigns multi-admins |
groupmod -n 'newname' 'oldname'
|
Rename a group |
groupdel 'groupname'
|
Delete the group account |
cat /etc/group
|
View all groups and members |
Real-World Scenario: Team Access Control in a Cloud Project
Imagine you are working at Cloud Whistler, and your infrastructure team is setting up a multi-environment project called 'cloudinfra'.
Your team is divided into three key roles:
- DevOps Engineers
- Network Engineers
- Support Engineers
You need to:
- Set up proper group permissions.
- Assign the right users to the right groups.
- Ensure people only access what they need.
Let’s walk through it step by step.
- Create Groups for the job Roles (DevOps, Network, and Support)
groupadd devops
groupadd network
groupadd support
- Rename a Group
Your team lead decides that the support team will now be called monitoring.
groupmod -n monitoring support
- Add Users to Groups
Let's say you have three new hires:
AmandaIgwe and Jide - devOps
Tunde - network
Chris - monitoring
*Note: before adding users to the group make sure you have already created the user first. (using useradd command)
*
gpasswd -a AmandaIgwe devops
gpasswd -a Jide devops
gpasswd -a Tunde network
gpasswd -a Chris monitoring
- Remove User from a group
Now, let’s say Jide is rotating off the project, and you want to remove him from the group
gpasswd -d Jide devops
- Verify Group Membership
You are doing an audit and want to check if AmandaIgwe still belongs to any groups.
grep AmandaIgwe /etc/group
Note the following output meaning:
- devops = group name
- x = password store
- 1003 = group ID
- AmandaIgwe = stands for the group members
And that's it!
Conclusion
As a Cloud or Systems Engineer, you are expected to:
Set up secure access control
Manage team-level permissions
Automate user provisioning
Be audit-ready for compliance
These group management commands are your everyday tools for doing that cleanly and confidently.
If this is helpful to you, feel free to bookmark, comment, like and follow me for Day 6!
Let's Connect!
If you want to connect or share your journey, feel free to reach out on LinkedIn.
I am always happy to learn and build with others in the tech space.
#30DaysLinuxChallenge #Redhat#RHCSA #RHCE #CloudWhistler #Linux #Rhel #Ansible #Vim #CloudComputing #DevOps #LinuxAutomation #IaC #SysAdmin#CloudEngineer
