02-C.12: Groups: Create, Modify, and Delete - Modify Group

Last updated
Save as PDF

Page ID: 26814

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

Modify /etc/group File

The proper way to edit /etc/group file is using vigr commands in Linux. We CANNOT simply edit the groups file with a text editor. The vigr command is used to safely edit the files /etc/group file. It will put appropriate locks when editing /etc/group file to prevent other users from making any changes in the file and avoid file corruption. When you run this command with -s flag, it will edit the /etc/gshadow file.

As we have the ability to add, modify and delete users, we also have the ability to add, modify and delete groups. This video discusses these capabilites and shows examples of each.

The vigr Command

The vigr command edits the /etc/groups file in the same manner that the vipw command edits the /etc/passwd file. The discussion can be found on the preceding page.

To safely edit /etc/groups file, simply run:

pbmac@pbmac-server $ sudo vigr

Now vigr command will lock the /etc/group files and prevent other users from making any changes. The password will not get updated until you exit the vigr command. So the other users may not inadvertently or intentionally make any changes in /etc/group file while you’re editing them as root.

Modify /etc/group File From the Command Line

Just like with useradd/usermod/userdel commands for users, there are similar commands for groups: groupadd, groupmod, and groupdel. These commands allow any admin to add, modify or delete groups.

The groupadd Command

As the name says, this command creates a group. The default for groupadd is that the group will not have any members. NOTE: The groupadd command does NOT add users to a group; for that task use the useradd or usermod command.

Syntax:

groupadd [ OPTIONS ] GROUP_NAME

Command Options:

Option	How is it used...	Show me
-f	The command exits with a status of "success" if the specified group exists. When used with the -g, and the specified GID exists, another unique GID is chosen.	groupadd -f security-team
-g	Assign a specific group id, if not specified groupadd uses the next in the sequence.	groupadd -g 217 security-team
-o	Allows for the creation of a non-unique GID.	groupadd -o -g 217 sales

To add a new group named developers:

pbmac@pbmac-server $ groupadd -f developers

The groupmod Command

The groupmod command gives system administrators the ability to change the group's own attributes. The changes are made to the /etc/group.

Syntax:

groupmod [ OPTIONS ] GROUP_NAME

Command Options:

Option	How is it used...	Show me
-g	The group id will be changed to the given value for the specified group.	groupmod -g 999 security-team
-n	The name of the specified group will be changed to the new group name.	groupmod -n teamsec security-team
-o	Allows for the creation of a non-unique GID.	groupmod -o -g 217 sales

To change the name of our developers group to dev_team we use a simple command using th e-n option:

pbmac@pbmac-server $ groupmod -n dev_team developers

The groupdel Command

The groupdel command modifies the system account files, deleting all entries that refer to the specified group. The named group must exist.

Syntax:

groupdel [ OPTIONS ] GROUP_NAME

Command Options:

Options	Option Meaning
-g, --gid GID	The group ID of the given GROUP will be changed to GID. Any files that have the old group ID and must continue to belong to GROUP must have their group ID changed manually.
-n, --new-name NEW_GROUP	The name of the group will be changed from GROUP to NEW_GROUP name.
-o, --non-unique	When used with the -g option, allows to change the group GID to a non-unique value.
-p, --password PASSWORD	The encrypted password, as returned by crypt(3).

An example of deleting the existing group sales:

pbmac@pbmac-server $ groupdel dev_team

Be careful when deleting groups as it may cause users to have issues accessing resources. Also, take note that this command does NOT delete the users associated with the deleted group.

"The Right Way To Edit /etc/passwd And /etc/group Files In Linux" by SK, OSTECHNIX is licensed under CC BY-NC 4.0
"groupmod command in Linux with examples" by Samdare B, Geeks for Geeks is licensed under CC BY-SA 4.0
"groupadd command in Linux with examples" by NaveenJangid, Geeks for Geeks is licensed under CC BY-SA 4.0
"groupdel command in Linux with examples" by Samdare B, Geeks for Geeks is licensed under CC BY-SA 4.0