Linux · Group Management

Linux · Lesson 5

Group Management

Manage local groups and permissions in Linux. Add and modify groups with commands. User membership control. Enterprise security best practices.

Why group management matters

Groups allow Linux administrators to manage permissions for multiple users at the same time. Instead of assigning permissions individually, you assign access to a group and add users into that group.

This approach simplifies administration, improves security and makes large Linux environments easier to manage.

Core group-management concepts

Primary & secondary groups

Every Linux user has one primary group and may belong to multiple supplementary groups for shared access.

Permission management

Linux file and directory permissions often rely on groups to control read, write and execute access.

Shared collaboration

Groups make it easy for teams to collaborate safely inside shared directories and application environments.

Step-by-step Linux group-management commands

Practice the following commands inside your Linux VM or lab server to understand how groups affect permissions and access control.

1. View existing groups

Start by inspecting /etc/group to understand existing Linux groups and memberships.

terminal — bash
linux-lab
[root@linux ~]# tail -7 /etc/group
adm:x:4:syslog,admin
sudo:x:27:ubuntu
docker:x:999:devuser
developers:x:1001:
webteam:x:1010:appuser
dbteam:x:1011:oracle
projectx:x:1012:devuser,opsuser

2. Create a new group

Use groupadd to create a new application or team group with a custom GID if needed.

terminal — bash
linux-lab
[root@linux ~]# groupadd -g 1015 analytics
 
[root@linux ~]# getent group analytics
analytics:x:1015:

3. Add a user to a supplementary group

Use usermod -aG to safely append a user to additional groups without removing existing memberships.

terminal — bash
linux-lab
[root@linux ~]# id appuser
uid=1002(appuser) gid=1002(appuser) groups=1002(appuser)
 
[root@linux ~]# usermod -aG analytics appuser
 
[root@linux ~]# id appuser
uid=1002(appuser) gid=1002(appuser) groups=1002(appuser),1015(analytics)

4. Verify group membership

Switch to the user account and verify group membership from the user’s perspective.

terminal — bash
linux-lab
[root@linux ~]# su - appuser
 
[appuser@linux ~]$ groups
appuser analytics
 
[appuser@linux ~]$ id
uid=1002(appuser) gid=1002(appuser) groups=1002(appuser),1015(analytics)

5. Use groups for shared directory access

Assign group ownership and permissions so multiple users can collaborate safely.

terminal — bash
linux-lab
[root@linux ~]# mkdir -p /projects/webapp
[root@linux ~]# chown root:analytics /projects/webapp
[root@linux ~]# chmod 2775 /projects/webapp
 
[root@linux ~]# ls -ld /projects/webapp
drwxrwsr-x 2 root analytics 4096 Jan 11 11:30 /projects/webapp
 
[appuser@linux ~]$ cd /projects/webapp
[appuser@linux /projects/webapp]$ touch testfile
[appuser@linux /projects/webapp]$ ls -l
-rw-r--r-- 1 appuser analytics 0 Jan 11 11:31 testfile

6. Rename or remove a group

Use groupmod to rename groups and groupdel to remove unused ones.

terminal — bash
linux-lab
[root@linux ~]# groupmod -n analytics_legacy analytics
 
[root@linux ~]# getent group analytics_legacy
analytics_legacy:x:1015:appuser
 
# Remove group after cleanup
[root@linux ~]# groupdel analytics_legacy

Good practices for Linux groups

Designing groups

  • Create groups around applications, departments or project teams.
  • Use clear and meaningful names like developers, analytics or webteam.
  • Avoid granting broad write permissions to unnecessary users.

Managing shared directories

  • Use chmod 2775 so new files inherit the directory group automatically.
  • Review group membership regularly and remove inactive users.
  • Keep sensitive directories restricted to only required groups.

Practice task – build a shared Linux project workspace

  • Create a new group called projectx.
  • Add two users such as devuser and opsuser to the group.
  • Create /projects/projectx and configure proper ownership and permissions.
  • Log in as both users and confirm they can create and edit files inside the shared directory.
  • Remove one user from the group and verify access changes immediately.

In the next lesson, you will learn Linux file permissions and how ownership, chmod and special permissions work together.