In the previous post, we saw how to manage users and passwords on our Raspberry Pi. Now it’s time to delve deeper into user management by creating user groups.
User groups make it easier to configure permissions in systems with a large number of users, where controlling permissions individually would be impractical. Keep in mind that Unix-based systems and their applications are designed for multi-user systems (even hundreds or thousands).
If you’re thinking that, since your machine is a local device and you’ll only have your user, maybe this isn’t really important for you. But your entire system is based on this, so believe me, sooner or later you will have to deal with user groups. But don’t worry, it’s much easier than it seems, as we’ll see in this post!
All the commands in this post refer to user control. Therefore, to use them, we must be logged in as the Super User or use the ‘sudo’ command as we saw in this post.
Why User Groups?
If you have a system with 1 or 2 users, you might be able to manage permissions at an individual level. But as the number of users grows, with tens or hundreds of users, management will become a bit impractical.
Imagine a company, where workers are constantly coming and going, changing departments… chaos. Now imagine a server with thousands of users. It would be impossible to configure permissions individually!
For that, the normal approach is to work with user groups and grant permissions to folders or program execution at the user group level. Afterwards, you only have to make sure each user belongs to the appropriate groups and they will have the corresponding permissions.
User groups can serve an organizational purpose. For example, the ‘Marketing’ group has different permissions than ‘Finance’. Or, to give a domestic example, the ‘Family’ group is different from the ‘Guests’ group.
Another quite common approach in some applications is to create a group that has permission to execute a program, access a device, or a folder. For example, when installing application ‘A’, it creates a group ‘A-Users’, which has permission to run it. To grant execution permissions to a user, you have to add them to this group.
Manage User Groups
Add/Remove User Groups
To create a new user group, we simply write:
groupadd group_name
Where group_name is the name of the group we want to create. If we want to delete an existing user group, we use:
groupdel group_name
To rename a user group, we have the command:
groupmod -n new_name old_name
Add/Remove Users from Groups
To add the current user to a group, we can use this command:
newgrp group_name
If we want to add another user to a group, we will use the command:
adduser username group_name
Alternatively, we can use the following command (useful if we want to add them to more than one group in a single command):
usermod -a -G group_name1, group_name2, group_name3 username
Finally, to remove a user from a user group, we use the command:
deluser username group_name
This will only remove the user from the user group, it will not delete the user itself.
List User Groups
To list all the groups the current user belongs to, we simply use:
groups
We can also show the groups another user belongs to with:
groups username
Finally, if we want to list all existing groups on the current machine, we use the command:
cut -d: -f1 /etc/group
That easy! In the upcoming posts, we will see how to manage permissions for both users and user groups. If you have any questions or know other commands, you can leave us a comment.
