Language: EN


How to Manage User Groups on Raspberry Pi

In the previous post, we saw how to manage users and passwords on our Raspberry Pi. Now it’s time to delve into user management with the creation of user groups.

User groups facilitate the setting of permissions in systems where there is a large number of users, where controlling permissions individually would be impractical. Keep in mind that Unix-based systems and their applications are designed for systems with multiple users (even hundreds or thousands).

If you are thinking that, if your computer is a local machine and you will only have your user, maybe this is not really important to you. But your whole system is based on this so, believe me, sooner or later you will have to deal with user groups. But don’t worry, it’s much easier than it seems, as we will see in this post!

All the commands in this post refer to user control. Therefore, to use them, we must be logged in as a Super User or use the ‘sudo’ command as we saw in this post.

Why user groups?

If you have a system with 1 or 2 users, you may be able to manage permissions on an individual level. But as the number of users grows, with dozens or hundreds of users, management will become a bit impractical for you.

Imagine a company, where workers are constantly coming and going, department changes… a madness. Now imagine a server with thousands of users. It would be impossible to configure permissions individually!

For that reason, it is normal to work with user groups and grant permissions to folders or program execution at the user group level. Then, you just have to make sure that each user is part of the appropriate groups and they will have the corresponding permissions.

User groups can serve an organizational purpose. Thus, for example, the ‘Marketing’ group has different permissions than ‘Finance’. Or, for a domestic example, the ‘Family’ group has different permissions than the ‘Guests’ group.

Another quite common approach in some applications is to create a group that has permission to execute a program, access a device, or a folder. For example, when installing application ‘A’, it creates a ‘A-Users’ group, which has permission to execute it. To grant execution permissions to a user, you have to add them to this group.

Managing user groups

Add/remove user groups

To create a new user group we simply write:

groupadd group_name

Where group_name is the name of the group we want to create. If we want to delete an existing user group we use:

groupdel group_name

To rename a user group we have the command

groupmod -n new_name old_name

Add/remove users to/from groups

To add the current user to a group we can use this command:

newgrp group_name 

If we want to add another user to a group we will use the command:

adduser user_name group_name

Alternatively, we can use the following command (useful if we want to add them to more than one group in a single command)

usermod -a -G group_name1, group_name2, group_name3 user_name

Finally, to remove a user from a group we use the command

deluser user_name group_name

Which will only remove the user from the user group, it will not delete the user itself.

List user groups

To list all the groups to which the current user belongs, simply use:


We can also show the groups to which another user belongs with:

groups user_name

Finally, if we want to list all the existing groups on the current machine we use the command:

cut -d: -f1 /etc/group

Default user groups

The installation of Raspbian creates certain default user groups. Below is a summary of the main default user groups and their purpose.

piUser group. (A new group is automatically created every time a user is created)
sudoSudo access
admAccess to log files located in /var/log
cdromAccess to optical drives
audioAccess to audio devices (microphones, sound card, etc.)
videoAccess to video devices (graphics card, framebuffer, webcams)
plugdevAccess to external storage devices
inputAccess to the /dev/input/mice folder
netdevAccess to network devices
dialoutAccess to serial ports/modems, etc.
gpioAccess to the GPIO port
i2cAccess to the I2C bus
spiAccess to the SPI bus

That’s it! In future posts we will see how to manage permissions for both users and user groups. If you have any questions or know other commands, you can leave us a comment.