In the previous post, we saw how to manage users and passwords on our Raspberry Pi. Now it’s time to delve into user management with the creation of user groups.
User groups facilitate the setting of permissions in systems where there is a large number of users, where controlling permissions individually would be impractical. Keep in mind that Unix-based systems and their applications are designed for systems with multiple users (even hundreds or thousands).
If you are thinking that, if your computer is a local machine and you will only have your user, maybe this is not really important to you. But your whole system is based on this so, believe me, sooner or later you will have to deal with user groups. But don’t worry, it’s much easier than it seems, as we will see in this post!
All the commands in this post refer to user control. Therefore, to use them, we must be logged in as a Super User or use the ‘sudo’ command as we saw in this post.
Why user groups?
If you have a system with 1 or 2 users, you may be able to manage permissions on an individual level. But as the number of users grows, with dozens or hundreds of users, management will become a bit impractical for you.
Imagine a company, where workers are constantly coming and going, department changes… a madness. Now imagine a server with thousands of users. It would be impossible to configure permissions individually!
For that reason, it is normal to work with user groups and grant permissions to folders or program execution at the user group level. Then, you just have to make sure that each user is part of the appropriate groups and they will have the corresponding permissions.
User groups can serve an organizational purpose. Thus, for example, the ‘Marketing’ group has different permissions than ‘Finance’. Or, for a domestic example, the ‘Family’ group has different permissions than the ‘Guests’ group.
Another quite common approach in some applications is to create a group that has permission to execute a program, access a device, or a folder. For example, when installing application ‘A’, it creates a ‘A-Users’ group, which has permission to execute it. To grant execution permissions to a user, you have to add them to this group.
Managing user groups
Add/remove user groups
To create a new user group we simply write:
groupadd group_nameWhere group_name is the name of the group we want to create. If we want to delete an existing user group we use:
groupdel group_nameTo rename a user group we have the command
groupmod -n new_name old_nameAdd/remove users to/from groups
To add the current user to a group we can use this command:
newgrp group_name If we want to add another user to a group we will use the command:
adduser user_name group_nameAlternatively, we can use the following command (useful if we want to add them to more than one group in a single command)
usermod -a -G group_name1, group_name2, group_name3 user_nameFinally, to remove a user from a group we use the command
deluser user_name group_nameWhich will only remove the user from the user group, it will not delete the user itself.
List user groups
To list all the groups to which the current user belongs, simply use:
groups We can also show the groups to which another user belongs with:
groups user_nameFinally, if we want to list all the existing groups on the current machine we use the command:
cut -d: -f1 /etc/groupDefault user groups
The installation of Raspbian creates certain default user groups. Below is a summary of the main default user groups and their purpose.
| Group | Description |
|---|---|
| pi | User group. (A new group is automatically created every time a user is created) |
| sudo | Sudo access |
| adm | Access to log files located in /var/log |
| cdrom | Access to optical drives |
| audio | Access to audio devices (microphones, sound card, etc.) |
| video | Access to video devices (graphics card, framebuffer, webcams) |
| plugdev | Access to external storage devices |
| input | Access to the /dev/input/mice folder |
| netdev | Access to network devices |
| dialout | Access to serial ports/modems, etc. |
| gpio | Access to the GPIO port |
| i2c | Access to the I2C bus |
| spi | Access to the SPI bus |
That’s it! In future posts we will see how to manage permissions for both users and user groups. If you have any questions or know other commands, you can leave us a comment.