Add or remove user from a group using multiple different utilities.
usermod
Use usermod utility to modify a user account.
$ usermod --help
Usage: usermod [options] LOGIN
Options:
-b, --badnames allow bad names
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
the user from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-R, --root CHROOT_DIR directory to chroot into
-P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
-Z, --selinux-user SEUSER new SELinux user mapping for the user account
Inspect groups defined for user asterope.
$ id asterope
uid=1000(asterope) gid=1000(asterope) groups=1000(asterope),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
Append asterope user to the lxd group.
$ sudo usermod --append --groups lxd asterope
Inspect groups defined for user asterope.
$ id asterope
uid=1000(asterope) gid=1000(asterope) groups=1000(asterope),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),133(lxd),134(sambashare)
This utility does not provide a way to remove the user from a group, but you can define a list of supplementary groups which the user is a member of.
$ id --groups --name asterope
asterope adm cdrom sudo dip plugdev lpadmin lxd sambashare
$ sudo usermod --groups asterope,adm,cdrom,sudo,dip,plugdev,lpadmin,sambashare asterope
Inspect groups defined for user asterope.
$ id asterope
uid=1000(asterope) gid=1000(asterope) groups=1000(asterope),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
adduser & deluser
Use utilities designed to add or delete specific user to alter its groups.
$ adduser --help
adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
[--disabled-password] [--disabled-login] [--add_extra_groups]
[--encrypt-home] USER
Add a normal user
adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
[--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password]
[--disabled-login] [--add_extra_groups] USER
Add a system user
adduser --group [--gid ID] GROUP
addgroup [--gid ID] GROUP
Add a user group
addgroup --system [--gid ID] GROUP
Add a system group
adduser USER GROUP
Add an existing user to an existing group
general options:
--quiet | -q don't give process information to stdout
--force-badname allow usernames which do not match the
NAME_REGEX[_SYSTEM] configuration variable
--extrausers uses extra users as the database
--help | -h usage message
--version | -v version number and copyright
--conf | -c FILE use FILE as configuration file
$ deluser --help
deluser USER remove a normal user from the system example: deluser mike --remove-home remove the users home directory and mail spool --remove-all-files remove all files owned by user --backup backup files before removing. --backup-totarget directory for the backups. Default is the current directory. --system only remove if system user delgroup GROUP deluser --group GROUP remove a group from the system example: deluser --group students --system only remove if system group --only-if-empty only remove if no members left deluser USER GROUP remove the user from a group example: deluser mike students general options: --quiet | -q don't give process information to stdout --help | -h usage message --version | -v version number and copyright --conf | -c FILE use FILE as configuration file
Inspect groups defined for user taygete.
$ id taygete
uid=1000(taygete) gid=1000(taygete) groups=1000(taygete),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
Add user taygete to www-data group.
$ sudo adduser taygete www-data
Adding user `taygete' to group `www-data' ... Adding user taygete to group www-data Done.
Inspect groups defined for user taygete.
$ id taygete
uid=1000(taygete) gid=1000(taygete) groups=1000(taygete),4(adm),24(cdrom),27(sudo),30(dip),33(www-data),46(plugdev),122(lpadmin),134(sambashare)
Remove user from a group.
$ sudo deluser taygete www-data
Removing user `taygete' from group `www-data' ... Done.
Inspect groups defined for user taygete.
$ id taygete
uid=1000(taygete) gid=1000(taygete) groups=1000(taygete),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
gpasswd
Use gpasswd utility to administer groups.
$ gpasswd --help
Usage: gpasswd [option] GROUP
Options:
-a, --add USER add USER to GROUP
-d, --delete USER remove USER from GROUP
-h, --help display this help message and exit
-Q, --root CHROOT_DIR directory to chroot into
-r, --remove-password remove the GROUP's password
-R, --restrict restrict access to GROUP to its members
-M, --members USER,... set the list of members of GROUP
--extrausers use the extra users database
-A, --administrators ADMIN,...
set the list of administrators for GROUP
Except for the -A and -M options, the options cannot be combined.
Inspect groups defined for user merope.
$ id merope
uid=1000(merope) gid=1000(merope) groups=1000(merope),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
Add user merope to the lxd group.
$ sudo gpasswd --add merope lxd
Adding user merope to group lxd
Inspect groups defined for user merope.
$ id merope
uid=1000(merope) gid=1000(merope) groups=1000(merope),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),133(lxd),134(sambashare)
Remove user merope from lxd group.
$ sudo gpasswd --delete merope lxd
Removing user merope from group lxd
Inspect groups defined for user merope.
$ id merope
uid=1000(merope) gid=1000(merope) groups=1000(merope),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
groupmems
Use groupmems utility which is designed to administer members of a user’s primary group.
$ groupmems --help
Usage: groupmems [options] [action]
Options:
-g, --group groupname change groupname instead of the user's group
(root only)
-R, --root CHROOT_DIR directory to chroot into
Actions:
-a, --add username add username to the members of the group
-d, --delete username remove username from the members of the group
-h, --help display this help message and exit
-p, --purge purge all members from the group
-l, --list list the members of the group
This utility depends on PAM configuration, which is very likely missing. The following configuration is an absolute minimum to get it working in this case.
$ sudo tee /etc/pam.d/groupmems <<EOF auth sufficient pam_rootok.so EOF
auth sufficient pam_rootok.so
Inspect groups defined for user alcyone.
$ id alcyone
uid=1000(alcyone) gid=1000(alcyone) groups=1000(alcyone),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)
Add user alcyone to the scanner group.
$ sudo groupmems --group scanner --add alcyone
Inspect groups defined for user alcyone.
$ id alcyone
uid=1000(alcyone) gid=1000(alcyone) groups=1000(alcyone),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),126(scanner),134(sambashare)
List group members.
$ sudo groupmems --group scanner --list
saned alcyone
Remove user alcyone from the scanner group.
$ sudo groupmems --group scanner --delete alcyone
Inspect groups defined for user alcyone.
$ id alcyone
uid=1000(alcyone) gid=1000(alcyone) groups=1000(alcyone),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),134(sambashare)