Linux: Add User to Group (Primary/Secondary/New/Existing)

how to add user to group in Linux

Let’s see how we can add new and existing users to primary and secondary groups in Linux. The standard Linux permission model makes use of users, groups, and file permissions (i.e., read, write, execute, and a sticky bit).

Adding a User to a Group in Linux

If you just want to add a user to a group use the following command:

This will add your user: username, to the grouptoadd group. More often than not, this is the best practice for when you want to add a user to a group. Technically, this is considered a secondary group. The primary group defaults to a group that is the same as the username in Linux. In this example, the primary group for username would most likely be called “username” as well.

The Nitty-Gritty Details and a Tutorial

There are two kinds of groups:

  1. Primary Group: This is the group applied to you when you log in; in most user cases it has the same name as your login name. The primary group is used by default when creating new files (or directories), modifying files, or executing commands.
  2. Secondary Groups (AKA Supplementary Groups): These are groups you are a member of beyond your primary group. As an example, this means that if a directory or file belongs to the www-data group (as used by the web server process in this case), then all www-data group members can read or modify these files directly (assuming the permissions also allow for this).

A list of all currently available groups can be found in the /etc/group file.

Note that every group can also have administrators, members, and a password. See explanations of the gpasswd and sg commands below.

1. Create a New User: useradd or adduser

Linux users can be added via the useradd or adduser commands. Note that useradd is the native binary associated with Linux systems, whereas useradd is a Perl script that uses said binary in its backend. Both commands share functionality, but some say adduser is more user-friendly, so we’re going to start there in our demo. Using the adduser command, let’s create a new user: foobar. Later we’ll change the group permissions for this new user.

We will be asked to enter our (sudo-allowed) user password before the user account is created:

We see that the user, foobar, was assigned the primary group, foobar, by default.

2. Get User ID and Groups Information: id and groups

To show all the user information and group memberships, we can use the id command:

Here the gid, or group ID, is the primary user group and groups is the secondary group.

We could also get all the users’ groups with the groups command:

3. Change the Primary Group of a User: usermod -g

In some cases it can make sense to change the primary group of a user.

We can do this with the usermod command:

The lowercase -g option refers to a primary group.

Let’s verify that the change was made:

Now foobar has the www-data primary group context. So whenever a new file is created by this user, it will be assigned the www-data group by default.

Let’s undo this change before we continue:

4. Add or Change Users in Secondary Groups: adduser and usermod -G

Now let’s add our foobar user to www-data as a secondary group. The easiest way to do this is via the adduser command:

We can see the secondary group of this user was updated:

There is another way to achieve the same result as above using the usermod command:

The uppercase -G option refers to a secondary or supplementary group. Now foobar will have access to the www-data group files, but new files created by that user will not have the www-data group label by default.

It’s also possible to add a user to several secondary groups at once using the usermod command:

The optional -a option makes sure the groups are added to the existing secondary groups of the user (if these exist). If this option is omitted, the user will be removed from any groups not listed after the “-G.”

5. Create or Delete a Group in Linux: groupadd and groupdel

Using the groupadd command, we can create a new group: group1.

We can then remove group1 from the Linux system utilizing the groupdel command:

This will also remove the memberships of any user related to this group.

User Administration in Linux (Other Commands and Articles to Try)

Let’s wrap up this article by referring to some of the other group commands in Linux:

  • newgrp: log into a new group
  • sg: execute a command as a different group ID
  • groupmod: modify a group definition (e.g., the group ID, group name, or password)
  • gpasswd: administer /etc/group and /etc/gshadow files (every group can have administrators, members, and a password)
  • chown or chgrp: change individual or group ownership of a file or directory

Now you should be able to confidently configure users, groups, and their administrative info in Linux. Feel free to check out our article on changing file ownerships in Linux for more insights.

Roberto Sanchez

Questions or Comments? Ask Roberto!

Ask a question and Roberto will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.

  • Andrew Rothman

    Typo here?

    Note that useradd is the native binary associated with Linux systems, whereas useradd is a Perl script that uses said binary in its backend.

  • CommonSense in MA

    I am new to Linux administration. We have most of our stuff under a user ‘jon’. I would like to allow another user ‘evgeny’ rwx permission to one of jon’s subfolders, /CollectDataService

    What is wrong with this statement?
    sudo chmod -R evgeny u+rwx /home/jon/CollectDataService

    • Nick Fenwick

      The man page for chmod (‘$ man chmod’) shows the username is not part of
      the command line, none of the SYNOPSIS scenarios is like the one you
      are trying. If a command fails, first check the man page to see if you
      are calling it correctly. Also, post output when asking for help on the
      net like this. You cannot grant a specific user special access to
      files in the way you are trying, perhaps you come from a Windows
      background. the ‘u’ part of the bitmask of files applies to the owner
      of those files. You either need to change the owner of those files to
      evgeny (probably a crazy thing to do, as they still reside under
      /home/jon and will no longer belong to jon) or make sure job and evgeny
      are in the same group, then chgrp the files so they belong to that group
      (‘$ chgrp -R somegroup /home/jon/CollectDataService’) and make sure
      they are accessible by that group (‘$ chmod -R g+rwx

  • DK

    Ading to a group like this doesn’t work on CentOS:
    >sudo adduser foobar www-data

  • Sandeep Patkari

    user san is having san as a primary group

    user bar is having bar as a primary and san as secondary group.

    But user bar want to modify/rename the file created by san. Note that the folder where user bar wants to modify the file of san is having 775 permissions.
    Is the above scenario possible? Is yes how?