Linux Create Groups Using Groupadd Command

Linux groups are required for easy management and administration of users. Linux and Unix system contains regular (normal) and system groups.

Linux resources (say file or directories) are set with read, write or execute permissions for the associated group which has users who share those privileges.

In this tutorial, we learn how to create groups in Linux using groupadd command.

Groupadd Command

In Linux and Unix-like operating use groupadd command to create groups. You should have root access or sudo user privilege to run groupadd command.

The following line shows the syntax of groupadd command:

groupadd [options] groupname

1) How to Create a group in Linux

To create a group use groupadd command followed by the name of the group.

The following command will add a group 'developers' to the system and later you can add a user to this group.

# groupadd developers

Group information will be stored in '/etc/groups' file and you can use grep command to search group name.

For example, lets search for the group 'developers" using grep command in '/etc/group' file:

# grep developers /etc/group
developers:x:506:

2) Create Group with Custom GID

In the earlier tutorial we saw when creating a new user, the system creates a unique User ID (UID) for each user. Likewise when we create a new group a GID (Group ID) number is created.

If you want to provide a custom (specific) GID number, it can be provided with -g or --gid option.

Following example shows to create a group named 'developers' with specific GID (3456):

# groupadd -g 3456 developers

To verify we can list the group and use grep command to filter:

# grep developers /etc/group
developers:x:3456:

3) Create a system group

The GID (Group ID) are by default allotted to groups between "GID_MIN' and 'GID_MAX' values defined in login.defs (/etc/login.defs) file. Usually, the value of GID_MIN is 500 or 1000 in most linux systems.

The GID below 'GID_MIN' are reserved for system groups (for operation like backup, maintenance or for granting access to hardware). In order to create a group with GID below 'GID_MIN' value, use -r option.

For example, let us create a group 'devsys' using -r option:

# groupadd -r devsys

Let's verify by listing the group and we can see that GID allocated is 102 (which less than 500).

# grep devsys /etc/group
devsys:x:102:

4) Creating Group with Non-unique GID

If we create a group with an existing GID number, the system won't allow creating a group. But there is an option to allocate non-unique GID to a group.

The following output shows the system won't allow creating the group named 'devops' because there is another group that exists with GID number 505.

# groupadd -g 505 devops
groupadd: GID 505 is not unique

Now let's create a group with non-unique GID using -o option.

This time you can see that the group 'devops' is created.

# groupadd -o -g 505 devops

When you list groups you can see there exist two groups with same GID number:

# grep 505 /etc/group
bill:x:505:
devops:x:505:

5) Changing the default options

To override the default (especially GID_MIN and  GID_MAX) values defined for  in '/etc/login.defs' file, you can use -K option.

For example, let create a group named 'coders' with overriding default values for 'GID_MIN' (set to 1500) and 'GID_MAX' (set to 1700):

# groupadd -K GID_MIN=1500 -K GID_MAX=1700 coders

The following output confirms that the group 'coders' was created with GID '1502' which between GID_MIN and GID_MAX values we set:

# grep coders /etc/group
coders:x:1502:

6) Creating group password

Group passwords are not very commonly used due security reason, forcing people to share single password, when multiple people required access one particular group.

You can use -p option to create a password for a new group.

In the following command we create a password 'password123' for the new group 'coders':

# groupadd -p password123 coders

7) Force success for existing group

As we know if we try to create a group that already exists, it will fail.

Let's try to add an existing group 'javaproject' and see what would be its exit status:

# groupadd javaproject
groupadd: group javaproject exists
# echo $?
9

We can see that the command had exited with an error. Yes, that was an obvious one. But if you want to exit the command with success status, when the group exists, use -f or --force option.

In the first command I have added -f option and you can see it exited with no error. The second command verify the exit code and confirm that it was success.

# groupadd -f javaproject
# echo $?
0

Conclusion

In this tutorial, we have learned how to create a group in Linux and options of groupadd command. Groupadd command should work on all Linux distributions including Ubuntu, Debian, Centos and Mint.

I hope you enjoyed reading and please leave your suggestions in the below comment section.

Bobbin Zachariah 8:37 am

Comments

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.