USERS AND GROUPS ON LINUX SERVERS

You can add users to more than one group in Linux, allowing you to assign permissions to files per group. For example, to be able to use administrative programs in Ubuntu a user must be part of the sudo group.

CREATING A NEW GROUP

If you want to create a new group, you can use the groupadd command to create it. Note that you need to have root privileges to create a new group, on Ubuntu/Debian you can type sudo before the command to create the new group, on other systems you can use the su command to log in as the root user. An example of creating a new group in Ubuntu will be:

sudo groupadd grupoazul

This command creates a new group named grupoazul, but you can name it anything you want.

ADDING A USER TO ANOTHER GROUP

To add a user to a new group, the usermod command is used. For example, to add the user Carlos to the sudo group in Ubuntu, you can use the following command:

sudo usermod -a -G sudo carlos

Note that the system is case sensitive in user and group names, for this reason, all user and group names tend to be lowercase to avoid errors and confusion. At the same time, users have their main name or a username, in this example it is Carlos, but there is also the full name, which is used to display the user's preferred name in system programs. Also, the same command is used to add several groups at once:

sudo usermod -a -G sudo,grupo2,grupo3 carlos

Be sure to separate each group with a comma without any space, and then separate the user from the groups with a space.

CHANGING A USER'S PRIMARY GROUP

Each user has a primary group that is considered before any other group it is a part of, this primary group is used for file permissions created and the user's login process. To change this primary group we use the usermod program again:

sudo usermod -g nuevogrupo usuario

The lowercase -g parameter is used to assign a primary group to the user, while the -G we used in the last example is used to assign a secondary group.

HOW TO VIEW A USER'S GROUPS

The groups and id commands are used to view the groups assigned to a user. The former displays a list of the names of the groups assigned to a user, while the latter, id, displays the group ID numbers of the assigned groups. These commands can be executed without specifying a user, to view the groups or id of the current user, but adding a user's name shows the groups assigned to that user:

groups juan

This example shows all the groups assigned to the user Juan, if instead of names you want to see the ids of his groups, use the other command:

id juan

The first group shown after gid in the results is the main group of the user.