Skip to main content
Keeping your Linux server secure and organized often involves managing groups and assigning users the appropriate permissions. In this guide, you’ll learn how to create, delete, and modify local groups, manage memberships, and adjust primary versus secondary group assignments.

Why Use Groups?

Groups let you grant permissions to multiple users at once. For example, imagine a shared directory for your development team:
  • Team members: John, Jack, Jane
  • Directory: /srv/dev-project
  • Required access: read/write
Instead of adjusting permissions per user, you can:
  1. Create a developers group
  2. Add John, Jack, and Jane to developers
  3. Change the directory’s group ownership to developers
  4. Grant the group read/write rights
The image shows a diagram of a "Developers" group with members named John, Jack, and Jane, alongside a folder icon labeled "Permission."
Now any member of developers automatically has the correct permissions. Remove a user from the group to revoke access, or add new members to grant permissions instantly. Beyond file access, group membership controls special privileges:
  • wheel or sudo group → run commands as root
  • docker group → manage Docker containers
Each user has one primary group (used when creating files or running processes) and zero or more secondary groups.

Creating a User and a Group

First, ensure you have a user (john) and create the developers group: 
sudo useradd john
sudo groupadd developers

Managing Group Memberships

Use the gpasswd tool to add or remove users from secondary groups: 
# Add John to developers
sudo gpasswd --add john developers
# or short form
sudo gpasswd -a john developers

# Verify John's groups
groups john
# Remove John from developers
sudo gpasswd --delete john developers
# or short form
sudo gpasswd -d john developers

Changing a User’s Primary Group

To switch John’s primary group to developers, use usermod with the --gid option: 
sudo usermod --gid developers john

# Verify change
groups john
# Output: john : developers
gpasswd syntax is gpasswd [--add|--delete] username group
usermod syntax is usermod --gid group username

Renaming and Deleting Groups

Rename a group from developers to programmers: 
sudo groupmod --new-name programmers developers
# or short form
sudo groupmod -n programmers developers
Delete a group when it’s no longer needed: 
sudo groupdel programmers
If the group is the primary group for any user, groupdel will fail with:
groupdel: cannot remove the primary group of user 'john'
Change the user’s primary group first:
sudo usermod --gid john john
Then run:
sudo groupdel programmers

Quick Reference Table

CommandDescription
sudo useradd <user>Create a new user
sudo groupadd <group>Create a new group
sudo gpasswd -a <user> <group>Add a user to a secondary group
sudo gpasswd -d <user> <group>Remove a user from a secondary group
sudo usermod --gid <group> <user>Change a user’s primary group
sudo groupmod -n <new> <old>Rename a group
sudo groupdel <group>Delete a group
groups <user>List all groups for a user
Practice these commands on a test environment to master Linux group administration!

Watch Video

Practice Lab