The groupadd command in Linux is used to add a new group to the system. This group is also known as the secondary group. After creating a group using groupadd, you can add users to the group using the usermod command or the gpasswd command.
Groups simplify the task of setting permissions. Instead of assigning permissions to each user separately, you can assign them to a group and then add users to that group.
In this tutorial, we will learn about groupadd command in Linux with Examples.
The basic syntax of groupadd command:
groupadd [OPTION] GROUPNAME
The GROUPNAME is the name of the group you want to add, while OPTIONS modify the behavior of the command.
The /etc/group is the primary file that keeps track of all groups. After using the groupadd command, you can check the /etc/group file to see the newly created group. The /etc/gshadow also contains the group information but additionally, it stores the encrypted passwords for groups (if any exist, which is rare and not typically recommended).
When the groupadd command is used to create a new group in Linux, it obtains default values from the configuration file /etc/login.defs. This file contains default configurations for creating new users and groups such the range of group IDs, range of GIDs for system groups, etc. But you can override these values by explicitly specifying options of groupadd command.
Once the group is created, if you need to modify its attributes use groupmod command.
Detailed Breakdown of Options
Each option provides unique functionality:
-g, --gid [GID]: Specify the group ID (GID) manually. If not provided, the GID is taken from the system-defined range.
-o, --non-unique: This option allows you to create groups with a GID that is already in use.
-p, --password [PASSWORD]: Sets the password for the new group. This is rarely used, as group passwords are considered a security risk.
-r, --system: Create a system group. These groups are usually used for system-related tasks.
-K, --key KEY=VALUE: Overrides default values in
-f, --force: This will force the command to create a group even if it already exists. If the group does not exist, the
-foption has no effect.
Working with Examples
Let's check how to use usermod with some examples.
Create a New Group
To create a new group, run groupadd followed by the group's name. But keep in mind, you'll usually need superuser (root) privileges to create a group.
sudo groupadd developers
This command creates a new group named developers.
After creating the group, you can check if it was successfully added by looking at the /etc/group file or by using the getent command:
grep developers /etc/group or getent group developers
Each line in /etc/group file represents a single group and contains details about the group name, password (usually an 'x' if password is shadowed or blank if no password), the group ID (GID), and a list of users who are members of that group.
Create a Group with a Specific GID
When a new group is created, groupadd by default assigns a Group ID (GID) based on the GID_MIN and GID_MAX range mentioned in the /etc/login.defs file.
By default, the system group is assigned with a GID between 000 and 999 and the secondary group between 1000 and 60000. However, you can create a group with a specific GID using the -g option.
For example to create a group named testers with a specific GID of 1021, type:
sudo groupadd -g 1021 testers
Note: Ensure that the GID you choose is unique and not already in use by another group.
The -K option with the groupadd command in Linux allows you to override default values specified in the /etc/login.defs file.
For example to create a group named admin with GID_MIN to 1500 and GID_MAX to 1502, type:
sudo groupadd -K GID_MIN=1500 -K GID_MAX=1502 admins
From the output, you can see the group named admins is created with group id 1500 which is within the range we provided. Remember that the -K option doesn't permanently change the values in /etc/login.defs.
Ignore if already exists
If the group you are trying to create already exists, the groupadd command will typically fail and report an error. However, when you use the -f or --force option, groupadd will exit successfully without doing anything if the group already exists.
Let's say you have a script, and you want to ensure that a group named developers exists. If you're unsure whether the group already exists and don't want to see an error in case it does, you can use:
sudo groupadd -f developers
This command will either create the group (if it doesn't exist) or do nothing (if it already exists), but in both cases, it will not produce an error.
Troubleshooting: GID already exists
When you encounter the "GID already exists" error while using the groupadd command in Linux, it means that you're trying to create a new group with a Group ID (GID) that's already assigned to another group on the system. This typically happens when you use the -g option with groupadd to manually specify a GID.
Here's how you can handle this situation:
You can list existing groups and their GIDs using the following command
getent group | grep desired_gid
If the GID you're attempting to use is taken, you can try a different GID. If you don't have a specific GID in mind, you can simply omit the -g option when using groupadd, and the system will automatically assign the next available GID to the new group.
Alternatively, you can force groupadd to use the same GID using -o option, But this is not much recommended as leads to complications and confusion, especially when managing file permissions.