A user can be a member of one primary and one or several secondary (supplementary) groups in Linux. The file '/etc/group' defines group membership for each user in the Linux system.
In this tutorial, we will learn how to remove a user from a group in Linux. We will use two methods and also I will show how to manually remove the user from the group by deleting from '/etc/group' file.
Create Linux User
For the purpose of this tutorial, we will create a user named 'testuser'. When a new user is created, a new primary group with the same name for that user is created too.
We will create a new user by issuing the following command:
$ sudo useradd -m testuser
Now we can create a password for that user:
$ sudo passwd testuser Changing password for user testuser. New password: BAD PASSWORD: The password contains the user name in some form Retype new password: passwd: all authentication tokens updated successfully.
I used the same password as the username so I got a warning that the password shouldn't contain the user name in some form.
Adding a User to a Group
First, we will create two new groups using groupadd command as follows:
$ sudo groupadd testgroup1 $ sudo groupadd testgroup2
Now we will add 'testuser' user to the above created two groups and also add to 'root' group using the following commands:
$ sudo usermod -a -G root testuser $ sudo usermod -a -G testgroup1 testuser $ sudo usermod -a -G testgroup2 testuser
Ok, so now if we look at '/etc/group' file and can see that 'testuser' is a member of all three groups.
$ cat /etc/group root:x:0:testuser ............. testuser:x:1001: testgroup1:x:1002:testuser testgroup2:x:1003:testuser
Find out the Groups a User belongs
We can also use two alternative ways to check to which groups does a user belong as follows
$ groups testuser testuser : testuser testgroup1 testgroup2 root $ id -nG testuser testuser testgroup1 testgroup2 root
As you can see the output is very similar and those commands accomplish the same thing.
Remove Linux User from a Group
Let's check the 3 methods to remove Linux user from a group.
Method 1: Using usermod
We can remove a user from a group or several groups at once using usermod command. Using usermod you have to specify in which secondary groups you want to keep the user in. Let me explain with an example.
$ groups testuser testuser : testuser testgroup1 testgroup2 root
In order to remove user 'testuser' from 'testgroup1' and 'testgroup2' group run the below command ( ie leave testuser only in 'root' group and it's primary 'testuser' group):
$ sudo usermod -G root testuser
Results $ groups testuser testuser : testuser root
So in order to keep a user in more groups, you'll need to mention group names separated by comma (,) like:
$ sudo usermod -G root,testgroup1 testuser
Results # groups testuser testuser : testuser root testgroup1
Method 2: Using gpasswd
Another command that accomplishes similar results is gpasswd. We use this command to remove users from specified groups, unlike with usermod.
To remove a user from one specific group we can use gpasswd command:
$ sudo gpasswd -d testuser root Removing user testuser from group root $ groups testuser testuser : testuser testgroup1 testgroup2 $ sudo gpasswd -d testuser testgroup1 Removing user testuser from group testgroup1 $ groups testuser testuser : testuser testgroup2
Method 3: Manually
We can also remove a user from a group by manually editing the file '/etc/group'. The effects of this method will apply to the user upon reboot.
You can use your favorite text editor to edit the '/etc/group' file:
$ cat /etc/group ............. sssd:x:993: sshd:x:74: chrony:x:992: vagrant:x:1000: slocate:x:21: vboxsf:x:991: testuser:x:1001: testgroup1:x:1002:testuser testgroup2:x:1003:testuser $ groups testuser testuser : testuser testgroup1 testgroup2 root
We will now manually edit the last two entries to delete testuser and remove it from testgroup1 and testgroup2 (edited file should look like this):
$ cat /etc/group ............. sssd:x:993: sshd:x:74: chrony:x:992: vagrant:x:1000: slocate:x:21: vboxsf:x:991: testuser:x:1001: testgroup1:x:1002: testgroup2:x:1003:
Changes will take place after reboot, and now the user has been removed from those two groups:
$ groups testuser testuser : testuser root
In this tutorial, we have learned how to remove a user from a group using usermod, gpasswd and also by manually deleting them from '/etc/group' file.
These instructions can be used on any Linux system like Ubuntu, CentOS, Fedora and many others. If you have any questions, please let us know in the comments below.