How to Remove Linux User from a Group

Written by: Linuxopsys   |   Last updated: August 15, 2022

A user can be a member of one primary and one or several secondary (supplementary) groups in Linux. The file '/etc/group' defines group membership for each user in the Linux system.

In this tutorial, we will learn how to remove a user from a group in Linux. We will use two methods and also I will show how to manually remove the user from the group by deleting from '/etc/group' file.

Create Linux User

For the purpose of this tutorial, we will create a user named 'testuser'. When a new user is created, a new primary group with the same name for that user is created too.

We will create a new user by issuing the following command:

$ sudo useradd -m testuser

Now we can create a password for that user:

$ sudo passwd testuser
Changing password for user testuser.
New password: 
BAD PASSWORD: The password contains the user name in some form
Retype new password: 
passwd: all authentication tokens updated successfully.

I used the same password as the username so I got a warning that the password shouldn't contain the user name in some form.

Adding a User to a Group

First, we will create two new groups using groupadd command as follows:

$ sudo groupadd testgroup1
$ sudo groupadd testgroup2

Now we will add 'testuser' user to the above created two groups and also add to 'root' group using the following commands:

$ sudo usermod -a -G root testuser
$ sudo usermod -a -G testgroup1 testuser
$ sudo usermod -a -G testgroup2 testuser

Ok, so now if we look at '/etc/group' file and can see that 'testuser' is a member of all three groups.

$ cat /etc/group
root:x:0:testuser
.............
testuser:x:1001:
testgroup1:x:1002:testuser
testgroup2:x:1003:testuser

Find out the Groups a User belongs

We can also use two alternative ways to check to which groups does a user belong as follows

$ groups testuser
testuser : testuser testgroup1 testgroup2 root

$ id -nG testuser
testuser testgroup1 testgroup2 root

As you can see the output is very similar and those commands accomplish the same thing.

Remove Linux User from a Group

Let's check the 3 methods to remove Linux user from a group.

Method 1: Using usermod

We can remove a user from a group or several groups at once using usermod command. Using usermod you have to specify in which secondary groups you want to keep the user in. Let me explain with an example.

$ groups testuser
testuser : testuser testgroup1 testgroup2 root

In order to remove user 'testuser' from 'testgroup1' and 'testgroup2' group run the below command ( ie leave testuser only in 'root' group and it's primary 'testuser' group):

$ sudo usermod -G root testuser
Results
$ groups testuser
testuser : testuser root

So in order to keep a user in more groups, you'll need to mention group names separated by comma (,) like:

$ sudo usermod -G root,testgroup1 testuser
Results
# groups testuser
testuser : testuser root testgroup1

Method 2: Using gpasswd

Another command that accomplishes similar results is gpasswd. We use this command to remove users from specified groups, unlike with usermod.

To remove a user from one specific group we can use gpasswd command:

$ sudo gpasswd -d testuser root
Removing user testuser from group root

$ groups testuser
testuser : testuser testgroup1 testgroup2

$ sudo gpasswd -d testuser testgroup1
Removing user testuser from group testgroup1

$ groups testuser
testuser : testuser testgroup2

Method 3: Manually

We can also remove a user from a group by manually editing the file '/etc/group'. The effects of this method will apply to the user upon reboot.

You can use your favorite text editor to edit the '/etc/group' file:

$ cat /etc/group
.............
sssd:x:993:
sshd:x:74:
chrony:x:992:
vagrant:x:1000:
slocate:x:21:
vboxsf:x:991:
testuser:x:1001:
testgroup1:x:1002:testuser
testgroup2:x:1003:testuser

$ groups testuser
testuser : testuser testgroup1 testgroup2 root

We will now manually edit the last two entries to delete testuser and remove it from testgroup1 and testgroup2 (edited file should look like this):

$ cat /etc/group
.............
sssd:x:993:
sshd:x:74:
chrony:x:992:
vagrant:x:1000:
slocate:x:21:
vboxsf:x:991:
testuser:x:1001:
testgroup1:x:1002:
testgroup2:x:1003:

Changes will take place after reboot, and now the user has been removed from those two groups:

$ groups testuser
testuser : testuser root

Conclusion

In this tutorial, we have learned how to remove a user from a group using usermod, gpasswd and also by manually deleting them from '/etc/group' file.

These instructions can be used on any Linux system like Ubuntu, CentOS, Fedora and many others. If you have any questions, please let us know in the comments below.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment