In the Linux ecosystem, the collection of users is called a ‘Group’. When a user is added to a group, we are defining the permissions of a Linux user. Groups also define what files, settings, and folders the user should have access to.
In the simplest terms, groups help you to find out and set the privileges like read (
r), write (
w) and execute (
x) over a resource shared among the users. You can also alter these permissions as and when required.
Finding out groups to which a user account belongs will help you learn about the permissions a particular user has and also change the permissions whenever required.
This short tutorial will help you find out the groups to which a user belongs using some pretty simple commands and techniques.
Before going deep into the tutorial, it would be helpful if you have a basic overview of some of the concepts. I’d recommend the beginners to go through these concepts first.
Group: A collection of users on the Linux system. A single user can be a member of more than one group. A group defines what permissions a user has.
Primary Group: The primary group is the main group associated with the user account. Each user must be a member of a single primary group. It is created at the same time the user account is created and the user is automatically added to this group. Usually, the name of the primary group is the same as the name of the user.
Secondary Group:Secondary group is optional and a user may or may not have a secondary group. It is used to grant some additional rights to the user. The user can be a member of multiple secondary groups.
/etc/group file: In Linux, the group membership is controlled by the
/etc/group file. It’s a simple text file containing a list of groups and the users belonging to each group.
/etc/passwd file: This file contains information for all the user accounts on the system. There is an entry of one user account per line represented in this file.
groups command is a super simple process to list the groups which the current user belongs to. You can also use this command to list the groups of a specific user registered with the system.
gaurav@ubuntu:~$ groups gaurav adm cdrom sudo dip plugdev lpadmin sambashare gaurav@ubuntu:~$
Finding a group of a particular user.
gaurav@ubuntu:~$ groups tomcat tomcat : tomcat lpadmin sambashare gaurav@ubuntu:~$
In this example, I’ve listed the groups to which the user named tomcat belongs.
id command displays the group information of the user. It shows parameters like
uid (user id),
gid (group id) and the list of groups to which the user belongs to.
gaurav@ubuntu:~$ id tomcat uid=1002(tomcat) gid=1002(tomcat) groups=1002(tomcat),113(lpadmin),128(sambashare) gaurav@ubuntu:~$
id command when used without an argument returns the group information about the current user.
gaurav@ubuntu:~$ id uid=1000(gaurav) gid=1000(gaurav) groups=1000(gaurav),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare) gaurav@ubuntu:~$
Here, the group information of the current user is displayed.
Using the /etc/group file
As discussed in the pre-requisite block, we know that
/etc/group file contains all the information of the groups available on the system. We can use this file to view the list of the groups using a simple command as follows.
You can use
grep command to list open the contents of this file.
root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,gaurav tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:gaurav floppy:x:25: tape:x:26: sudo:x:27:gaurav audio:x:29:pulse dip:x:30:gaurav,batman www-data:x:33:
This will list the entire groups on the Linux system.
Listing all Groups using
getent command can be used to display a list of all the available groups on your Linux system. The output is similar to that of the content of
getent group command displays the entries from databases configured in
gaurav@ubuntu:~$ getent group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,gaurav tty:x:5: disk:x:6: lp:x:7: mse dip:x:30:gaurav,batman :x:39: stmp:x:43: video:x:44: sasl:x:45: plugdev:x:46:gaurav staff:x:50: games:x:60: users:x:100: 106: crontab:x:107: vahi:x:120: bluetooth:x:121: scanner:x:122:saned colord:x:123: pulse:x:124: pulse-access:x:125: rtkit:x:126: saned:x:127: trinity:x:1000: sambashare:x:128:gaurav mongodb:x:130:mongodb guest-tqrhc7:x:999: guest-piinii:x:998: scala:x:997: sbt:x:996: guest-oi9xaf:x:995: tomcat:x:1001: tomcat7:x:132: tomcat8:x:133: geoclue:x:105: gdm:x:134: mysql:x:129: couchdb:x:131: temporary:x:1002:
For finding the group of a particular user, use the following command.
getent group | grep [username]
gaurav@ubuntu:~$ getent group | grep gaurav adm:x:4:syslog,gaurav cdrom:x:24:gaurav sudo:x:27:gaurav dip:x:30:gaurav,batman plugdev:x:46:gaurav lpadmin:x:113:gaurav gaurav:x:1000: sambashare:x:128:gaurav gaurav@ubuntu:~$
All the groups associated with the user gaurav are now listed on the terminal.
libuser-lid command displays information about groups containing user name, or users contained in group name.
NOTE:This command requires
sudo privileges. Else you will encounter an error as follows-
No user name specified,
Error initializing libuser: not executing with superuser privileges
In case if
libuser-lid utility is not available on your distros, you can use the following command to install it.
For Ubuntu and Debian users:
sudo apt-get update
sudo apt-get install libuser
For CentOS, Fedora and other distros:
sudo yum install libuser
sudo libuser-lid [username]
gaurav@ubuntu:~$ sudo libuser-lid gaurav
adm(gid=4) cdrom(gid=24) sudo(gid=27) dip(gid=30) plugdev(gid=46) lpadmin(gid=113) trinity(gid=1000) sambashare(gid=128)
Here, all the groups are listed which are associated with the entered username.
In this super simple tutorial, we have now learnt to display the groups available on the Linux systems. The commands explained in this tutorial can be applied on all the Linux distributions in the same way.