In Linux we can modify a local user account with the ‘usermod’ command. Here we will cover some examples of using the various syntax options with usermod in order to modify existing user accounts in Linux, specifically to add them into a group.
Firstly a quick word on the different types of groups we’ll be dealing with here. When we create a new user account, by default an initial primary group with the same name will be automatically created in the /etc/group file which contains local group configuration. This user account will have the group ID (GID) of this group, it’s the user’s primary group and the user is only in one of these types of group at a time.
If we want to add the same user account into any other groups, we can either modify the GID, or what is more common we will simply add supplementary groups.
Essentially the user account has one GID, as it has one primary group, but can also be added to any number of additional supplementary groups.
Create Local User Account
To start we’ll create a test user account for the purposes of modifying, for further information see our post on adding new users to Linux.
[[email protected] ~]# useradd testaccount
This has created a user called ‘testaccount’. We did not specify any options when creating the account, so it’s fairly vanilla and is not currently a member of any supplementary groups.
Modify Local User Account
Now that the account exists, we can proceed with modifying it with ‘usermod’.
Change Primary Group
In this instance we will change the group ID (GID) of the user.
[[email protected] ~]# id testaccount uid=1339(testaccount) gid=1339(testaccount) groups=1339(testaccount) [[email protected] ~]# groupadd group1 [[email protected] ~]# usermod testaccount -g group1 [[email protected] ~]# id testaccount uid=1339(testaccount) gid=1340(group1) groups=1340(group1)
As we can see above, the group of testaccount is shown with the ‘id’ command, we then use ‘groupadd’ to create a new group named group1, and with usermod we change the primary group with the -g option to our newly created group1. Finally, we use ‘id’ again to show the change in group.
This will only modify the GID in the /etc/passwd file for the user, it does not edit /etc/group as the group still exists and only supplementary groups have users appended here, as we’ll cover next.
Add User To Group
What is more common, is using the -G option (note capital G, rather than lowercase) which will add supplementary groups. We can specify more than one group in a single command by separating the group names with a comma.
[[email protected] ~]# groupadd group2 [[email protected] ~]# usermod testaccount -G group1,group2 [[email protected] ~]# id testaccount uid=1339(testaccount) gid=1339(testaccount) groups=1339(testaccount),1340(group1),1341(group2)
Upon doing this, the /etc/group configuration file will change, showing that the testaccount user is listed after both group1 and group2, as it is now a member of both groups.
[[email protected] ~]# grep testaccount /etc/group testaccount:x:1339: group1:x:1340:testaccount group2:x:1341:testaccount
In this example, the testaccount group with GID 1339 is the primary group for the testaccount user, while we can see both group1 and group2 have ‘testaccount’ appended to the end, this is where the list of users that are members of the group will show.
Note that if you run the ‘usermod’ command and specify -G, the default action is to remove the user from any existing supplementary groups and add in the newly specified ones only. If you wish to keep existing group membership, which is more commonly the case, simply also specify the -a flag which will append the groups specified and leave older group membership untouched.
As shown we can use the ‘usermod’ command to modify the group ID (GID) of a user account, or add the user account to additional supplementary groups.