Safely change primary group of a user in Linux

Change User Group Linux
  • Share:
  • share htpcBeginnerShare on FacebookhtpcBeginner on Google+Tweet It

When it comes to user permission even a system administrator sometimes gets confused. No matter what linux training or administration training courses one has had one mistake and sever management can become a hell. Same holds true even for a Linux user at home. One has to be extremely careful while changing the primary group of any existing user. If you do some research, you will find that several people accidentally locked themselves out of being able to sudo. In order to avoid these unnecessary headaches it is essential that you change primary group of a user in linux, correctly.

Change Primary Group of Linux User

Record the Current State

Before you change primary group of a Linux user, make a note of the user’s current status. Let us consider a user by the username “mackey”. You can find this users current group memberships like this:

$ groups
$ mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin

The user mackey’s primary group is “mackey”. This is user is also associated with a bunch of other groups: adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin.

Note that adm, cdrom, sudo, dip, plugdev, sambashare, and lpadmin are all default secondary groups assigned to a user in Ubuntu 12.04 Precise Pangolin.

Change Primary Group of User

The command to use is “usermod”. Below is the syntax of the command:

usermod - Modify a user account

Syntax:
usermod [-c comment] [-d home_dir [-m]] [-e expire_date] [-f inactive_days] [-g initial_group] [-G group [,...]] [-l login_name] [-p passwd] [-s shell] [-u uid [-o]] [-L|-U] user

Options:
-d home directory
-s starting program (shell)
-p password
-g (primary group assigned to the users)
-G (Other groups the user belongs to)

If you search the internet you may find that you can change the primary group using the following command:

sudo usermod -g NewPrimaryGroup mackey

As expected the above command would change mackey’s primary group from “mackey” to “NewPrimaryGroup”. However, all of this user’s secondary group memberships will be gone, including “admin”. This means that the user will henceforth be not able to use the “sudo” command to gain root access. This user will not be able to do any changes to the system (eg. install/remove softwares).

This, however, does not happen in all distributions. For example, in Ubuntu 12.04 Precise Pangolin “sudo usermod -g NewPrimaryGroup user” command assigns the new primary group to the user keeping all existing secondary groups. Yet, I like to change primary group the safe way, which puts control in my hand.

The safe way to change primary group of a Linux user is using this following command:

sudo usermod -g NewPrimaryGroup -G mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin mackey

This command will first change the user mackey’s primary group from “mackey” to “NewPrimaryGroup”. Then it will assign the user “mackey” to the following secondary groups “mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin”. This way mackey’s primary group will be changed without affecting his other group memberships or losing his membership to his previous primary group “mackey”.

Want to further understand users, groups, and system administration? Check these learning resources:

  1. Practical Guide to Linux Commands, Editors, and Shell Programming, A (2nd Edition)
  2. Linux Command Line and Shell Scripting Bible, Second Edition
  3. Linux Administration: A Beginner’s Guide, Fifth Edition

How to Fix In Case of a Screw Up

If you change a user’s primary group with just the “-g” option and all of his/her secondary group memberships are gone, then you can fix this by couple of different ways.

Method 1: If you had setup a “root” password previously (not normal in Ubuntu) you can login as “root” and then run the following command:

sudo usermod -g NewPrimaryGroup -G mackey,adm,cdrom,sudo,dip,plugdev,sambashare,lpadmin mackey

After running the above command, logout and login as the user (mackey in this case).

Method 2: If you did not setup a password for the user “root” then you cannot login as a root user. In this case, from grub menu boot into recovery and enter command line with root previleges. Then run the same command listed above:

Reboot and the user “mackey” should now have all the secondary groups restored. The primary group will be “NewPrimaryGroup”.

If you simply want to add an existing user to a secondary group, retaining all his/her primary and secondary group memberships, then use the following command:

usermod -a -G NewSecondaryGroup user

The “-a” option means append to existing memberships.

There you go, now you can change primary group of users safely. Hope this helps.

Like this post? Share it and get Raspberry Pi OpenELEC Media Center 45-page eBook for Free!

Incoming Search Terms:

primary group in linux, bash change primary group, linux update primary group, lilinux change user defaul group, how to change group for a user in linux, how to add user to primary group in linux, how do i change the primary group of a user, change user group linux, change primary group linux, wat is lpadmin in linux

Leave a Reply

Review our comments policy.

Get your free comments avatar.

.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>