Remove Linux User From a Secondary Group ( Supplementary Groups )

Posted on in Categories , , , , , last updated March 3, 2008

Q. User tom is a member of a group called sales and printer. I’d like to remove tom from a group called printer without editing any user configuration text files stored at /etc/ directory?

A. /etc/groups file defines group membership for each user. usermod command has -G option to set a list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. If the user is currently a member of a group which is not listed, the user will be removed from the group.

Step # 1: Find out user group identity

Use id command:
# id -nG {user-name}
# id -nG tom

Output:

sales printer

Step # 2: Remove user from printer group

Use the following syntax:
# usermod -G {groupname1,groupname2,...} {username}
To keep membership for sales only group (remove user tom from printer group), enter:
# usermod -G sales tom
# id -nG tom

Output:

sales

The following example remove user vivek from all groups except admin, audio, video and powerdev group:
# id -nG vivek
Output:

vivek adm dialout cdrom floppy audio dip video plugdev scanner netdev lpadmin powerdev admin

Modify group membership, enter:
# usermod -G admin, audio, video, powerdev vivek
# id -nG tom

Sample output:

vivek audio video powerdev admin

For more information, read usermod(8) command man page:
$ man usermod

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

21 comment

  1. lets say i want to add an existing user to an existing group. when the user belongs to other groups already. what command will i use.

    using usermod-g “groupname” user will change the initial gropu of the user and delete him from another group.
    usermod -G this will lead from the user being deleted ffrom all other groups except the one sspecified.

  2. A user (pop)who is belong to SALES group. i want that pop is remove from SALES group. how can i do it. not tell me manually. i want command to remove it..

  3. In one line (and nice for scripts):
    Add a group: usermod -aG GROUP USER
    Remove a group: usermod -G $(id -nG USER| sed -e ‘s/GROUP //’ -e ‘s/ /,/g’) USER

  4. Can anyone tell me command(s) to add an user to a new group without mentioning all the groups the user previously belongs to? (I haven’t gone thru man)

  5. Please add me in your group and please gime update and help for any my query..

    Thanks
    Bhagyesh

  6. Hi,

    I have added user to a group called sales using smbldap-usermod -G .
    How do I remove this user from the supplementary group. I was once succesful in removing the user by using the command smbldap-usermod -g . But when I give the time id -nG the supplementary group still shows up.
    Can you explain why this happens and how to overcome this problem.
    Appreciate your help

    Cheri

  7. this dint help me

    id -nG aares00
    OutPut= aaresusers rootmembers

    gpasswd -d aares00 rootmembers
    OutPut= Removing user aares00 from group rootmembers

    id -nG aares00
    OutPut= aaresusers rootmembers

    1. [[email protected] ~]# gpasswd -d new tes
      Removing user new from group tes
      gpasswd: unknown member new

      while trying getting this error
      need to remove new (new-user from group- tes)

  8. I don’t know if it’s available from other platforms or not, but I have this command on Arch which seems more intuitive and easier to do:

    groupmems -g [group_name] -d [user_name]

    For example, if I want to remove sally from group admins:

    groupmems -g admins -d sally

    1. Renato, the -R argument don’t exist for groupmod command in Ubuntu. Try man groupmod.

  9. If you want to add/remove a user only to/from a single secondary group, use gpasswd command

    Following your example

    Remove tom from sales group
    gpasswd -d tom sales

    Add tom to printer group
    gpasswd -a tom printer

Comments are closed.