Understanding /etc/group File

Can you explain me the format of /etc/group user group file under Linux / UNIX-like operating systems?

The /etc/group is a text file which defines the groups to which users belong under Linux and UNIX operating system. Under Unix / Linux multiple users can be categorized into groups. Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals. This method, amongst others, also enables the Superuser to delegate some administrative tasks to normal users.

ADVERTISEMENTS

Understanding the /etc/group File

It stores group information or defines the user groups i.e. it defines the groups to which users belong. There is one entry per line, and each line has the following format (all fields are separated by a colon (:)

Fig.01: Sample entry in /etc/group file

Fig.01: Sample entry in /etc/group file

Where,

  1. group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field.
  2. Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups.
  3. Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file.
  4. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.

More About User Groups

Users on Linux and UNIX systems are assigned to one or more groups for the following reasons:

  • To share files or other resource with a small number of users
  • Ease of user management
  • Ease of user monitoring
  • Group membership is perfect solution for large Linux (UNIX) installation.
  • Group membership gives you or your user special access to files and directories or devices which are permitted to that group


(Fig.01: Understanding groups)

User tom is part of both ‘Web developers’ and ‘Sales’ group. So tom can access files belongs to both groups.

Task: View Current Groups Settings

Type any one of the following command:
$ less /etc/group
OR use the more command:
$ more /etc/group
OR use the cat command:
$ more /etc/group

Task: Find Out the Groups a User Is In

Type the following groups command:
$ groups {username}
$ groups
$ groups vivek

Sample outputs:

vivek : vivek adm dialout cdrom plugdev lpadmin netdev admin sambashare libvirtd

Task: Print user / group Identity

Use the id command to display information about the given user.

Display only the group ID, enter:

Use the id command:
$ id -g
$ id -g user
$ id -g vivek

OR
$ id -gn vivek

Display only the group ID and the supplementary groups, enter:

$ id -G
$ id -G user
$ id -G vivek

OR
$ id -Gn vivek

This entry is 3 of 3 in the Linux / UNIX System's Accounts Files Tutorial series. Keep reading the rest of the series:
  1. Understanding /etc/passwd File Format
  2. /etc/shadow file format
  3. Linux and Unix /etc/group file

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
28 comments… add one
  • Brian Nov 19, 2008 @ 20:49

    On the money. The detail was clear and straight forward. I quickly found the answer to the problem that we were facing in our production test environment.

  • Chakradana Jan 19, 2009 @ 9:07

    Clear and good.

  • null Mar 14, 2009 @ 4:01

    wonderful

  • miguel rodríguez Mar 19, 2009 @ 11:01

    perfect!! just what i need ;)

  • chris Apr 29, 2009 @ 11:05

    Great, Thanks!
    But one more question remains:
    Does /etc/group allow wildcards (probably not) or is it possible to allow all group members of one group to be part of another?
    I have the problem, that different linux installations (which are all needed unfortunately) provide different groups and user authentification is central from NIS …

  • Ray V May 19, 2009 @ 11:43

    Will a blank line in the /etc/group file cause a system read problem? I know on some UNIX platforms, a blank line in the password file causes problems. Thanx

    • 🐧 nixCraft May 19, 2009 @ 13:49

      It may cause a problem. It is better to remove a blank line. But I never tested it… YMMV.

  • Pete VargasMas Oct 20, 2009 @ 13:38

    Can a group be a member of another group?

  • rahul Nov 18, 2009 @ 6:08

    What is the default permission for /etc/group

  • Nethaji Reddy May 13, 2010 @ 9:07

    If I add my Group ID or Account name to admin/root in /etc/group, will it work. If not how can I do the same.

  • trusktr Aug 6, 2010 @ 20:48

    But why exactly do some in my group file have and x, or nothing at all in the password field? What’s the purpose?

  • vahid Sep 18, 2010 @ 0:50

    how can i allow the root user of another machine to view the files that are only set to be viewed by the users that are in /etc/group which is set on another machine?
    for example can we just add root@host to my nis group so when that machine comes up in initialization access those files and execute them?

  • eduard Dec 9, 2010 @ 5:04

    are there any commands that can show / list all members of a group (using hp-ux)? thanks

  • paul erickson Dec 23, 2010 @ 15:03

    Good, but did not mention what the ‘x’ means in the password.

    • michal Dec 15, 2011 @ 20:13

      The ‘x’ means that password is stored in /etc/gshadow, not in /etc/group.. It’s the same way as in /etc/passwd, if you gave x in password field, it means that the user’s password is stored in /etc/shadow.

  • Ricardo Oct 14, 2011 @ 3:08

    Very good explanation!!

  • Barry Say Feb 15, 2012 @ 12:38

    Can I ask a very simple question? Usually, the owner of a file is also a member of the group which has ‘special’ access as defined by the permissions. If the owner is not a member of the group, can this lead to any difficulties? I do not think that their would be any problems, but I have never seen this written explicitly anywhere.

    Anyone know the answer?

    Barry

  • eman.alnasser Mar 6, 2012 @ 10:23

    Perfect!

  • Patrick Sep 11, 2012 @ 8:01

    It is possible to change only the group id? if yes, how we can do this?
    thx

    • asis Jul 30, 2020 @ 4:47

      sudo gpasswd -g (new id) ( old grp id)

  • Srini Sep 24, 2012 @ 18:37

    It was easy to learn and straight on the point saving my time. Thank you :)

  • test Oct 5, 2012 @ 20:27

    How do I comment out a line in /etc/group and /etc/passwd ? is putting a # mark at the start of the line going to do it?

  • ashok Jul 11, 2013 @ 10:44

    can we break the password which is in enscrypted format

    • James ESquier Sep 21, 2016 @ 14:12

      No, can not break but can change with proper permissions.

  • vijay Nov 19, 2013 @ 16:39

    in /etc/groups file,
    can i have multiple entries like this?

    wheel:x:10:root,john
    wheel:x:10:root,mike

    • Don Feb 12, 2015 @ 23:59

      Instead of two lines in your example, why not just do this?

      wheel:x:10:root,john,mike

      I was looking at this thread to see if something like crossing user permissions was okay. For example, this makes each user a member of the other user. Helpful for managing a media center from a different account.

      media:x:1000:don
      don:x:1001:media

  • azmeraw dessalegn Jun 6, 2015 @ 9:00

    partially my question is answered. but there is more question. once i change group who has privilege to access my file but how the access my file?

  • azmeraw dessalegn Jun 6, 2015 @ 9:04

    what will be happen if the group has encrypted password?

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.