TechEarl

How to Create a Group on Linux (groupadd)

Create a group with groupadd, add users to it, and understand the difference between a user's primary group and the secondary groups that grant shared access.

Ishan Karunaratne⏱️ 4 min readUpdated
Share thisCopied
Create a group on Linux with groupadd, add members, and the difference between primary and secondary groups.

Groups are how Linux shares access between users. Creating one is a root task and a single command:

bash
sudo groupadd developers

That adds a line to /etc/group. Confirm it and you are done:

Root terminal running groupadd developers, then getent group developers showing the new group and its GID in /etc/group.
groupadd creates the group; getent group shows the entry and its GID.

A group on its own does nothing useful until it has members and owns (or is granted access to) some files. The point of a group is to let several users share access to the same resources without making those resources world-readable.

Add users to the group

Membership is set with usermod, not groupadd. The -a (append) is critical:

bash
sudo usermod -aG developers deploy

-aG adds developers to the user's existing secondary groups. Leaving out -a (usermod -G developers deploy) replaces all of the user's secondary groups with just developers, which is a classic way to accidentally remove someone from sudo or docker. There is a whole article on doing this safely.

Primary vs secondary groups

This trips up a lot of people.

Primary groupSecondary groups
How manyExactly one per userZero or more
Set withuseradd -g / usermod -guseradd -G / usermod -aG
Used forThe group new files get by defaultExtra access (docker, sudo, shared dirs)
Listed in/etc/passwd (the GID field)/etc/group member lists

When deploy creates a file, it is owned by deploy's primary group. Adding deploy to developers as a secondary group lets it read and write developers-owned files, but new files it creates still belong to its primary group, unless the directory has the setgid bit.

A shared project directory, end to end

The common real task: a folder several people can work in.

bash
sudo groupadd developers
sudo usermod -aG developers alice
sudo usermod -aG developers deploy
sudo mkdir /srv/project
sudo chown root:developers /srv/project
sudo chmod 2775 /srv/project        # 2 = setgid: new files inherit the group

The leading 2 (setgid) makes every file created in /srv/project belong to developers automatically, so the whole team keeps access. Members must log out and back in for new group membership to take effect.

FAQ

See also

Sources

Authoritative references this article was fact-checked against.

TagsLinuxgroupaddGroupsUser ManagementSystem Administration

Found this useful? Pass it on.

Copied

Ishan Karunaratne

Tech Architect · Software Engineer · AI/DevOps

Tech architect and software engineer with 20+ years building software, Linux systems, and DevOps infrastructure, and lately working AI into the stack. Currently Chief Technology Officer at a healthcare tech startup, which is where most of these field notes come from.

More by IshanLinkedIn
Keep reading

Related posts

Linux

How to List Users and Groups on Linux

List every user and group from /etc/passwd and /etc/group with getent, tell human accounts from system ones by UID, and see which groups a user belongs to.