In this guide, you will learn how to create groups in Linux using the groupadd command.
Let’s first understand What is Group and What is the use of Group?
I will explain this topic to you with the help of an example.
Suppose you are a Linux administrator and are managing multiple users.
If some permission or policy is to be enforced for users, we cannot manually apply the permission to each user and this is not the right way to do it.
Therefore groups are used in such situations.
Create a new group and add users to the group to whom you want to apply permissions.
Now you can apply permissions directly to that group and in this way, all members of that group will get that permission.
There are two types of groups in the Linux operating system.
- Primary Group : When we create a new user, Linux automatically creates a primary group for that user. If you want, you can make any group the primary group of the user.
In Linux, the user must be a member of a primary group.
You may wonder why it is mandatory. Let me explain to you.
Suppose a user is not a member of any primary group, in that situation if he creates a new file, which group will the file belong to?
Apparently, you would not want a random group to be the owner of that file.
Hence the user must be a member of a primary group. - Secondary Group also known as Supplementary Group : A user can be a member of multiple secondary groups but up to a max of 15.
Table of Contents
Key features of groupadd command:
- Create a New Group (both regular and system Group)
- Can create a new Group with a Specific Group ID (GID)
- Create a group with a non-unique GID
- Force the command to Ignore already exists Message
- Create a group with Unencrypted Password
- Override the default values of
/etc/login.defs
First of all, let’s focus on some of the most important options that we can use with the groupadd
.
Options | Explanation |
---|---|
-f, --force | Exit successfully if the group already exists and cancel -g if the GID is already used. |
-g, --gid GID | Use GID for the new group |
-K, --key KEY=VALUE | Override /etc/login.defs defaults |
-o, --non-unique | Allow to create groups with duplicate (non-unique) GID |
-p, --password PASSWORD | Create a group with Unencrypted Password |
-r, --system | Create a system account |
--help | Display help page of groupadd Command. |
Syntax:
You must follow the syntax given below to use the groupadd command.
groupadd [options] group
1. How to Create a New Group
To create a new group in Linux you can run the groupadd command.
Note: You have to run the groupadd
command as a root user because upon running this command, it makes changes to the following important configuration files whose owner is root.
- /etc/group
- /etc/gshadow
Here in this example, I am creating a group named group1.
$ sudo groupadd group1
Run the following command to check whether a new group is created.
$ cat /etc/group | grep group1
group1:x:1001:
As soon as the group is successfully created, some entries occur in the /etc/group
and /etc/gshadow
files, which is very important for any administrator to understand.
Let’s try to understand both these files.
Explaining /etc/group:
As I told you, each group’s entry resides in the /etc/group
and /etc/gshadow
files.
A group’s entry in the /etc/group
file is something like this.
It contains the four most important pieces of information related to the group and they are separated by a colon(:
).
group1:x:1001:helpdesk
group1
– Group Namex
– Encrypted Password1001
– Group ID (GID)helpdesk
– Member of the Group

Explaining /etc/gshadow:
Similarly, the group’s entry in the /etc/gshadow
file is something like this.
It contains the four most important pieces of information related to the group and group administrators. Each detail is separated by a colon(:
).
group1:!:bmsahu:helpdesk
group1
– Group Name!
– Encrypted Password but because there is an exclamation mark (!
) which indicates that no password has been set for this group.bmsahu
– Group Administratorhelpdesk
– Member of the Group

2. Create a system group
To create a system group pass the -r
to groupadd
command.
$ sudo groupadd -r dbadmins
Whether you create a system Group or a regular Group for everyone login.defs
have a defined ID range.
The GID range defined in /etc/login.defs
for system groups is: 100
– 999
.
This means that when we create a new system group, the GID assigned to it will be from this range(100-999).
In this example, I created a system group named dbadmins. Type the following command to check the GID.
$ cat /etc/group | grep dbadmins
dbadmins:x:999:
As you can see, it is GID 999 assigned to the group which is within the defined range.
3. Create a new Group with a Specific Group ID (GID)
In Linux by default, each group is assigned a unique numeric value called GID(Group Identifier).
login.defs
is one of those files from which the groupadd
command takes inputs to create new groups.
- Which GID value to assign to a Group.
- What is the Maximum and Minimum GID limits?
This is all defined in the /etc/login.defs
file.
Have a look at the following details taken from the /etc/login.defs
file.
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
So as soon as we run the groupadd command to create a new group, the next available GID is assigned by taking the reference from login.defs
.
So to create a new group with a specific Group ID(GID) pass the -g
option to the groupadd
command.
Here I am creating a group named group2 with GID 1015
.
$ sudo groupadd -g 1015 group2
Type the following command to verify that the GID is set correctly.
$ cat /etc/group | grep group2
group2:x:1015:
4. How to Create a group with a non-unique GID
You can create multiple groups with non-unique GID’s(Duplicate GID’s). To do this you can use the -o
option with the groupadd
command.
I have a group called group2 whose group id is 1015
.
$ cat /etc/group | grep group2
group2:x:1015:
Now I will create a new group named group3 with the same Group ID.
$ sudo groupadd -o -g 1015 group3
Type the following command to check the result.
$ cat /etc/group | grep group3
group3:x:1015:
As you can see there are two groups with the same Group ID.
$ sudo cat /etc/group | grep 1015
group2:x:1015:
group3:x:1015:
5. Ignore already exists Message
There is already a group called dbadmins.
$ cat /etc/group | grep dbadmins
dbadmins:x:1017:
If I create another group with the same name, you will get this error.
$ sudo groupadd dbadmins
groupadd: group 'dbadmins' already exists
This error message can be ignored. to do this pass the -f
option to the groupadd
command.
$ sudo groupadd -f dbadmins
Note: This command will not create a new group and can be used only to ignore this error message.
6. Create a group with Unencrypted Password
Type the following command to create a new group with an unencrypted password.
In this example, I am creating a group whose name is group4 and password is Pass@123.
$ sudo groupadd -p Pass@123 group4
The group’s password is stored in the /etc/gshadow
file.
$ sudo cat /etc/gshadow | grep group4
group4:Pass@123::
Caution: This option is not recommended.
7. How to override the default values of /etc/login.defs
As I told you earlier, the login.defs
file has maximum and minimum ID ranges of the group.
And when we create a new group, the next available GID is assigned according to login.defs
.
But if you want, you can set a custom GID range for the new group.
For example I want to create a group named developers whose GID should be in one of the 2000
to 2005
range.
With the help of the following command we can complete this task.
$ sudo groupadd -K GID_MIN=2000 -K GID_MAX=2005 developers
Type the following command to check the result.
$ cat /etc/group | grep developers
developers:x:2000:
Note: You can use the -K
option multiple times in one command.
8. Help/Manual page access
Use the following commands to access the Manual Page/Help Page of groupadd command.
$ groupadd --help
$ man groupadd
You can visit at following websites to get more information on groupadd
.
Conclusion
I hope you have learned something from this article.
I have tried my best to include all the features of groupadd command in this guide.
Now I’d like to hear your thoughts.
Was this guide useful to you?
Or maybe you have some queries.
Have I not included any command in this guide?
Leave a comment below.
Here are a few other hand-picked guides for you to read next: