addgroup
Create new group accounts
SYNOPSIS
addgroup [options] groupname
addgroup --help
addgroup --version
PARAMETERS
groupname
The name of the new group to be created. This name must be unique and adhere to system naming conventions.
--system
Creates a system group. System groups typically have GIDs within a reserved range (e.g., 1-999) and are often used for system services rather than human users.
--gid GID
Specifies the Group ID (GID) for the new group. The GID must be a unique, non-negative integer. If not specified, addgroup will automatically assign the next available GID from the appropriate range.
--force-badname
Allows group names that do not conform to the system's regular expression for valid names. Use with caution as non-standard names can cause compatibility issues.
--quiet
Suppresses output messages, making the command execute silently without status updates or warnings.
--help
Displays a help message with usage information and available options.
--version
Shows the version information for the addgroup command.
DESCRIPTION
addgroup is a command-line utility used to create new user groups on a Linux system. It is often a higher-level script or wrapper around the more fundamental groupadd command, providing a more user-friendly interface, default behaviors, and adherence to system policies for group creation. When invoked, addgroup assigns a unique Group ID (GID) to the new group, either automatically from an an available range defined in /etc/login.defs or explicitly if specified by the user. The command updates system configuration files, primarily /etc/group and /etc/gshadow, to register the new group.
Unlike groupadd, addgroup typically handles GID allocation automatically and may prompt for additional information or provide warnings based on the group name or GID chosen. It supports creating both regular user groups and system groups, which are typically used for system services and have GIDs within a reserved low range. This command is essential for system administrators to organize users into logical access control units for file permissions and resource management.
CAVEATS
Permissions: addgroup requires root privileges to execute successfully, as it modifies critical system configuration files.
GID Collision: If you specify a GID using --gid that is already in use, the command will typically fail unless overridden by specific options (though addgroup usually prevents this by default).
Wrapper Script: On many distributions (especially Debian/Ubuntu), addgroup is a Perl script wrapper around groupadd from the shadow-utils package. This script provides a more user-friendly interface, enforces local policies (like GID ranges from /etc/login.defs), and handles common scenarios more gracefully than directly using groupadd. Consequently, its behavior can sometimes differ slightly from a direct groupadd call or between distributions.
CONFIGURATION FILES
addgroup primarily modifies /etc/group (stores group names and GIDs) and /etc/gshadow (stores encrypted group passwords and administrators). It also refers to /etc/login.defs for default GID ranges and other policy settings.
GROUP NAMING CONVENTIONS
Group names should generally be composed of alphanumeric characters, hyphens, and underscores, and typically start with a lowercase letter. The maximum length often varies but is usually limited to 32 characters to ensure compatibility across different system utilities.
HISTORY
The addgroup command typically originates from distributions like Debian and its derivatives (e.g., Ubuntu). While the lower-level groupadd command has been a standard part of Unix-like systems for a long time (usually provided by the shadow-utils package), addgroup was developed to offer a more administrative-friendly, policy-aware interface. It often incorporates specific distribution policies regarding GID ranges, system vs. regular groups, and provides better error messages or prompts, making system administration tasks more streamlined and less prone to manual errors. Its development reflects a trend towards higher-level tools that abstract away some complexities of low-level system calls.