groupadd

Create a new group

$ sudo groupadd [group_name]

$ sudo groupadd [[-r|--system]] [group_name]

$ sudo groupadd [[-g|--gid]] [id] [group_name]

groupadd [options] GROUP

Arguments:
GROUP
The name of the new group to be created.

-g GID, --gid GID
    Specify the Group ID (GID) of the new group. If not specified, a unique GID is automatically assigned by the system, typically the next available above a certain threshold (e.g., 1000).

-r, --system
    Create a system group. System groups usually have a GID below a certain threshold (e.g., 1000 on many systems) and are intended for system services or daemon accounts, rather than human users.

-f, --force
    If the group already exists, groupadd will normally exit with an error. The -f option forces the command to exit with success if the group already exists, but it does not create a new entry in this case.

-K KEY=VALUE, --key KEY=VALUE
    Override default values for new groups as specified in the /etc/login.defs file. For example, -K GID_MIN=1000 could override the minimum GID for regular groups.

-o, --non-unique
    Allow creation of a group with a non-unique GID. This option is primarily used in conjunction with -g to create multiple groups that share the same GID, which is generally not recommended for standard setups.

-p PASSWORD, --password PASSWORD
    An encrypted password for the new group. This password will be placed in the /etc/gshadow file. It is generally recommended to use the gpasswd command to manage group passwords after group creation for better security.

The groupadd command is used on Linux and Unix-like operating systems to create new group accounts. When a new group is created, an entry is added to the /etc/group file, which maps group names to Group IDs (GIDs). Optionally, an entry may also be created in the /etc/gshadow file if group passwords or administrators are configured.

This command is crucial for managing system permissions and access control, as users can be members of one or more groups. Files and directories can then be assigned group ownership, allowing multiple users within that group to have specific permissions. By default, groupadd assigns the next available GID above the system range, or within the system range if the -r (system group) option is used. Root privileges are required to execute this command successfully.

• Root Privileges Required: Only the root user or a user with appropriate sudo privileges can execute groupadd.
• GID Conflicts: Without the -o option, groupadd will fail if the specified GID (via -g) is already in use.
• Name Uniqueness: Group names must be unique on the system. If the specified group name already exists, the command will fail unless -f is used, which makes it exit successfully without creating a duplicate entry.

The default behavior of groupadd, such as the ranges for system and regular Group IDs (GIDs), is configured in the /etc/login.defs file. Administrators can modify these settings to customize group creation to fit their specific system requirements.

New group entries created by groupadd are primarily appended to the /etc/group file, which lists all groups and their members. If group passwords or group administrators are set (e.g., using -p or subsequent gpasswd commands), an entry is also created or updated in the /etc/gshadow file, which stores encrypted group passwords and group administration details securely.

groupadd is a fundamental command, typically part of the shadow-utils package (or similar on other Unix-like systems), which provides essential tools for managing user and group accounts on Linux systems. Its development mirrors the evolution of secure account management practices on Unix, with a focus on separating sensitive password information into dedicated 'shadow' files (like /etc/gshadow) for enhanced security.

groupdel(8), groupmod(8), useradd(8), usermod(8), userdel(8), passwd(1), gpasswd(1), id(1)