groupmems

groupmems [options]
groupmems [-g group] [-a user | -d user | -l]

-g group
    Specifies the target group to administer. If omitted, the current user's primary group is typically assumed.

-a user
    Adds the specified user to the group. This operation requires appropriate administrative privileges for the target group.

-d user
    Removes the specified user from the group. This operation also requires appropriate administrative privileges.

-l
    Lists the current members of the group. This option can usually be run without administrative privileges if the group is readable.

groupmems is a utility designed for group administrators to manage the membership list of groups they administer. Unlike commands like usermod or gpasswd, which often require root privileges for broader user and group modifications, groupmems provides a more targeted approach. It allows a user who is designated as a group administrator (e.g., by being the primary group owner of the target group, or listed in /etc/gshadow) to add or remove users from that specific group. This delegation of control is valuable in multi-user environments, enabling non-root users to perform specific administrative tasks without compromising overall system security. The command ensures that only authorized administrators can modify a group's members, reflecting changes in /etc/group and /etc/gshadow.

The invoking user must have appropriate administrative privileges for the target group, typically by being the group's primary owner or explicitly listed as an administrator in /etc/gshadow. Without these permissions, modification attempts will fail. This command does not change a user's primary group affiliation. Changes made by groupmems are immediately reflected in the system's user and group configuration files (e.g., /etc/group, /etc/gshadow).

To successfully modify a group's membership using groupmems, the user executing the command must possess administrative rights over the specified group. This is typically achieved by:
1. Being the primary owner of the group (i.e., your user's primary GID matches the target group's GID).
2. Being listed as an administrator for that group in the /etc/gshadow file.
Attempting to modify a group without these permissions will result in a permission denied error.

Any changes made by groupmems (adding or removing users) are persistently written to the system's core group configuration files, primarily /etc/group and /etc/gshadow. These files store the definitive list of group memberships and associated administrative metadata. Care should be taken when using groupmems to avoid unintended modifications to these critical system files.

groupmems is a component of the shadow-utils package, which provides a suite of tools for managing user and group accounts on Linux systems. Its development reflects the evolution of Unix-like security models, moving towards more granular permission delegation where specific administrative tasks can be performed by non-root users. It addresses the need for decentralized group management without requiring full superuser privileges.

gpasswd(1), usermod(8), groupadd(8), groupdel(8), group(5), gshadow(5)