Manage members of the user's primary group
The groupmems
command allows a user to manage his/her own list of group members without requiring superuser privileges. The groupmems
utility is intended for systems that have their users configured as primary groups (i.e. guests/guests) in their own name.
Only superusers who are administrators can use groupmems
to change the membership of other groups.
groupmems -a user_name | -d username | [-g user group name] | -l | -p
-a, --add user_name # Add user to group members list. If the /etc/gshadow file exists and the group does not have an entry in the /etc/gshadow file, a new entry will be created.
-d, --delete user_name
# Remove the user from the group membership list.
# If the /etc/gshadow file exists, the user will be removed from the group's list of members and administrators.
# If the /etc/gshadow file exists and the group does not have an entry in the /etc/gshadow file, a new entry will be created.
-g, --group group_name # The super user can specify the list of group members to be modified.
-l, --list # List group members.
-p, --purge #Purge all users from the group membership list.
# If the /etc/gshadow file exists and the group does not have an entry in the /etc/gshadow file, a new entry will be created.
The following configuration variables in /etc/login.defs
change the behavior of this tool:
MAX_MEMBERS_PER_GROUP (number)
The maximum number of members per group entry. When the maximum is reached, start a new group entry (line) in /etc/group
(with the same name, the same password and the same GID).
The default value is 0, which means there is no limit to the number of members in the group.
This feature (Split Group) allows limiting the line length in group files. This helps ensure that NIS group lines do not exceed 1024 characters.
If you need to enforce such a limit, you can use 25.
Note: Not all tools support splitting groups (even in the Shadow toolkit). You should not use this variable unless you really need it.
The groupmems executable should be in mode 2770 as user root and group group. System administrators can add users to groups to allow or disable them from managing their own list of group members using the groupmems utility.
groupadd -r groups
chmod 2770 groupmems
chown root.groups groupmems
groupmems -g groups -a gk4
Let's create a new user and a new group and verify the results:
useradd student
passwd student
groupadd staff
Make user student a member of group people:
groupmems -g staff -a student
groupmems -g staff -l
Add user to group:
groupmems -a mike -g SUPPORT
groupmems --add mike -g SUPPORT
Delete/remove user from group:
groupmems -d mike SUPPORT -g SUPPORT
groupmems --delete mike SUPPORT -g SUPPORT
Change group name:
groupmems -g SUPPORT
Remove a user from a group:
groupmems -p -g SUPPORT
groupmems --purge -g SUPPORT
To list the members of a group:
groupmems -l -g SUPPORT
groupmems --list -g SUPPORT