How to create a group in Linux

Creating a dedicated group in Linux keeps shared access predictable by letting several accounts use the same files, directories, or service paths without exposing those permissions to every local user on the host.

Linux resolves group names and numeric GID values through the Name Service Switch, so commands and services consult the system's configured account sources rather than only /etc/group. The groupadd command creates a new local group entry, and getent group checks the resolved group database that the host actually uses.

Creating groups requires root privileges, and the request fails when the chosen name or numeric GID is already taken. Let Linux assign the next regular GID unless shared storage, cross-host ownership, or a service account requires a fixed number or a system-range group.

Related: How to list groups in Linux
Related: How to add a user to a group in Linux

Steps to create a group in Linux:

  1. Check whether the target group name already resolves before creating it. 
    $ getent group finance

    No output usually means the name is currently unused. If a line is returned, keep the existing group or choose another name instead of creating a duplicate.

  2. Create a new regular local group and let Linux assign the next available regular GID. 
    $ sudo groupadd finance

    If groupadd returns group 'finance' already exists, the name is already present in a local or directory-backed source and must be reused or renamed.

  3. Query the new group by name to confirm that it resolves through the active group database. 
    $ getent group finance
finance:x:1001:

    The last field lists supplementary members and can stay empty until accounts are added to the group.

  4. Check whether a fixed numeric GID is already in use before pinning one explicitly. 
    $ getent group 4500

    No output means the numeric ID is currently free. Use a fixed GID only when shared storage, ACLs, or multiple hosts must agree on the same group number.

  5. Create a group with that fixed numeric GID when the environment requires it. 
    $ sudo groupadd -g 4500 analytics
  6. Verify the fixed-GID group by querying the numeric ID directly. 
    $ getent group 4500
analytics:x:4500:
  7. Create a system group for a daemon or service account when the group should live in the system GID range. 
    $ sudo groupadd -r backupsvc

    System-group ranges come from the host's account policy, so the assigned numeric GID can differ across distributions and images.

  8. Query the new system group to confirm that it was created successfully. 
    $ getent group backupsvc
backupsvc:x:999:
  9. Review the new groups together before using them in membership or ownership changes. 
    $ getent group finance analytics backupsvc
finance:x:1001:
analytics:x:4500:
backupsvc:x:999:

    After the group exists, add members or change file group ownership separately so the new access label is actually used.