How to list groups in Linux

Listing groups in Linux shows which shared access labels are currently available for file ownership, delegated privileges, and application data paths. Checking the active group inventory first helps prevent failed ownership changes, duplicate group creation, and membership updates that target a name the system does not actually resolve.

Linux resolves group information through the Name Service Switch, so the effective group database can come from local files such as /etc/group, directory services such as LDAP or Active Directory, or both. The getent group command queries that resolved view directly, and each returned record is shown as group-name:password-placeholder:GID:member1,member2.

These lookups are read-only and usually work without elevated privileges, but the output depends on the host's configured identity sources. Use getent when the goal is to see what the system currently resolves, use /etc/group only when troubleshooting local entries, and use a user-membership guide separately when the goal is to inspect one account's assigned groups.

Related: How to create a group in Linux
How to delete a group in Linux
How to add a user to a group in Linux
How to audit local user accounts in Linux

Steps to list groups in Linux:

  1. Query the resolved group database when you need the group inventory that the host currently resolves. 
    $ getent group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:ubuntu
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
##### snipped #####
finance:x:1001:audituser
analytics:x:1002:
audituser:x:1003:

    Each line is shown as group-name:password-placeholder:GID:member1,member2, and getent includes groups supplied by every active NSS source instead of only local file entries.

  2. Query one group by name when you need to confirm that a specific group currently resolves. 
    $ getent group finance
finance:x:1001:audituser

    Replace finance with the group you want to inspect. The fields are group name, password placeholder, numeric GID, and a comma-separated member list. No output usually means that the requested group does not currently resolve.

  3. Query a numeric GID directly when file ownership or an access control list entry shows a number instead of a group name. 
    $ getent group 1001
finance:x:1001:audituser

    This is useful after commands such as ls -ln or find -printf '%g' when a numeric group ID needs to be mapped back to a name.

  4. Query several candidate group names in one command when you need to compare or confirm a short list. 
    $ getent group finance analytics
finance:x:1001:audituser
analytics:x:1002:

    getent prints only the groups that resolve successfully, so any missing candidate is simply omitted from the output.

  5. Read the local group file when you need to compare host-stored entries with the resolved NSS view. 
    $ cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:ubuntu
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
##### snipped #####
finance:x:1001:audituser
analytics:x:1002:
audituser:x:1003:

    If a group appears in getent group but not in /etc/group, it is being supplied by another configured identity source such as LDAP, SSSD, or Active Directory.