A user inherits the privileges of the group that the user is a member of in Linux or any multi-user system. When the role of a user in the real world changes, the group membership for the user in the system need to change accordingly. The user could be added to new groups while being removed from some of the current groups.

Local user and group settings in Linux are stored in /etc/passwd and /etc/group files. User can be removed from groups by editing these files but is not advisable as a misconfiguration could cause the whole system to be unusable.

The primary group of a user can be changed using usermod utility while gpasswd can be used to remove user from a group. Both utilities come standard in all Linux systems and can be accessed from the command line.

Steps to remove user from group in Linux:

  1. Launch terminal.
  2. Get the list of users for your system.
    $ getent passwd
    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
    bin:x:2:2:bin:/bin:/usr/sbin/nologin
    sys:x:3:3:sys:/dev:/usr/sbin/nologin
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/usr/sbin/nologin
    man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
    lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
    mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
    news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
    uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
    proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
    www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
    backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
    list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
    irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
    nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
    systemd-timesync:x:100:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
    systemd-network:x:101:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
    systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
    messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
    syslog:x:104:110::/home/syslog:/usr/sbin/nologin
    _apt:x:105:65534::/nonexistent:/usr/sbin/nologin
    tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
    uuidd:x:107:114::/run/uuidd:/usr/sbin/nologin
    tcpdump:x:108:115::/nonexistent:/usr/sbin/nologin
    avahi-autoipd:x:109:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/usr/sbin/nologin
    usbmux:x:110:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
    rtkit:x:111:118:RealtimeKit,,,:/proc:/usr/sbin/nologin
    dnsmasq:x:112:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
    avahi:x:113:120:Avahi mDNS daemon,,,:/run/avahi-daemon:/usr/sbin/nologin
    cups-pk-helper:x:114:121:user for cups-pk-helper service,,,:/home/cups-pk-helper:/usr/sbin/nologin
    speech-dispatcher:x:115:29:Speech Dispatcher,,,:/run/speech-dispatcher:/bin/false
    kernoops:x:116:65534:Kernel Oops Tracking Daemon,,,:/:/usr/sbin/nologin
    saned:x:117:123::/var/lib/saned:/usr/sbin/nologin
    nm-openvpn:x:118:124:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin
    whoopsie:x:119:125::/nonexistent:/bin/false
    colord:x:120:126:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
    sssd:x:121:127:SSSD system user,,,:/var/lib/sss:/usr/sbin/nologin
    geoclue:x:122:128::/var/lib/geoclue:/usr/sbin/nologin
    pulse:x:123:129:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
    hplip:x:124:7:HPLIP system user,,,:/run/hplip:/bin/false
    gnome-initial-setup:x:125:65534::/run/gnome-initial-setup/:/bin/false
    gdm:x:126:131:Gnome Display Manager:/var/lib/gdm3:/bin/false
    user:x:1000:1000:user,,,:/home/user:/bin/bash
    systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
    shakir:x:1001:1000:shakir,,,:/home/shakir:/bin/bash
  3. View the groups that a user is currently assigned to.
    $ groups shakir
    shakir : user sudo finance

    First group in the list (user in this case) is the primary group for the user.

  4. Change primary group of a user.
    $ sudo usermod -g finance shakir
    [sudo] password for user:
  5. Remove user from a group.
    $ sudo gpasswd -d shakir sudo
    Removing user shakir from group sudo
  6. View groups that a user is currently a member of to confirm.
    $ groups shakir
    shakir : finance user
Discuss the article:

Comment anonymously. Login not required.

Share!