How do I remove a user from a group?

up vote
285
down vote

favorite

Which command should I use to remove a user from a group in Debian?

When adding a user to a group, it can be done with:

usermod -a -G group user

However, I could not find a similar command (accepting a group and user as arguments) for removing the user from the group. The closest I could get is:

usermod -G all,existing,groups,except,for,group user

Is there a command like usermod OPTION group user with OPTION an option to make usermod (or a similar program) remove the user from group?

edited Jan 20 '12 at 16:44

user13742

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

1

For Fedora users who end up here, man usermod reveals in -G option comments that a listing all current groups wish to be retained IS the way to delete a group. No -R option with Fedora; you must use Lekensteyn's approach he is trying to avoid.
– Stephen
Mar 25 '16 at 20:54

add a comment |

up vote
285
down vote

favorite

Which command should I use to remove a user from a group in Debian?

When adding a user to a group, it can be done with:

usermod -a -G group user

However, I could not find a similar command (accepting a group and user as arguments) for removing the user from the group. The closest I could get is:

usermod -G all,existing,groups,except,for,group user

Is there a command like usermod OPTION group user with OPTION an option to make usermod (or a similar program) remove the user from group?

edited Jan 20 '12 at 16:44

user13742

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

1

For Fedora users who end up here, man usermod reveals in -G option comments that a listing all current groups wish to be retained IS the way to delete a group. No -R option with Fedora; you must use Lekensteyn's approach he is trying to avoid.
– Stephen
Mar 25 '16 at 20:54

add a comment |

up vote
285
down vote

favorite

Which command should I use to remove a user from a group in Debian?

When adding a user to a group, it can be done with:

usermod -a -G group user

However, I could not find a similar command (accepting a group and user as arguments) for removing the user from the group. The closest I could get is:

usermod -G all,existing,groups,except,for,group user

Is there a command like usermod OPTION group user with OPTION an option to make usermod (or a similar program) remove the user from group?

edited Jan 20 '12 at 16:44

user13742

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

Which command should I use to remove a user from a group in Debian?

When adding a user to a group, it can be done with:

usermod -a -G group user

However, I could not find a similar command (accepting a group and user as arguments) for removing the user from the group. The closest I could get is:

usermod -G all,existing,groups,except,for,group user

Is there a command like usermod OPTION group user with OPTION an option to make usermod (or a similar program) remove the user from group?

users group

edited Jan 20 '12 at 16:44

user13742

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

edited Jan 20 '12 at 16:44

user13742

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

edited Jan 20 '12 at 16:44

user13742

edited Jan 20 '12 at 16:44

user13742

edited Jan 20 '12 at 16:44

user13742

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

asked Jan 20 '12 at 16:29

Lekensteyn

9,670115086

1

For Fedora users who end up here, man usermod reveals in -G option comments that a listing all current groups wish to be retained IS the way to delete a group. No -R option with Fedora; you must use Lekensteyn's approach he is trying to avoid.
– Stephen
Mar 25 '16 at 20:54

add a comment |

1

For Fedora users who end up here, man usermod reveals in -G option comments that a listing all current groups wish to be retained IS the way to delete a group. No -R option with Fedora; you must use Lekensteyn's approach he is trying to avoid.
– Stephen
Mar 25 '16 at 20:54

For Fedora users who end up here, man usermod reveals in -G option comments that a listing all current groups wish to be retained IS the way to delete a group. No -R option with Fedora; you must use Lekensteyn's approach he is trying to avoid.
– Stephen
Mar 25 '16 at 20:54

add a comment |

11 Answers
11

active

oldest

votes

up vote
331
down vote

accepted

You can use gpasswd:

# gpasswd -d user group

then the new group config will be assigned at the next login, at least on Debian. If the user is logged in, the effects of the command aren't seen immediately.

edited Oct 5 '14 at 21:38

answered Jan 20 '12 at 16:40

user13742

6

Perfect thanks! gpasswd -a user group for adding the user to the group seems also nicer, especially if a typo has made and the -a option gets dropped.
– Lekensteyn
Jan 20 '12 at 16:43

1

Doesn't work for me. I get two messages: a) Removing user from group. b) gpasswd: user is not a member of group. Afterwards running "members group" shows no change.
– geoidesic
Dec 15 '14 at 7:19

1

@geoidesic you need to log out and login again to see the effect
– Wasif Hossain
Jul 3 '16 at 11:09

1

Is there a way to make the change take effect without having to re-login?
– Andy Fusniak
Aug 11 '16 at 15:49

2

@geoidesic I got these errors on Centos 7. I found you got this, if you were trying to remove the user from their default group. Try switching the default group with usermod -g user user then try to remove them.
– PanPipes
Jan 25 at 10:55

|
show 2 more comments

up vote
147
down vote

On Debian, the adduser package contains a deluser program which removes a user from a group if you pass both as arguments:

deluser user group

If your distribution doesn't have adduser, you can edit /etc/group and /etc/gshadow manually.

vigr

vigr -s

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

9

I did not know of programs like vigr and vipw. Very useful in case the manpages are too far away :)
– Lekensteyn
Jan 20 '12 at 16:47

1

Alternatively, after modifying /etc/group run grpconv to update /etc/gshadow rather than editing it.
– Cyrille
Oct 20 '14 at 12:57

sudo deluser jenkins admin /usr/sbin/deluser: You may not remove the user from their primary group.
– Jonathan
Oct 20 '14 at 17:16

@JonathanLeaders Every user needs to be in at least one group. Use usermod or vipw to change the user's primary group. This question was about supplementary groups.
– Gilles
Oct 21 '14 at 16:44

Nice. There's also the simpler adduser $user $group command instead of the usermod -x -y -z -....
– ygoe
Dec 11 '14 at 12:35

add a comment |

up vote
56
down vote

usermod -G "" username

removes all secondary/supplementary groups from username, leaving them as a member of only their primary group.
this worked in Solaris 5.9

answered May 4 '13 at 23:56

user208145

1,19621115

4

Tested in CentOS 6.4; works.
– aggregate1166877
Apr 3 '14 at 12:13

1

Works in Ubuntu 12.04, too.
– aggregate1166877
Apr 3 '14 at 12:22

And this seems to be the best way to force the secondary groups to any list of groups, excluding all unlisted groups.
– sage
Aug 12 '16 at 17:53

Tested and working in CentOS 7. Thanks!
– Tricky
Aug 8 at 3:54

add a comment |

up vote
10
down vote

This is the “old school” approach...

Most *nix systems maintain group information into a plain text file /etc/group, where

each line contains the fields
- group_name
- password
- GID, and
- user_list
delimited by the : character.

the user_list field is a list of user names, separated by commas.

Now suppose you want to remove a user named thisuser
from a group named thatgroup. Start by backing up /etc/group,
then use the editor of your preference with su privileges
to edit the file /etc/group
and remove the thisuser reference from the thatgroup line entry, e.g.,

original line is something like this:

thatgroup:x:1274:someuser,thisuser,anotheruser

after editing should be left like this:

thatgroup:x:1274:someuser,anotheruser

As with all the other answers, this will not affect the user's current session(s), if any (i.e., if the user is currently logged in).
The change will take effect the next time the user logs in.

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

answered Dec 10 '14 at 10:59

p57

10113

1

vigr was already mentioned for editing /etc/group manually. My manual pages says that user names are separated by commas, not by colons. Rebooting is not necessary, you just need to re-login (or use newgrp).
– Lekensteyn
Dec 10 '14 at 16:24

To assist any non-Debian users hitting these shores looking for clues... this may be enough for Debian as per the scope of OP's question, but if you were using this for a *BSD OS, you would need to modify the plaintext file here as mentioned, then issue a pwd_mkdb -p /etc/master.passwd to actually put that list into use.
– danno
Jul 19 at 17:43

add a comment |

up vote
3
down vote

You can use the below command on SUSE distributions
(and, apparently, no others).

usermod -R group user_name

where group is the group that you want to remove the user from
and user_name the user that you want to remove from the group.
For example,

usermod -R root imnottheroot

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

1

What package provides your usermod binary? I'm asking to find out the version, as mine from shadow-utils-4.1.4.3 does not provide the -R option.
– myroslav
Oct 17 '13 at 10:42

3

My shadow 4.1.5.1-5 package (Arch Linux) does have an -R option, but that means something else. It's not Linux I guess.
– Lekensteyn
Oct 17 '13 at 14:51

3

I'm not sure this will work. The manpage is saying that -R is: "-R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. "
– MikeKusold
Jul 8 '14 at 23:34

2

The only things sort of related I could find was this oracle manpage, but that's still not about the same thing, so this answer should maybe be removed.
– kyrias
Oct 5 '14 at 22:03

sudo usermod -R admin jenkins usermod: invalid chroot path 'admin'
– Jonathan
Oct 20 '14 at 17:18

add a comment |

up vote
1
down vote

Consider:

username: abc2

group name: newgroup11

Task: Removing user abc2 from group newgroup11

[root@home1 ~]# groups abc2

abc2 : abc2

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# groups abc2

abc2 : abc2 newgroup11

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# usermod -G abc2 abc2

[root@home1 ~]# groups abc2

abc2 : abc2

** Kindly correct me if I am wrong. **

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

answered Jan 17 '15 at 21:19

new user

111

1

This "works", but only because you have a single secondary group. usermod -G newgroup11 abc2 will put you in the secondary group newgroup11. Since the primary group is abc2, you will end up in both groups. usermod -g abc2 abc2 results in newgroup11 being removed from the secondary groups because it is not mentioned anymore. So for three or more different groups, this method won't work. See the other answers involving gpasswd for a better command.
– Lekensteyn
Jan 17 '15 at 22:56

add a comment |

up vote
1
down vote

Suppose that username=student and groupname=research, therefore to remove student user from research group it's need to do following:

gpasswd -d student research

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

answered Apr 11 at 8:11

ravi

111

add a comment |

up vote
0
down vote

To continue using usermod in a distro (like Fedora) which does not have a remove option, where user=bob and group=deletethisgroup, command would be:

usermod -G `cat /etc/group |  grep bob | grep -v deletethisgroup | cut -d ':' -f 1 | tr 'n' ',' | sed 's/,$//'` bob

The pipes (1) get all group entries user belongs to, (2) take out the one which needs to be removed, (3) returns first column (group name), replaces newline with comma, and removes trailing comma.

Of course, you could put all that in a bash script which takes user and group to be deleted as parameters. awk could be used to shorten the end but I wanted to stick to grep, cut, tr and sed.

answered Mar 25 '16 at 21:02

Stephen

1011

According to this man page, gpasswd -d bob deletethisgroup is available too. Any reason why you are not using it?
– Lekensteyn
Mar 27 '16 at 0:08

Not everyone wants to set up group passwords. I was just offering a solution using the command that was referenced by the question on a particular distro. in Fedora/RHEL/Centos with gpasswd -d the removed user can still join the group if he has access to the password. It actually increases group access as opposed to disallowing it.
– Stephen
Mar 27 '16 at 4:11

I understood that the utility is named gpasswd because it is closely related to /etc/passwd, but instead manages groups. Unlike the plain passwd command which just controls passwords, gpasswd can also be used to manage membership of a group. A group password is not required if you are root or a group administrator.
– Lekensteyn
Mar 27 '16 at 15:46

Did you read the gpasswd manual? For Fedora/RHEL/CentOS, if you read the manual, it is stated that the command "is used to administer /etc/group, and /etc/gshadow". It actually has no effect on /etc/passwd. Manual also states "Group passwords are an inherent security problem since more than one person is permitted to know the password." It does not actually manage membership of a group, it opens the group up to ANY user with the password. A group password is not required if you are already a MEMBER of the group.
– Stephen
Mar 28 '16 at 2:19

Closely related was in the sense of similar naming and purposes, I did not imply that the /etc/passwd file is actually managed by gpasswd. Note that "man page" in my first comment points to the gpasswd manual page for Fedora 13. Using gpasswd $group you can set the group password which causes the security issue you mentioned. However you can also not have a password and use gpasswd -d $user $group to delete a user as described in the first comment and accepted answer. Note that this command does not prompt for a group password nor does it modify or require it.
– Lekensteyn
Mar 28 '16 at 20:42

add a comment |

up vote
0
down vote

You can remove user from group by executing usermod command whithout -a option.
Example, by executing "usermod -G group1 username" will add the user to the group1, and will remove it from any other groups where it is. Remember, you can keep user in various groups by listing group's names, separated with comma.

answered Nov 21 at 17:56

Helper

New contributor

1

This information has been presented multiple times already.
– Scott
Nov 21 at 18:11

add a comment |

up vote
-1
down vote

pw groupmod "groupname|gid" -d "username|uid"

A solution if you are using CSH, for whatever reason.

edited Jan 15 '14 at 9:12

answered Jan 15 '14 at 9:06

james

add a comment |

up vote
-1
down vote

To remove a user from a group gpasswd is the best utility for this IMO.

Command Example:

sudo gpasswd -d group user

* Help Info *

Usage: gpasswd [option] GROUP



Options:

  -a, --add USER                add USER to GROUP

  -d, --delete USER             remove USER from GROUP

  -h, --help                    display this help message and exit

  -Q, --root CHROOT_DIR         directory to chroot into

  -r, --delete-password         remove the GROUP's password

  -R, --restrict                restrict access to GROUP to its members

  -M, --members USER,...        set the list of members of GROUP

  -A, --administrators ADMIN,...

                                set the list of administrators for GROUP

Except for the -A and -M options, the options cannot be combined.

edited Jan 19 at 20:04

peterh

4,09292956

answered Jan 19 at 19:40

Brian Cotton

The group and user arguments are swapped. Also, this is exactly what the accepted answer proposed, this post is not really helpful?
– Lekensteyn
Jan 19 at 23:29

add a comment |

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f29570%2fhow-do-i-remove-a-user-from-a-group%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

11 Answers
11

active

oldest

votes

11 Answers
11

active

oldest

votes

up vote
331
down vote

accepted

You can use gpasswd:

# gpasswd -d user group

then the new group config will be assigned at the next login, at least on Debian. If the user is logged in, the effects of the command aren't seen immediately.

edited Oct 5 '14 at 21:38

answered Jan 20 '12 at 16:40

user13742

6

Perfect thanks! gpasswd -a user group for adding the user to the group seems also nicer, especially if a typo has made and the -a option gets dropped.
– Lekensteyn
Jan 20 '12 at 16:43

1

Doesn't work for me. I get two messages: a) Removing user from group. b) gpasswd: user is not a member of group. Afterwards running "members group" shows no change.
– geoidesic
Dec 15 '14 at 7:19

1

@geoidesic you need to log out and login again to see the effect
– Wasif Hossain
Jul 3 '16 at 11:09

1

Is there a way to make the change take effect without having to re-login?
– Andy Fusniak
Aug 11 '16 at 15:49

2

@geoidesic I got these errors on Centos 7. I found you got this, if you were trying to remove the user from their default group. Try switching the default group with usermod -g user user then try to remove them.
– PanPipes
Jan 25 at 10:55

|
show 2 more comments

up vote
331
down vote

accepted

You can use gpasswd:

# gpasswd -d user group

then the new group config will be assigned at the next login, at least on Debian. If the user is logged in, the effects of the command aren't seen immediately.

edited Oct 5 '14 at 21:38

answered Jan 20 '12 at 16:40

user13742

6

Perfect thanks! gpasswd -a user group for adding the user to the group seems also nicer, especially if a typo has made and the -a option gets dropped.
– Lekensteyn
Jan 20 '12 at 16:43

1

Doesn't work for me. I get two messages: a) Removing user from group. b) gpasswd: user is not a member of group. Afterwards running "members group" shows no change.
– geoidesic
Dec 15 '14 at 7:19

1

@geoidesic you need to log out and login again to see the effect
– Wasif Hossain
Jul 3 '16 at 11:09

1

Is there a way to make the change take effect without having to re-login?
– Andy Fusniak
Aug 11 '16 at 15:49

2

@geoidesic I got these errors on Centos 7. I found you got this, if you were trying to remove the user from their default group. Try switching the default group with usermod -g user user then try to remove them.
– PanPipes
Jan 25 at 10:55

|
show 2 more comments

up vote
331
down vote

accepted

You can use gpasswd:

# gpasswd -d user group

then the new group config will be assigned at the next login, at least on Debian. If the user is logged in, the effects of the command aren't seen immediately.

edited Oct 5 '14 at 21:38

answered Jan 20 '12 at 16:40

user13742

You can use gpasswd:

# gpasswd -d user group

then the new group config will be assigned at the next login, at least on Debian. If the user is logged in, the effects of the command aren't seen immediately.

edited Oct 5 '14 at 21:38

answered Jan 20 '12 at 16:40

user13742

edited Oct 5 '14 at 21:38

answered Jan 20 '12 at 16:40

user13742

answered Jan 20 '12 at 16:40

user13742

answered Jan 20 '12 at 16:40

user13742

6

Perfect thanks! gpasswd -a user group for adding the user to the group seems also nicer, especially if a typo has made and the -a option gets dropped.
– Lekensteyn
Jan 20 '12 at 16:43

1

Doesn't work for me. I get two messages: a) Removing user from group. b) gpasswd: user is not a member of group. Afterwards running "members group" shows no change.
– geoidesic
Dec 15 '14 at 7:19

1

@geoidesic you need to log out and login again to see the effect
– Wasif Hossain
Jul 3 '16 at 11:09

1

Is there a way to make the change take effect without having to re-login?
– Andy Fusniak
Aug 11 '16 at 15:49

2

@geoidesic I got these errors on Centos 7. I found you got this, if you were trying to remove the user from their default group. Try switching the default group with usermod -g user user then try to remove them.
– PanPipes
Jan 25 at 10:55

|
show 2 more comments

6

Perfect thanks! gpasswd -a user group for adding the user to the group seems also nicer, especially if a typo has made and the -a option gets dropped.
– Lekensteyn
Jan 20 '12 at 16:43

1

Doesn't work for me. I get two messages: a) Removing user from group. b) gpasswd: user is not a member of group. Afterwards running "members group" shows no change.
– geoidesic
Dec 15 '14 at 7:19

1

@geoidesic you need to log out and login again to see the effect
– Wasif Hossain
Jul 3 '16 at 11:09

1

Is there a way to make the change take effect without having to re-login?
– Andy Fusniak
Aug 11 '16 at 15:49

2

@geoidesic I got these errors on Centos 7. I found you got this, if you were trying to remove the user from their default group. Try switching the default group with usermod -g user user then try to remove them.
– PanPipes
Jan 25 at 10:55

Perfect thanks! gpasswd -a user group for adding the user to the group seems also nicer, especially if a typo has made and the -a option gets dropped.
– Lekensteyn
Jan 20 '12 at 16:43

Doesn't work for me. I get two messages: a) Removing user from group. b) gpasswd: user is not a member of group. Afterwards running "members group" shows no change.
– geoidesic
Dec 15 '14 at 7:19

@geoidesic you need to log out and login again to see the effect
– Wasif Hossain
Jul 3 '16 at 11:09

Is there a way to make the change take effect without having to re-login?
– Andy Fusniak
Aug 11 '16 at 15:49

@geoidesic I got these errors on Centos 7. I found you got this, if you were trying to remove the user from their default group. Try switching the default group with usermod -g user user then try to remove them.
– PanPipes
Jan 25 at 10:55

|
show 2 more comments

up vote
147
down vote

On Debian, the adduser package contains a deluser program which removes a user from a group if you pass both as arguments:

deluser user group

If your distribution doesn't have adduser, you can edit /etc/group and /etc/gshadow manually.

vigr

vigr -s

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

9

I did not know of programs like vigr and vipw. Very useful in case the manpages are too far away :)
– Lekensteyn
Jan 20 '12 at 16:47

1

Alternatively, after modifying /etc/group run grpconv to update /etc/gshadow rather than editing it.
– Cyrille
Oct 20 '14 at 12:57

sudo deluser jenkins admin /usr/sbin/deluser: You may not remove the user from their primary group.
– Jonathan
Oct 20 '14 at 17:16

@JonathanLeaders Every user needs to be in at least one group. Use usermod or vipw to change the user's primary group. This question was about supplementary groups.
– Gilles
Oct 21 '14 at 16:44

Nice. There's also the simpler adduser $user $group command instead of the usermod -x -y -z -....
– ygoe
Dec 11 '14 at 12:35

add a comment |

up vote
147
down vote

On Debian, the adduser package contains a deluser program which removes a user from a group if you pass both as arguments:

deluser user group

If your distribution doesn't have adduser, you can edit /etc/group and /etc/gshadow manually.

vigr

vigr -s

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

9

I did not know of programs like vigr and vipw. Very useful in case the manpages are too far away :)
– Lekensteyn
Jan 20 '12 at 16:47

1

Alternatively, after modifying /etc/group run grpconv to update /etc/gshadow rather than editing it.
– Cyrille
Oct 20 '14 at 12:57

sudo deluser jenkins admin /usr/sbin/deluser: You may not remove the user from their primary group.
– Jonathan
Oct 20 '14 at 17:16

@JonathanLeaders Every user needs to be in at least one group. Use usermod or vipw to change the user's primary group. This question was about supplementary groups.
– Gilles
Oct 21 '14 at 16:44

Nice. There's also the simpler adduser $user $group command instead of the usermod -x -y -z -....
– ygoe
Dec 11 '14 at 12:35

add a comment |

up vote
147
down vote

On Debian, the adduser package contains a deluser program which removes a user from a group if you pass both as arguments:

deluser user group

If your distribution doesn't have adduser, you can edit /etc/group and /etc/gshadow manually.

vigr

vigr -s

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

On Debian, the adduser package contains a deluser program which removes a user from a group if you pass both as arguments:

deluser user group

If your distribution doesn't have adduser, you can edit /etc/group and /etc/gshadow manually.

vigr

vigr -s

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

answered Jan 20 '12 at 16:44

Gilles

522k12610401575

9

I did not know of programs like vigr and vipw. Very useful in case the manpages are too far away :)
– Lekensteyn
Jan 20 '12 at 16:47

1

Alternatively, after modifying /etc/group run grpconv to update /etc/gshadow rather than editing it.
– Cyrille
Oct 20 '14 at 12:57

sudo deluser jenkins admin /usr/sbin/deluser: You may not remove the user from their primary group.
– Jonathan
Oct 20 '14 at 17:16

@JonathanLeaders Every user needs to be in at least one group. Use usermod or vipw to change the user's primary group. This question was about supplementary groups.
– Gilles
Oct 21 '14 at 16:44

Nice. There's also the simpler adduser $user $group command instead of the usermod -x -y -z -....
– ygoe
Dec 11 '14 at 12:35

add a comment |

9

I did not know of programs like vigr and vipw. Very useful in case the manpages are too far away :)
– Lekensteyn
Jan 20 '12 at 16:47

1

Alternatively, after modifying /etc/group run grpconv to update /etc/gshadow rather than editing it.
– Cyrille
Oct 20 '14 at 12:57

sudo deluser jenkins admin /usr/sbin/deluser: You may not remove the user from their primary group.
– Jonathan
Oct 20 '14 at 17:16

@JonathanLeaders Every user needs to be in at least one group. Use usermod or vipw to change the user's primary group. This question was about supplementary groups.
– Gilles
Oct 21 '14 at 16:44

Nice. There's also the simpler adduser $user $group command instead of the usermod -x -y -z -....
– ygoe
Dec 11 '14 at 12:35

I did not know of programs like vigr and vipw. Very useful in case the manpages are too far away :)
– Lekensteyn
Jan 20 '12 at 16:47

Alternatively, after modifying /etc/group run grpconv to update /etc/gshadow rather than editing it.
– Cyrille
Oct 20 '14 at 12:57

sudo deluser jenkins admin /usr/sbin/deluser: You may not remove the user from their primary group.
– Jonathan
Oct 20 '14 at 17:16

@JonathanLeaders Every user needs to be in at least one group. Use usermod or vipw to change the user's primary group. This question was about supplementary groups.
– Gilles
Oct 21 '14 at 16:44

Nice. There's also the simpler adduser $user $group command instead of the usermod -x -y -z -....
– ygoe
Dec 11 '14 at 12:35

add a comment |

up vote
56
down vote

usermod -G "" username

removes all secondary/supplementary groups from username, leaving them as a member of only their primary group.
this worked in Solaris 5.9

answered May 4 '13 at 23:56

user208145

1,19621115

4

Tested in CentOS 6.4; works.
– aggregate1166877
Apr 3 '14 at 12:13

1

Works in Ubuntu 12.04, too.
– aggregate1166877
Apr 3 '14 at 12:22

And this seems to be the best way to force the secondary groups to any list of groups, excluding all unlisted groups.
– sage
Aug 12 '16 at 17:53

Tested and working in CentOS 7. Thanks!
– Tricky
Aug 8 at 3:54

add a comment |

up vote
56
down vote

usermod -G "" username

removes all secondary/supplementary groups from username, leaving them as a member of only their primary group.
this worked in Solaris 5.9

answered May 4 '13 at 23:56

user208145

1,19621115

4

Tested in CentOS 6.4; works.
– aggregate1166877
Apr 3 '14 at 12:13

1

Works in Ubuntu 12.04, too.
– aggregate1166877
Apr 3 '14 at 12:22

And this seems to be the best way to force the secondary groups to any list of groups, excluding all unlisted groups.
– sage
Aug 12 '16 at 17:53

Tested and working in CentOS 7. Thanks!
– Tricky
Aug 8 at 3:54

add a comment |

up vote
56
down vote

usermod -G "" username

removes all secondary/supplementary groups from username, leaving them as a member of only their primary group.
this worked in Solaris 5.9

answered May 4 '13 at 23:56

user208145

1,19621115

usermod -G "" username

removes all secondary/supplementary groups from username, leaving them as a member of only their primary group.
this worked in Solaris 5.9

answered May 4 '13 at 23:56

user208145

1,19621115

answered May 4 '13 at 23:56

user208145

1,19621115

answered May 4 '13 at 23:56

user208145

1,19621115

answered May 4 '13 at 23:56

user208145

1,19621115

4

Tested in CentOS 6.4; works.
– aggregate1166877
Apr 3 '14 at 12:13

1

Works in Ubuntu 12.04, too.
– aggregate1166877
Apr 3 '14 at 12:22

And this seems to be the best way to force the secondary groups to any list of groups, excluding all unlisted groups.
– sage
Aug 12 '16 at 17:53

Tested and working in CentOS 7. Thanks!
– Tricky
Aug 8 at 3:54

add a comment |

4

Tested in CentOS 6.4; works.
– aggregate1166877
Apr 3 '14 at 12:13

1

Works in Ubuntu 12.04, too.
– aggregate1166877
Apr 3 '14 at 12:22

And this seems to be the best way to force the secondary groups to any list of groups, excluding all unlisted groups.
– sage
Aug 12 '16 at 17:53

Tested and working in CentOS 7. Thanks!
– Tricky
Aug 8 at 3:54

Tested in CentOS 6.4; works.
– aggregate1166877
Apr 3 '14 at 12:13

Works in Ubuntu 12.04, too.
– aggregate1166877
Apr 3 '14 at 12:22

And this seems to be the best way to force the secondary groups to any list of groups, excluding all unlisted groups.
– sage
Aug 12 '16 at 17:53

Tested and working in CentOS 7. Thanks!
– Tricky
Aug 8 at 3:54

add a comment |

up vote
10
down vote

This is the “old school” approach...

Most *nix systems maintain group information into a plain text file /etc/group, where

each line contains the fields
- group_name
- password
- GID, and
- user_list
delimited by the : character.

the user_list field is a list of user names, separated by commas.

original line is something like this:

thatgroup:x:1274:someuser,thisuser,anotheruser

after editing should be left like this:

thatgroup:x:1274:someuser,anotheruser

As with all the other answers, this will not affect the user's current session(s), if any (i.e., if the user is currently logged in).
The change will take effect the next time the user logs in.

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

answered Dec 10 '14 at 10:59

p57

10113

1

vigr was already mentioned for editing /etc/group manually. My manual pages says that user names are separated by commas, not by colons. Rebooting is not necessary, you just need to re-login (or use newgrp).
– Lekensteyn
Dec 10 '14 at 16:24

To assist any non-Debian users hitting these shores looking for clues... this may be enough for Debian as per the scope of OP's question, but if you were using this for a *BSD OS, you would need to modify the plaintext file here as mentioned, then issue a pwd_mkdb -p /etc/master.passwd to actually put that list into use.
– danno
Jul 19 at 17:43

add a comment |

up vote
10
down vote

This is the “old school” approach...

Most *nix systems maintain group information into a plain text file /etc/group, where

each line contains the fields
- group_name
- password
- GID, and
- user_list
delimited by the : character.

the user_list field is a list of user names, separated by commas.

original line is something like this:

thatgroup:x:1274:someuser,thisuser,anotheruser

after editing should be left like this:

thatgroup:x:1274:someuser,anotheruser

As with all the other answers, this will not affect the user's current session(s), if any (i.e., if the user is currently logged in).
The change will take effect the next time the user logs in.

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

answered Dec 10 '14 at 10:59

p57

10113

1

vigr was already mentioned for editing /etc/group manually. My manual pages says that user names are separated by commas, not by colons. Rebooting is not necessary, you just need to re-login (or use newgrp).
– Lekensteyn
Dec 10 '14 at 16:24

To assist any non-Debian users hitting these shores looking for clues... this may be enough for Debian as per the scope of OP's question, but if you were using this for a *BSD OS, you would need to modify the plaintext file here as mentioned, then issue a pwd_mkdb -p /etc/master.passwd to actually put that list into use.
– danno
Jul 19 at 17:43

add a comment |

up vote
10
down vote

This is the “old school” approach...

Most *nix systems maintain group information into a plain text file /etc/group, where

each line contains the fields
- group_name
- password
- GID, and
- user_list
delimited by the : character.

the user_list field is a list of user names, separated by commas.

original line is something like this:

thatgroup:x:1274:someuser,thisuser,anotheruser

after editing should be left like this:

thatgroup:x:1274:someuser,anotheruser

As with all the other answers, this will not affect the user's current session(s), if any (i.e., if the user is currently logged in).
The change will take effect the next time the user logs in.

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

answered Dec 10 '14 at 10:59

p57

10113

This is the “old school” approach...

Most *nix systems maintain group information into a plain text file /etc/group, where

each line contains the fields
- group_name
- password
- GID, and
- user_list
delimited by the : character.

the user_list field is a list of user names, separated by commas.

original line is something like this:

thatgroup:x:1274:someuser,thisuser,anotheruser

after editing should be left like this:

thatgroup:x:1274:someuser,anotheruser

As with all the other answers, this will not affect the user's current session(s), if any (i.e., if the user is currently logged in).
The change will take effect the next time the user logs in.

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

answered Dec 10 '14 at 10:59

p57

10113

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

edited Jul 23 '15 at 0:04

G-Man

12.3k92961

answered Dec 10 '14 at 10:59

p57

10113

answered Dec 10 '14 at 10:59

p57

10113

answered Dec 10 '14 at 10:59

p57

10113

1

vigr was already mentioned for editing /etc/group manually. My manual pages says that user names are separated by commas, not by colons. Rebooting is not necessary, you just need to re-login (or use newgrp).
– Lekensteyn
Dec 10 '14 at 16:24

To assist any non-Debian users hitting these shores looking for clues... this may be enough for Debian as per the scope of OP's question, but if you were using this for a *BSD OS, you would need to modify the plaintext file here as mentioned, then issue a pwd_mkdb -p /etc/master.passwd to actually put that list into use.
– danno
Jul 19 at 17:43

add a comment |

1

vigr was already mentioned for editing /etc/group manually. My manual pages says that user names are separated by commas, not by colons. Rebooting is not necessary, you just need to re-login (or use newgrp).
– Lekensteyn
Dec 10 '14 at 16:24

To assist any non-Debian users hitting these shores looking for clues... this may be enough for Debian as per the scope of OP's question, but if you were using this for a *BSD OS, you would need to modify the plaintext file here as mentioned, then issue a pwd_mkdb -p /etc/master.passwd to actually put that list into use.
– danno
Jul 19 at 17:43

vigr was already mentioned for editing /etc/group manually. My manual pages says that user names are separated by commas, not by colons. Rebooting is not necessary, you just need to re-login (or use newgrp).
– Lekensteyn
Dec 10 '14 at 16:24

To assist any non-Debian users hitting these shores looking for clues... this may be enough for Debian as per the scope of OP's question, but if you were using this for a *BSD OS, you would need to modify the plaintext file here as mentioned, then issue a pwd_mkdb -p /etc/master.passwd to actually put that list into use.
– danno
Jul 19 at 17:43

add a comment |

up vote
3
down vote

You can use the below command on SUSE distributions
(and, apparently, no others).

usermod -R group user_name

where group is the group that you want to remove the user from
and user_name the user that you want to remove from the group.
For example,

usermod -R root imnottheroot

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

1

What package provides your usermod binary? I'm asking to find out the version, as mine from shadow-utils-4.1.4.3 does not provide the -R option.
– myroslav
Oct 17 '13 at 10:42

3

My shadow 4.1.5.1-5 package (Arch Linux) does have an -R option, but that means something else. It's not Linux I guess.
– Lekensteyn
Oct 17 '13 at 14:51

3

I'm not sure this will work. The manpage is saying that -R is: "-R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. "
– MikeKusold
Jul 8 '14 at 23:34

2

The only things sort of related I could find was this oracle manpage, but that's still not about the same thing, so this answer should maybe be removed.
– kyrias
Oct 5 '14 at 22:03

sudo usermod -R admin jenkins usermod: invalid chroot path 'admin'
– Jonathan
Oct 20 '14 at 17:18

add a comment |

up vote
3
down vote

You can use the below command on SUSE distributions
(and, apparently, no others).

usermod -R group user_name

where group is the group that you want to remove the user from
and user_name the user that you want to remove from the group.
For example,

usermod -R root imnottheroot

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

1

What package provides your usermod binary? I'm asking to find out the version, as mine from shadow-utils-4.1.4.3 does not provide the -R option.
– myroslav
Oct 17 '13 at 10:42

3

My shadow 4.1.5.1-5 package (Arch Linux) does have an -R option, but that means something else. It's not Linux I guess.
– Lekensteyn
Oct 17 '13 at 14:51

3

I'm not sure this will work. The manpage is saying that -R is: "-R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. "
– MikeKusold
Jul 8 '14 at 23:34

2

The only things sort of related I could find was this oracle manpage, but that's still not about the same thing, so this answer should maybe be removed.
– kyrias
Oct 5 '14 at 22:03

sudo usermod -R admin jenkins usermod: invalid chroot path 'admin'
– Jonathan
Oct 20 '14 at 17:18

add a comment |

up vote
3
down vote

You can use the below command on SUSE distributions
(and, apparently, no others).

usermod -R group user_name

where group is the group that you want to remove the user from
and user_name the user that you want to remove from the group.
For example,

usermod -R root imnottheroot

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

You can use the below command on SUSE distributions
(and, apparently, no others).

usermod -R group user_name

where group is the group that you want to remove the user from
and user_name the user that you want to remove from the group.
For example,

usermod -R root imnottheroot

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

edited Jul 23 '15 at 0:14

G-Man

12.3k92961

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

answered Oct 17 '13 at 8:58

Stavros Fan Koutsouropoulos

311

1

What package provides your usermod binary? I'm asking to find out the version, as mine from shadow-utils-4.1.4.3 does not provide the -R option.
– myroslav
Oct 17 '13 at 10:42

3

My shadow 4.1.5.1-5 package (Arch Linux) does have an -R option, but that means something else. It's not Linux I guess.
– Lekensteyn
Oct 17 '13 at 14:51

3

I'm not sure this will work. The manpage is saying that -R is: "-R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. "
– MikeKusold
Jul 8 '14 at 23:34

2

The only things sort of related I could find was this oracle manpage, but that's still not about the same thing, so this answer should maybe be removed.
– kyrias
Oct 5 '14 at 22:03

sudo usermod -R admin jenkins usermod: invalid chroot path 'admin'
– Jonathan
Oct 20 '14 at 17:18

add a comment |

1

What package provides your usermod binary? I'm asking to find out the version, as mine from shadow-utils-4.1.4.3 does not provide the -R option.
– myroslav
Oct 17 '13 at 10:42

3

My shadow 4.1.5.1-5 package (Arch Linux) does have an -R option, but that means something else. It's not Linux I guess.
– Lekensteyn
Oct 17 '13 at 14:51

3

I'm not sure this will work. The manpage is saying that -R is: "-R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. "
– MikeKusold
Jul 8 '14 at 23:34

2

The only things sort of related I could find was this oracle manpage, but that's still not about the same thing, so this answer should maybe be removed.
– kyrias
Oct 5 '14 at 22:03

sudo usermod -R admin jenkins usermod: invalid chroot path 'admin'
– Jonathan
Oct 20 '14 at 17:18

What package provides your usermod binary? I'm asking to find out the version, as mine from shadow-utils-4.1.4.3 does not provide the -R option.
– myroslav
Oct 17 '13 at 10:42

My shadow 4.1.5.1-5 package (Arch Linux) does have an -R option, but that means something else. It's not Linux I guess.
– Lekensteyn
Oct 17 '13 at 14:51

I'm not sure this will work. The manpage is saying that -R is: "-R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. "
– MikeKusold
Jul 8 '14 at 23:34

The only things sort of related I could find was this oracle manpage, but that's still not about the same thing, so this answer should maybe be removed.
– kyrias
Oct 5 '14 at 22:03

sudo usermod -R admin jenkins usermod: invalid chroot path 'admin'
– Jonathan
Oct 20 '14 at 17:18

add a comment |

up vote
1
down vote

Consider:

username: abc2

group name: newgroup11

Task: Removing user abc2 from group newgroup11

[root@home1 ~]# groups abc2

abc2 : abc2

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# groups abc2

abc2 : abc2 newgroup11

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# usermod -G abc2 abc2

[root@home1 ~]# groups abc2

abc2 : abc2

** Kindly correct me if I am wrong. **

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

answered Jan 17 '15 at 21:19

new user

111

1

This "works", but only because you have a single secondary group. usermod -G newgroup11 abc2 will put you in the secondary group newgroup11. Since the primary group is abc2, you will end up in both groups. usermod -g abc2 abc2 results in newgroup11 being removed from the secondary groups because it is not mentioned anymore. So for three or more different groups, this method won't work. See the other answers involving gpasswd for a better command.
– Lekensteyn
Jan 17 '15 at 22:56

add a comment |

up vote
1
down vote

Consider:

username: abc2

group name: newgroup11

Task: Removing user abc2 from group newgroup11

[root@home1 ~]# groups abc2

abc2 : abc2

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# groups abc2

abc2 : abc2 newgroup11

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# usermod -G abc2 abc2

[root@home1 ~]# groups abc2

abc2 : abc2

** Kindly correct me if I am wrong. **

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

answered Jan 17 '15 at 21:19

new user

111

1

This "works", but only because you have a single secondary group. usermod -G newgroup11 abc2 will put you in the secondary group newgroup11. Since the primary group is abc2, you will end up in both groups. usermod -g abc2 abc2 results in newgroup11 being removed from the secondary groups because it is not mentioned anymore. So for three or more different groups, this method won't work. See the other answers involving gpasswd for a better command.
– Lekensteyn
Jan 17 '15 at 22:56

add a comment |

up vote
1
down vote

Consider:

username: abc2

group name: newgroup11

Task: Removing user abc2 from group newgroup11

[root@home1 ~]# groups abc2

abc2 : abc2

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# groups abc2

abc2 : abc2 newgroup11

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# usermod -G abc2 abc2

[root@home1 ~]# groups abc2

abc2 : abc2

** Kindly correct me if I am wrong. **

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

answered Jan 17 '15 at 21:19

new user

111

Consider:

username: abc2

group name: newgroup11

Task: Removing user abc2 from group newgroup11

[root@home1 ~]# groups abc2

abc2 : abc2

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# groups abc2

abc2 : abc2 newgroup11

[root@home1 ~]# usermod -G newgroup11 abc2

[root@home1 ~]# usermod -G abc2 abc2

[root@home1 ~]# groups abc2

abc2 : abc2

** Kindly correct me if I am wrong. **

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

answered Jan 17 '15 at 21:19

new user

111

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

edited Jul 21 '15 at 16:00

G-Man

12.3k92961

answered Jan 17 '15 at 21:19

new user

111

answered Jan 17 '15 at 21:19

new user

111

answered Jan 17 '15 at 21:19

new user

111

1

This "works", but only because you have a single secondary group. usermod -G newgroup11 abc2 will put you in the secondary group newgroup11. Since the primary group is abc2, you will end up in both groups. usermod -g abc2 abc2 results in newgroup11 being removed from the secondary groups because it is not mentioned anymore. So for three or more different groups, this method won't work. See the other answers involving gpasswd for a better command.
– Lekensteyn
Jan 17 '15 at 22:56

add a comment |

1

This "works", but only because you have a single secondary group. usermod -G newgroup11 abc2 will put you in the secondary group newgroup11. Since the primary group is abc2, you will end up in both groups. usermod -g abc2 abc2 results in newgroup11 being removed from the secondary groups because it is not mentioned anymore. So for three or more different groups, this method won't work. See the other answers involving gpasswd for a better command.
– Lekensteyn
Jan 17 '15 at 22:56

This "works", but only because you have a single secondary group. usermod -G newgroup11 abc2 will put you in the secondary group newgroup11. Since the primary group is abc2, you will end up in both groups. usermod -g abc2 abc2 results in newgroup11 being removed from the secondary groups because it is not mentioned anymore. So for three or more different groups, this method won't work. See the other answers involving gpasswd for a better command.
– Lekensteyn
Jan 17 '15 at 22:56

add a comment |

up vote
1
down vote

Suppose that username=student and groupname=research, therefore to remove student user from research group it's need to do following:

gpasswd -d student research

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

answered Apr 11 at 8:11

ravi

111

add a comment |

up vote
1
down vote

Suppose that username=student and groupname=research, therefore to remove student user from research group it's need to do following:

gpasswd -d student research

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

answered Apr 11 at 8:11

ravi

111

add a comment |

up vote
1
down vote

Suppose that username=student and groupname=research, therefore to remove student user from research group it's need to do following:

gpasswd -d student research

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

answered Apr 11 at 8:11

ravi

111

Suppose that username=student and groupname=research, therefore to remove student user from research group it's need to do following:

gpasswd -d student research

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

answered Apr 11 at 8:11

ravi

111

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

edited Apr 11 at 9:36

Yurij Goncharuk

2,3132521

answered Apr 11 at 8:11

ravi

111

answered Apr 11 at 8:11

ravi

111

answered Apr 11 at 8:11

ravi

111

add a comment |

up vote
0
down vote

To continue using usermod in a distro (like Fedora) which does not have a remove option, where user=bob and group=deletethisgroup, command would be:

usermod -G `cat /etc/group |  grep bob | grep -v deletethisgroup | cut -d ':' -f 1 | tr 'n' ',' | sed 's/,$//'` bob

The pipes (1) get all group entries user belongs to, (2) take out the one which needs to be removed, (3) returns first column (group name), replaces newline with comma, and removes trailing comma.

Of course, you could put all that in a bash script which takes user and group to be deleted as parameters. awk could be used to shorten the end but I wanted to stick to grep, cut, tr and sed.

answered Mar 25 '16 at 21:02

Stephen

1011

According to this man page, gpasswd -d bob deletethisgroup is available too. Any reason why you are not using it?
– Lekensteyn
Mar 27 '16 at 0:08

Not everyone wants to set up group passwords. I was just offering a solution using the command that was referenced by the question on a particular distro. in Fedora/RHEL/Centos with gpasswd -d the removed user can still join the group if he has access to the password. It actually increases group access as opposed to disallowing it.
– Stephen
Mar 27 '16 at 4:11

I understood that the utility is named gpasswd because it is closely related to /etc/passwd, but instead manages groups. Unlike the plain passwd command which just controls passwords, gpasswd can also be used to manage membership of a group. A group password is not required if you are root or a group administrator.
– Lekensteyn
Mar 27 '16 at 15:46

Did you read the gpasswd manual? For Fedora/RHEL/CentOS, if you read the manual, it is stated that the command "is used to administer /etc/group, and /etc/gshadow". It actually has no effect on /etc/passwd. Manual also states "Group passwords are an inherent security problem since more than one person is permitted to know the password." It does not actually manage membership of a group, it opens the group up to ANY user with the password. A group password is not required if you are already a MEMBER of the group.
– Stephen
Mar 28 '16 at 2:19

Closely related was in the sense of similar naming and purposes, I did not imply that the /etc/passwd file is actually managed by gpasswd. Note that "man page" in my first comment points to the gpasswd manual page for Fedora 13. Using gpasswd $group you can set the group password which causes the security issue you mentioned. However you can also not have a password and use gpasswd -d $user $group to delete a user as described in the first comment and accepted answer. Note that this command does not prompt for a group password nor does it modify or require it.
– Lekensteyn
Mar 28 '16 at 20:42

add a comment |

up vote
0
down vote

To continue using usermod in a distro (like Fedora) which does not have a remove option, where user=bob and group=deletethisgroup, command would be:

usermod -G `cat /etc/group |  grep bob | grep -v deletethisgroup | cut -d ':' -f 1 | tr 'n' ',' | sed 's/,$//'` bob

The pipes (1) get all group entries user belongs to, (2) take out the one which needs to be removed, (3) returns first column (group name), replaces newline with comma, and removes trailing comma.

Of course, you could put all that in a bash script which takes user and group to be deleted as parameters. awk could be used to shorten the end but I wanted to stick to grep, cut, tr and sed.

answered Mar 25 '16 at 21:02

Stephen

1011

According to this man page, gpasswd -d bob deletethisgroup is available too. Any reason why you are not using it?
– Lekensteyn
Mar 27 '16 at 0:08

Not everyone wants to set up group passwords. I was just offering a solution using the command that was referenced by the question on a particular distro. in Fedora/RHEL/Centos with gpasswd -d the removed user can still join the group if he has access to the password. It actually increases group access as opposed to disallowing it.
– Stephen
Mar 27 '16 at 4:11

I understood that the utility is named gpasswd because it is closely related to /etc/passwd, but instead manages groups. Unlike the plain passwd command which just controls passwords, gpasswd can also be used to manage membership of a group. A group password is not required if you are root or a group administrator.
– Lekensteyn
Mar 27 '16 at 15:46

Did you read the gpasswd manual? For Fedora/RHEL/CentOS, if you read the manual, it is stated that the command "is used to administer /etc/group, and /etc/gshadow". It actually has no effect on /etc/passwd. Manual also states "Group passwords are an inherent security problem since more than one person is permitted to know the password." It does not actually manage membership of a group, it opens the group up to ANY user with the password. A group password is not required if you are already a MEMBER of the group.
– Stephen
Mar 28 '16 at 2:19

Closely related was in the sense of similar naming and purposes, I did not imply that the /etc/passwd file is actually managed by gpasswd. Note that "man page" in my first comment points to the gpasswd manual page for Fedora 13. Using gpasswd $group you can set the group password which causes the security issue you mentioned. However you can also not have a password and use gpasswd -d $user $group to delete a user as described in the first comment and accepted answer. Note that this command does not prompt for a group password nor does it modify or require it.
– Lekensteyn
Mar 28 '16 at 20:42

add a comment |

up vote
0
down vote

To continue using usermod in a distro (like Fedora) which does not have a remove option, where user=bob and group=deletethisgroup, command would be:

usermod -G `cat /etc/group |  grep bob | grep -v deletethisgroup | cut -d ':' -f 1 | tr 'n' ',' | sed 's/,$//'` bob

The pipes (1) get all group entries user belongs to, (2) take out the one which needs to be removed, (3) returns first column (group name), replaces newline with comma, and removes trailing comma.

Of course, you could put all that in a bash script which takes user and group to be deleted as parameters. awk could be used to shorten the end but I wanted to stick to grep, cut, tr and sed.

answered Mar 25 '16 at 21:02

Stephen

1011

To continue using usermod in a distro (like Fedora) which does not have a remove option, where user=bob and group=deletethisgroup, command would be:

usermod -G `cat /etc/group |  grep bob | grep -v deletethisgroup | cut -d ':' -f 1 | tr 'n' ',' | sed 's/,$//'` bob

The pipes (1) get all group entries user belongs to, (2) take out the one which needs to be removed, (3) returns first column (group name), replaces newline with comma, and removes trailing comma.

Of course, you could put all that in a bash script which takes user and group to be deleted as parameters. awk could be used to shorten the end but I wanted to stick to grep, cut, tr and sed.

answered Mar 25 '16 at 21:02

Stephen

1011

answered Mar 25 '16 at 21:02

Stephen

1011

answered Mar 25 '16 at 21:02

Stephen

1011

answered Mar 25 '16 at 21:02

Stephen

1011

According to this man page, gpasswd -d bob deletethisgroup is available too. Any reason why you are not using it?
– Lekensteyn
Mar 27 '16 at 0:08

Not everyone wants to set up group passwords. I was just offering a solution using the command that was referenced by the question on a particular distro. in Fedora/RHEL/Centos with gpasswd -d the removed user can still join the group if he has access to the password. It actually increases group access as opposed to disallowing it.
– Stephen
Mar 27 '16 at 4:11

I understood that the utility is named gpasswd because it is closely related to /etc/passwd, but instead manages groups. Unlike the plain passwd command which just controls passwords, gpasswd can also be used to manage membership of a group. A group password is not required if you are root or a group administrator.
– Lekensteyn
Mar 27 '16 at 15:46

Did you read the gpasswd manual? For Fedora/RHEL/CentOS, if you read the manual, it is stated that the command "is used to administer /etc/group, and /etc/gshadow". It actually has no effect on /etc/passwd. Manual also states "Group passwords are an inherent security problem since more than one person is permitted to know the password." It does not actually manage membership of a group, it opens the group up to ANY user with the password. A group password is not required if you are already a MEMBER of the group.
– Stephen
Mar 28 '16 at 2:19

Closely related was in the sense of similar naming and purposes, I did not imply that the /etc/passwd file is actually managed by gpasswd. Note that "man page" in my first comment points to the gpasswd manual page for Fedora 13. Using gpasswd $group you can set the group password which causes the security issue you mentioned. However you can also not have a password and use gpasswd -d $user $group to delete a user as described in the first comment and accepted answer. Note that this command does not prompt for a group password nor does it modify or require it.
– Lekensteyn
Mar 28 '16 at 20:42

add a comment |

According to this man page, gpasswd -d bob deletethisgroup is available too. Any reason why you are not using it?
– Lekensteyn
Mar 27 '16 at 0:08

Not everyone wants to set up group passwords. I was just offering a solution using the command that was referenced by the question on a particular distro. in Fedora/RHEL/Centos with gpasswd -d the removed user can still join the group if he has access to the password. It actually increases group access as opposed to disallowing it.
– Stephen
Mar 27 '16 at 4:11

I understood that the utility is named gpasswd because it is closely related to /etc/passwd, but instead manages groups. Unlike the plain passwd command which just controls passwords, gpasswd can also be used to manage membership of a group. A group password is not required if you are root or a group administrator.
– Lekensteyn
Mar 27 '16 at 15:46

Did you read the gpasswd manual? For Fedora/RHEL/CentOS, if you read the manual, it is stated that the command "is used to administer /etc/group, and /etc/gshadow". It actually has no effect on /etc/passwd. Manual also states "Group passwords are an inherent security problem since more than one person is permitted to know the password." It does not actually manage membership of a group, it opens the group up to ANY user with the password. A group password is not required if you are already a MEMBER of the group.
– Stephen
Mar 28 '16 at 2:19

Closely related was in the sense of similar naming and purposes, I did not imply that the /etc/passwd file is actually managed by gpasswd. Note that "man page" in my first comment points to the gpasswd manual page for Fedora 13. Using gpasswd $group you can set the group password which causes the security issue you mentioned. However you can also not have a password and use gpasswd -d $user $group to delete a user as described in the first comment and accepted answer. Note that this command does not prompt for a group password nor does it modify or require it.
– Lekensteyn
Mar 28 '16 at 20:42

According to this man page, gpasswd -d bob deletethisgroup is available too. Any reason why you are not using it?
– Lekensteyn
Mar 27 '16 at 0:08

Not everyone wants to set up group passwords. I was just offering a solution using the command that was referenced by the question on a particular distro. in Fedora/RHEL/Centos with gpasswd -d the removed user can still join the group if he has access to the password. It actually increases group access as opposed to disallowing it.
– Stephen
Mar 27 '16 at 4:11

I understood that the utility is named gpasswd because it is closely related to /etc/passwd, but instead manages groups. Unlike the plain passwd command which just controls passwords, gpasswd can also be used to manage membership of a group. A group password is not required if you are root or a group administrator.
– Lekensteyn
Mar 27 '16 at 15:46

Did you read the gpasswd manual? For Fedora/RHEL/CentOS, if you read the manual, it is stated that the command "is used to administer /etc/group, and /etc/gshadow". It actually has no effect on /etc/passwd. Manual also states "Group passwords are an inherent security problem since more than one person is permitted to know the password." It does not actually manage membership of a group, it opens the group up to ANY user with the password. A group password is not required if you are already a MEMBER of the group.
– Stephen
Mar 28 '16 at 2:19

Closely related was in the sense of similar naming and purposes, I did not imply that the /etc/passwd file is actually managed by gpasswd. Note that "man page" in my first comment points to the gpasswd manual page for Fedora 13. Using gpasswd $group you can set the group password which causes the security issue you mentioned. However you can also not have a password and use gpasswd -d $user $group to delete a user as described in the first comment and accepted answer. Note that this command does not prompt for a group password nor does it modify or require it.
– Lekensteyn
Mar 28 '16 at 20:42

add a comment |

up vote
0
down vote

answered Nov 21 at 17:56

Helper

New contributor

1

This information has been presented multiple times already.
– Scott
Nov 21 at 18:11

add a comment |

up vote
0
down vote

answered Nov 21 at 17:56

Helper

New contributor

1

This information has been presented multiple times already.
– Scott
Nov 21 at 18:11

add a comment |

up vote
0
down vote

answered Nov 21 at 17:56

Helper

New contributor

answered Nov 21 at 17:56

Helper

New contributor

answered Nov 21 at 17:56

Helper

New contributor

answered Nov 21 at 17:56

Helper

answered Nov 21 at 17:56

Helper

New contributor

Helper is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

1

This information has been presented multiple times already.
– Scott
Nov 21 at 18:11

add a comment |

1

This information has been presented multiple times already.
– Scott
Nov 21 at 18:11

This information has been presented multiple times already.
– Scott
Nov 21 at 18:11

add a comment |

up vote
-1
down vote

pw groupmod "groupname|gid" -d "username|uid"

A solution if you are using CSH, for whatever reason.

edited Jan 15 '14 at 9:12

answered Jan 15 '14 at 9:06

james

add a comment |

up vote
-1
down vote

pw groupmod "groupname|gid" -d "username|uid"

A solution if you are using CSH, for whatever reason.

edited Jan 15 '14 at 9:12

answered Jan 15 '14 at 9:06

james

add a comment |

up vote
-1
down vote

pw groupmod "groupname|gid" -d "username|uid"

A solution if you are using CSH, for whatever reason.

edited Jan 15 '14 at 9:12

answered Jan 15 '14 at 9:06

james

pw groupmod "groupname|gid" -d "username|uid"

A solution if you are using CSH, for whatever reason.

edited Jan 15 '14 at 9:12

answered Jan 15 '14 at 9:06

james

edited Jan 15 '14 at 9:12

answered Jan 15 '14 at 9:06

james

answered Jan 15 '14 at 9:06

james

answered Jan 15 '14 at 9:06

james

add a comment |

up vote
-1
down vote

To remove a user from a group gpasswd is the best utility for this IMO.

Command Example:

sudo gpasswd -d group user

* Help Info *

Usage: gpasswd [option] GROUP



Options:

  -a, --add USER                add USER to GROUP

  -d, --delete USER             remove USER from GROUP

  -h, --help                    display this help message and exit

  -Q, --root CHROOT_DIR         directory to chroot into

  -r, --delete-password         remove the GROUP's password

  -R, --restrict                restrict access to GROUP to its members

  -M, --members USER,...        set the list of members of GROUP

  -A, --administrators ADMIN,...

                                set the list of administrators for GROUP

Except for the -A and -M options, the options cannot be combined.

edited Jan 19 at 20:04

peterh

4,09292956

answered Jan 19 at 19:40

Brian Cotton

The group and user arguments are swapped. Also, this is exactly what the accepted answer proposed, this post is not really helpful?
– Lekensteyn
Jan 19 at 23:29

add a comment |

up vote
-1
down vote

To remove a user from a group gpasswd is the best utility for this IMO.

Command Example:

sudo gpasswd -d group user

* Help Info *

Usage: gpasswd [option] GROUP



Options:

  -a, --add USER                add USER to GROUP

  -d, --delete USER             remove USER from GROUP

  -h, --help                    display this help message and exit

  -Q, --root CHROOT_DIR         directory to chroot into

  -r, --delete-password         remove the GROUP's password

  -R, --restrict                restrict access to GROUP to its members

  -M, --members USER,...        set the list of members of GROUP

  -A, --administrators ADMIN,...

                                set the list of administrators for GROUP

Except for the -A and -M options, the options cannot be combined.

edited Jan 19 at 20:04

peterh

4,09292956

answered Jan 19 at 19:40

Brian Cotton

The group and user arguments are swapped. Also, this is exactly what the accepted answer proposed, this post is not really helpful?
– Lekensteyn
Jan 19 at 23:29

add a comment |

up vote
-1
down vote

To remove a user from a group gpasswd is the best utility for this IMO.

Command Example:

sudo gpasswd -d group user

* Help Info *

Usage: gpasswd [option] GROUP



Options:

  -a, --add USER                add USER to GROUP

  -d, --delete USER             remove USER from GROUP

  -h, --help                    display this help message and exit

  -Q, --root CHROOT_DIR         directory to chroot into

  -r, --delete-password         remove the GROUP's password

  -R, --restrict                restrict access to GROUP to its members

  -M, --members USER,...        set the list of members of GROUP

  -A, --administrators ADMIN,...

                                set the list of administrators for GROUP

Except for the -A and -M options, the options cannot be combined.

edited Jan 19 at 20:04

peterh

4,09292956

answered Jan 19 at 19:40

Brian Cotton

To remove a user from a group gpasswd is the best utility for this IMO.

Command Example:

sudo gpasswd -d group user

* Help Info *

Usage: gpasswd [option] GROUP



Options:

  -a, --add USER                add USER to GROUP

  -d, --delete USER             remove USER from GROUP

  -h, --help                    display this help message and exit

  -Q, --root CHROOT_DIR         directory to chroot into

  -r, --delete-password         remove the GROUP's password

  -R, --restrict                restrict access to GROUP to its members

  -M, --members USER,...        set the list of members of GROUP

  -A, --administrators ADMIN,...

                                set the list of administrators for GROUP

Except for the -A and -M options, the options cannot be combined.

edited Jan 19 at 20:04

peterh

4,09292956

answered Jan 19 at 19:40

Brian Cotton

edited Jan 19 at 20:04

peterh

4,09292956

edited Jan 19 at 20:04

peterh

4,09292956

edited Jan 19 at 20:04

peterh

4,09292956

answered Jan 19 at 19:40

Brian Cotton

answered Jan 19 at 19:40

Brian Cotton

answered Jan 19 at 19:40

Brian Cotton

The group and user arguments are swapped. Also, this is exactly what the accepted answer proposed, this post is not really helpful?
– Lekensteyn
Jan 19 at 23:29

add a comment |

The group and user arguments are swapped. Also, this is exactly what the accepted answer proposed, this post is not really helpful?
– Lekensteyn
Jan 19 at 23:29

The group and user arguments are swapped. Also, this is exactly what the accepted answer proposed, this post is not really helpful?
– Lekensteyn
Jan 19 at 23:29

add a comment |

draft saved

draft discarded

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Cfrtjryk