1

Uhy can you add a user to a group with usermod, but you cant remove a user from a group with usermod? Am I wrong?

I got a user I want to remove from the sudo group. I put this user in with usermod, now I have to use deluser to remove the user from the group?

On a test box, I ran sudo usermod -G "" user (bad advice form some thread I read) which removed all the groups, glad I didn't run that on the server.

From the man page, I see a -W option that mentions removing a list of gids. Are gids groups?

j0h
  • 14,825

2 Answers2

3

Although I wouldn't necessarily recommend it, you can in fact remove a user from a supplementary group with usermod - by passing a list of groups to keep to the -G command. From man usermod:

   -G, --groups GROUP1[,GROUP2,...[,GROUPN]]]
       .
       .
       .

   If the user is currently a member of a group which is not listed,
   the user will be removed from the group. This behaviour can be
   changed via the -a option, which appends the user to the current
   supplementary group list.

Ex.

$ id testuser
uid=1001(testuser) gid=1001(testuser) groups=1001(testuser),27(sudo),33(www-data),100(users)

$ sudo usermod -G users,www-data testuser


$ id testuser
uid=1001(testuser) gid=1001(testuser) groups=1001(testuser),33(www-data),100(users)
steeldriver
  • 136,215
  • 21
  • 243
  • 336
3

You can add and remove a user from a group using usermod. User -a to add a user to a group; and use -r to remove a user from a group. You can use cat on the /etc/group file to see the members of all groups:

sudo usermod -a -G <group> <username>
cat /etc/group | grep <group>
sudo usermod -r -G <group> <username>
cat /etc/group | grep <group>
user643722
  • 412