I added a user account to the admin group and discovered I added wrong user. So I now have to remove the account from the admin group.
How can I remove an account from a group without deleting the user?
Asked
Active
Viewed 3.1e+01k times
150
Charles Roper
- 305
Eonil
- 2,051
4 Answers
189
Portablejim's answer is accurate but dangerous -- if you typo something, your system may be unusable, especially if you alter the admin group improperly. If you must edit the groups file, use the vipw -g or vigr commands, which verify the syntax before saving. Even then, there are better ways.
From a commandline, the one you probably want to use is the following (as root):
deluser <username> <groupname>
This will remove the specified user from the specified group. You must relogin to see the effect. It will not delete the user, or the group, just the membership. There are also ways of doing it with the usermod command, but it's harder to use as you need to replace the entire list of groups for a user in order to remove a single group. The gpasswd command is also capable of doing this (as sagarchalise points out), but is mostly deprecated. As always, see the man pages for more details.
metakermit
- 2,640
zanfur
- 2,737
79
You can do this:
sudo gpasswd -d username group
See: http://manpages.ubuntu.com/manpages/focal/en/man1/gpasswd.1.html
-d, --delete userRemove the user from the named group.
conceptdeluxe
- 315
sagarchalise
- 23,988
-
5One advantage of
gpasswdis that it's more cross-platform and also works on Red Hat-based distributions. – Anthony Geoghegan Apr 19 '17 at 14:53 -
2
-
1Can you edit your answer to explain what the -d flag does? (I've voted for it as the best answer, anyway! Thank you!) – Aerendir Jun 08 '19 at 17:40
-
1
See zanfur's answer.
Edit the /etc/group file as root (i.e. gksudo gedit /etc/group) and remove the username from the line that starts with 'admin'
i.e.
...
admin:x:120:adminuser,adminuser2,userthatshouldnotbeadmin
...
becomes
...
admin:x:120:adminuser,adminuser2
...
Be warned, typos within the file could break your system.
Portablejim
- 2,748
-
15Please don't advice to edit these system files manually. In case you screw up your system might become inaccessible. – gertvdijk Dec 04 '12 at 16:28
-
-
4I think you should post this as it is valuable insight into how Linux works. However, should include a warning that there is a much safer way – Freedom_Ben Jan 09 '14 at 01:37
1
The easiest and safest way:
sudo -H gedit /etc/group
and delete it manually.
-
I see this one enrty.
ssh:x:118:What is the meaning of the number118here ? – ankit7540 Jan 19 '17 at 05:09 -
4
-
this worked fo rme, I removed the user from the group and I was good to go. – Ciasto piekarz Dec 08 '19 at 11:34
gpasswdis not deprecated. Its entire purpose is to administer /etc/group and /etc/gshadow. Also, while your method does work, and is mentioned in the deluser man page, it's a bit risky. If you accidentally hit enter before you type the group name, you've remove the user. Better hope you remember its UID so you can add it back quickly. It would be safer to use gpasswd which is designed for this purpose. – Starfish Jul 27 '13 at 23:53deluserwhile searching man pages (here with Ubuntu 18 in 2018), but the first line in the man page states: "remove a user or group from the system", so I moved on in my search. Clearly the man page needs to be worded better. – tim.rohrer Jun 20 '18 at 03:27deluseras solution where missing the second parameter will immediately delete the user. The "gpasswd" answer is way better in my optinion. – Marcus K. Jan 05 '21 at 08:01