1. Introduction

Group and user management is a core part of Linux administration. As such, knowing the different commands that are common for the area can be invaluable. For example, the groupdel command is a Linux system utility that a system administrator can use to delete an existing Linux group. It’s part of the shadow tools package.

In this tutorial, we’ll look at groupdel, its general usage, and some practical examples.

2. Usage

The groupdel command uses a fairly common syntax:

groupdel [options] group-name

Notably, the command requires administrator privileges. To demonstrate its basic application, let’s add a group called demo. We can do this using the groupadd command:

$ groupadd demo

Before deleting a group, we can also list all available groups via the contents of the /etc/group file:

$ cat /etc/group

In this case, the newly created group (demo) should be at the end of the file. Now, let’s delete the demo group:

$ sudo groupdel demo

After the deletion is complete, we won’t see any output on the terminal. In general, when we run this command, the system edits the files below:

  • /etc/group: details for each group with lines being group entries containing name, password, group ID, and the member users
  • /etc/gshadow: encrypted group passwords

Consequently, the result is that the OS removes the group details if it exists. Otherwise, it returns an error. Now, to verify that the group is indeed removed, we can check for it using the getent command:

$ getent group | grep demo

If an entry still exists for the group in the /etc/group file, we should see data about it displayed. Otherwise, we should have no output. Of course, this basic grep filter can return false positives, but it can be refined as needed.

When deleting a group, the operation might sometimes fail. In some of these instances, we can force this action using the -f (–force) option. If that doesn’t work, we can inspect the specific failure reason via the exit status.

3. Exit Status

After running groupdel, it may sometimes not return an output. As usual, we can see the code with which the command exited via the special $? variable:

$ echo $?

This exit status can have one of several values:

Exit Сtatus Meaning
0 success
2 invalid command syntax
6 specified group doesn’t exist
8 can’t remove the user’s primary group
10 can’t update group file

Knowing the status, we can decode whether there was an error and what caused it.

4. groupdel vs. delgroup

On Debian-based systems like Ubuntu, the delgroup command may also be available for deleting Linux groups. The usage of the command is similar to that of groupdel. In short, to delete a group called demo, we replace groupdel with delgroup:

$ delgroup demo

Unlike groupdel, which is part of the shadow package, delgroup is a script that removes users and groups based on configurations in the /etc/deluser.conf file. This file defines the available options and defaults when using delgroup.

5. Security Considerations

Let’s see some precautions we need to consider before deleting a group.

5.1. Precautionary Measures

The type of group to which existing members belong is an important aspect to consider before removing a group. To begin with, a primary group is a group that enables a user to access files on the system. So, primary groups are the ones assigned to filesystem objects that a user creates.

Still, all groups, including secondary ones, that the user belongs to can provide that user with access to other filesystem objects. It’s important to note that a user can only have one primary group. Because of this, deleting a user’s primary group can have serious consequences – a user may lose access to the filesystem. We can check for all the groups the current user belongs to using the groups command:

$ groups

Deleting any user group can make them lose their permissions to access certain services or applications. Therefore, before we delete a group, it’s a good practice to check the group type associated with the members. We can also ensure repeatability by having a clear security policy in the organization.

5.2. Strengthening Access Control

Before deleting a group, it may be necessary for us to consider other access management options such as updating user privileges or using the principle of least privilege to assign access rights. This may be more sustainable in the long run.

6. Conclusion

In this article, we’ve seen how to delete groups in Linux. Apart from the basic practical examples, we also discussed why we might need to take some precautions before undertaking this action.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments