1. Introduction

Groups are a way to organize users with similar permissions on Linux. It’s like creating teams for files and resources. Linux groups simplify permission management, enhance security, and improve organization for better collaboration and control.

Furthermore, every Linux user belongs to a primary group. The group is usually created along with the user account and often shares the same name as that of the user. In addition to a primary group, a user can belong to zero or more secondary groups.

In this tutorial, we explore techniques for reloading a Linux user’s group assignment without a complete logout-and-login cycle.

All instructions in this tutorial have been tested on EuroLinux 9.

2. User Groups and Permissions

Linux systems employ user groups to categorize users with similar access needs and privileges. A user can belong to multiple groups and inherit the permissions associated with each.

As mentioned earlier, users can belong to two group types:

  • the primary group determines the default ownership and permissions for files the user creates
  • secondary groups grant access to resources controlled by those groups

However, modifications to user group memberships often require a complete login cycle for the changes to take effect within the running environment. This can be inconvenient and might disrupt ongoing workflows.

In some graphical environments, we may need to restart the window manager to ensure the changes take effect. This further extends the downtime for reloading user group assignments.

3. User and Group Actions

On Linux, we can check the group or groups that a current user belongs to with the groups command:

$ groups
baeldung

Additionally, the /etc/group file lists all groups, each uniquely identified by a Group ID (GID):

$ cat /etc/group
root:x:0:
audio:x:63:
users:x:100:
nobody:x:65534:
...
utmp:x:22:
utempter:x:35:
unbound:x:999:
sshd:x:74:
chrony:x:987:
slocate:x:21:
tcpdump:x:72:
sgx:x:986:
systemd-oom:x:985:
systemd-resolve:x:984:
baeldung:x:1000:

The last column of the output displays a unique group ID for each group.

However, we can use the id command to retrieve the current user’s primary group ID:

$ id -G
1000

The output indicates the group in use has a unique ID of 1000.

Now, let’s create a new group named testgroup with the groupadd command:

$ sudo groupadd testgroup

Further, we can verify the group is available by checking the /etc/group file:

$ grep -w '^testgroup' /etc/group
testgroup:x:1001:

Now that we’ve added a new group to the Linux system, let’s use usermod to add the current user (baeldung) to the group we created:

$ sudo usermod -aG testgroup baeldung

Let’s use the id command to confirm the user has been successfully added to the group:

$ id baeldung
uid=1000(baeldung) gid=1000(baeldung) groups=1000(baeldung),1001(testgroup)

From the output, we can confirm the baeldung user is now a member of testgroup.

However, when we now check the group assignments of the current user with the groups command on a Linux system, testgroup isn’t listed. To get it in that list usually requires restarting the entire system.

4. Reloading User Groups

There are a couple of approaches to reloading user group assignments in Linux without a complete logout-and-login cycle:

  • two-layer newgrp method
  • sg with newgrp method
  • su command

In the following sections, we’ll look at each approach.

4.1. Two-Layer newgrp Method

The newgrp command in Linux enables us to switch group membership during an existing login session. It recognizes only group names with a simple syntax:

$ newgrp <group_name>

Using newgrp, we can switch to a new group while maintaining the original group as the primary group. To demonstrate, let’s switch to testgroup:

$ newgrp testgroup

This command temporarily switches the primary group to testgroup and adds it to the list of groups the current user belongs to. Let’s confirm by executing the groups command:

$ groups
testgroup baeldung

However, the output above shows that testgroup is now the first group listed. Hence, it’s now considered the primary group. To fix this, we can execute newgrp on the original group name:

$ newgrp baeldung

Then, we confirm that the changes have been updated:

$ groups
baeldung testgroup

As seen above, the output confirms the primary group remains unchanged.

However, this approach creates multiple shells as each call to newgrp creates a new shell.

To resolve this issue, we can switch to a new group with the exec command:

$ exec newgrp <group_name>

This command permanently replaces the current shell with another running under the group’s privileges. Exiting from this new shell logs us out completely, as there’s no original shell to return to.

4.2. sg With newgrp Method

The sg command is similar to newgrp but offers more flexibility. It enables the execution of a specific command with the privileges of a different group without changing the primary group or launching a new shell:

$ sg <group_name> -c <command>

Using a similar approach to the two-layer newgrp method, we can use sg to reload the user groups in a one-liner:

$ exec sg testgroup -c "newgrp `id -gn`"

The above command uses sg to launch a new shell with the original primary group and updates the group list with testgroup as a secondary group. Again, we can verify by executing the groups command:

$ groups
baeldung testgroup

As seen above, we successfully reloaded the user’s group assignments using the sg command.

4.3. su Command

The su command lets us switch between user accounts on a Linux machine. However, an unconventional approach utilizing the su command can reload group memberships.

The idea is to switch to the already logged-in user by also adding a dash:

$ su - $USER

The above command reloads the group assignments. Running the groups command confirms the group assignments reload:

$ groups
baeldung testgroup

However, unlike the previous two methods, this approach prompts us to enter the password for the user account.

5. Conclusion

In this article, we’ve explored various methods for reloading user group assignments without logging out of the Linux machine.

While the two-layer newgrp method is a good approach, it alters the primary group, which is rarely desired. On the other hand, the sg command method is often safer as it doesn’t modify the primary group. Lastly, frequently using the su command to reload group memberships becomes inefficient because it might require entering the user password every time.

By fully understanding these approaches, we can reload user group assignments on Linux without a complete login-and-logout cycle.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments