1. Introduction
Group and user management is a core part of Linux administration. As such, knowing the different commands that are common for the area can be invaluable. For example, the groupdel command is a Linux system utility that a system administrator can use to delete an existing Linux group. It’s part of the shadow tools package.
In this tutorial, we’ll look at groupdel, its general usage, and some practical examples.
2. Usage
The groupdel command uses a fairly common syntax:
groupdel [options] group-name
Notably, the command requires administrator privileges. To demonstrate its basic application, let’s add a group called demo. We can do this using the groupadd command:
$ groupadd demo
Before deleting a group, we can also list all available groups via the contents of the /etc/group file:
$ cat /etc/group
In this case, the newly created group (demo) should be at the end of the file. Now, let’s delete the demo group:
$ sudo groupdel demo
After the deletion is complete, we won’t see any output on the terminal. In general, when we run this command, the system edits the files below:
- /etc/group: details for each group with lines being group entries containing name, password, group ID, and the member users
- /etc/gshadow: encrypted group passwords
Consequently, the result is that the OS removes the group details if it exists. Otherwise, it returns an error. Now, to verify that the group is indeed removed, we can check for it using the getent command:
$ getent group | grep demo
If an entry still exists for the group in the /etc/group file, we should see data about it displayed. Otherwise, we should have no output. Of course, this basic grep filter can return false positives, but it can be refined as needed.
When deleting a group, the operation might sometimes fail. In some of these instances, we can force this action using the -f (–force) option. If that doesn’t work, we can inspect the specific failure reason via the exit status.
3. Exit Status
After running groupdel, it may sometimes not return an output. As usual, we can see the code with which the command exited via the special $? variable:
$ echo $?
This exit status can have one of several values:
Exit Сtatus
Meaning
0
success
2
invalid command syntax
6
specified group doesn’t exist
8
can’t remove the user’s primary group
10
can’t update group file
Knowing the status, we can decode whether there was an error and what caused it.
4. groupdel vs. delgroup
On Debian-based systems like Ubuntu, the delgroup command may also be available for deleting Linux groups. The usage of the command is similar to that of groupdel. In short, to delete a group called demo, we replace groupdel with delgroup:
$ delgroup demo
Unlike groupdel, which is part of the shadow package, delgroup is a script that removes users and groups based on configurations in the /etc/deluser.conf file. This file defines the available options and defaults when using delgroup.
5. Security Considerations
Let’s see some precautions we need to consider before deleting a group.
5.1. Precautionary Measures
The type of group to which existing members belong is an important aspect to consider before removing a group. To begin with, a primary group is a group that enables a user to access files on the system. So, primary groups are the ones assigned to filesystem objects that a user creates.
Still, all groups, including secondary ones, that the user belongs to can provide that user with access to other filesystem objects. It’s important to note that a user can only have one primary group. Because of this, deleting a user’s primary group can have serious consequences – a user may lose access to the filesystem. We can check for all the groups the current user belongs to using the groups command:
$ groups
Deleting any user group can make them lose their permissions to access certain services or applications. Therefore, before we delete a group, it’s a good practice to check the group type associated with the members. We can also ensure repeatability by having a clear security policy in the organization.
5.2. Strengthening Access Control
Before deleting a group, it may be necessary for us to consider other access management options such as updating user privileges or using the principle of least privilege to assign access rights. This may be more sustainable in the long run.
6. Conclusion
In this article, we’ve seen how to delete groups in Linux. Apart from the basic practical examples, we also discussed why we might need to take some precautions before undertaking this action.