How to remove user from groups in Linux
In Linux and Linux or any multi-user system, a user inherits the group's privileges that the user is a member. When a user's role in the real world changes, the group membership for the user in the system needs to change accordingly. The user could be added to new groups while being removed from some of the current groups.
Related: How to add user to group in Linux
Local user and group settings in Linux are stored in /etc/passwd and /etc/group files. User can be removed from groups by editing these files but is not advisable as a misconfiguration could cause the whole system to be unusable.
The user's primary group can be changed using usermod utility while gpasswd can be used to remove the user from a group. Both are command-line utilities and come standard in all Linux systems.
Steps to remove user from group in Linux:
-
Launch terminal.
-
Get the list of users for your system.
$ getent passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin systemd-network:x:101:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin messagebus:x:103:106::/nonexistent:/usr/sbin/nologin syslog:x:104:110::/home/syslog:/usr/sbin/nologin _apt:x:105:65534::/nonexistent:/usr/sbin/nologin tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false uuidd:x:107:114::/run/uuidd:/usr/sbin/nologin tcpdump:x:108:115::/nonexistent:/usr/sbin/nologin avahi-autoipd:x:109:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/usr/sbin/nologin usbmux:x:110:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin rtkit:x:111:118:RealtimeKit,,,:/proc:/usr/sbin/nologin dnsmasq:x:112:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin avahi:x:113:120:Avahi mDNS daemon,,,:/run/avahi-daemon:/usr/sbin/nologin cups-pk-helper:x:114:121:user for cups-pk-helper service,,,:/home/cups-pk-helper:/usr/sbin/nologin speech-dispatcher:x:115:29:Speech Dispatcher,,,:/run/speech-dispatcher:/bin/false kernoops:x:116:65534:Kernel Oops Tracking Daemon,,,:/:/usr/sbin/nologin saned:x:117:123::/var/lib/saned:/usr/sbin/nologin nm-openvpn:x:118:124:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin whoopsie:x:119:125::/nonexistent:/bin/false colord:x:120:126:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin sssd:x:121:127:SSSD system user,,,:/var/lib/sss:/usr/sbin/nologin geoclue:x:122:128::/var/lib/geoclue:/usr/sbin/nologin pulse:x:123:129:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin hplip:x:124:7:HPLIP system user,,,:/run/hplip:/bin/false gnome-initial-setup:x:125:65534::/run/gnome-initial-setup/:/bin/false gdm:x:126:131:Gnome Display Manager:/var/lib/gdm3:/bin/false user:x:1000:1000:user,,,:/home/user:/bin/bash systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin shakir:x:1001:1000:shakir,,,:/home/shakir:/bin/bash
-
View the groups that a user is currently assigned to.
$ groups shakir shakir : user sudo finance
First group in the list (user in this case) is the primary group for the user.
-
Change primary group of a user.
$ sudo usermod -g finance shakir [sudo] password for user:
-
Remove user from a group.
$ sudo gpasswd -d shakir sudo Removing user shakir from group sudo
-
View groups that a user is currently a member of to confirm.
$ groups shakir shakir : finance user