groupadd命令

回到手册索引

命令用途

groupadd 是一个用于在 Linux 系统中创建新用户组的命令。通过该命令，管理员可以轻松地添加新的用户组并设置相关属性。

常用用法示例

1. 创建一个新用户组

   groupadd developers

   此命令会在系统中创建一个名为 developers 的新用户组。

2. 指定 GID 创建用户组

   groupadd -g 1010 testers

   此命令创建了一个名为 testers 的用户组，并指定了其 GID（组 ID）为 1010。

3. 强制创建系统组

   groupadd -r admins

   此命令创建了一个名为 admins 的系统组。系统组通常用于运行系统服务，其 GID 范围通常较小。

4. 检查是否已存在同名组

   groupadd -f backup

   如果组 backup 已经存在，则不会报错，也不会覆盖原有组。

5. 创建一个带有特定密码的组

   groupadd -p $(openssl passwd -1 mypassword) securegroup

   此命令创建了一个名为 securegroup 的组，并为其设置了加密密码。

6. 查看创建组后的 /etc/group 文件

   groupadd engineers && cat /etc/group | grep engineers
   engineers:x:1001:

   此命令创建了 engineers 组，并通过 cat 和 grep 查看 /etc/group 文件中新增的条目。

7. 创建一个非标准 GID 范围的组

   groupadd -K GID_MIN=2000 -K GID_MAX=2999 customgroup

   此命令创建了一个名为 customgroup 的组，其 GID 被限制在 2000-2999 范围内。

8. 尝试创建一个无效的组名

   groupadd -g 100 invalid-group!
   groupadd: invalid group name 'invalid-group!'

   此命令尝试创建一个包含非法字符的组名，导致命令失败并返回错误信息。

常用参数选项

• -g, –gid GID
  指定新组的 GID（组 ID）。例如：groupadd -g 1010 testers。

• -r, –system
  创建一个系统组。系统组通常用于运行系统服务，其 GID 范围较小。

• -f, –force
  强制创建组。如果组已经存在，则不会报错。

• -p, –password PASSWORD
  为新组设置加密密码。例如：groupadd -p $(openssl passwd -1 mypassword) securegroup。

• -K, –key KEY=VALUE
  覆盖默认的 /etc/login.defs 配置文件中的值。例如：groupadd -K GID_MIN=2000 -K GID_MAX=2999 customgroup。

• -o, –non-unique
  允许创建具有非唯一 GID 的组。例如：groupadd -g 1000 -o duplicategroup。

• -h, –help
  显示帮助信息并退出。例如：groupadd –help。

• -R, –root CHROOT_DIR
  在指定的根目录（chroot 环境）中应用更改。例如：groupadd -R /mnt/chroot newgroup。

原厂文档

NAME
       groupadd - create a new group

SYNOPSIS


       groupadd [OPTIONS] NEWGROUP

DESCRIPTION
       The groupadd command creates a new group account using the values
       specified on the command line plus the default values from the system.
       The new group will be entered into the system files as needed.

       Groupnames may contain only lower and upper case letters, digits,
       underscores, or dashes. They can end with a dollar sign. Dashes are not
       allowed at the beginning of the groupname. Fully numeric groupnames and
       groupnames . or .. are also disallowed.

       Groupnames may only be up to 32 characters long.

OPTIONS
       The options which apply to the groupadd command are:

       -f, --force
           This option causes the command to simply exit with success status if
           the specified group already exists. When used with -g, and the
           specified GID already exists, another (unique) GID is chosen (i.e.
           -g is turned off).

       -g, --gid GID
           The numerical value of the group's ID.  GID must be unique, unless
           the -o option is used. The value must be non-negative. The default is
           to use the smallest ID value greater than or equal to GID_MIN and
           greater than every other group.

           See also the -r option and the GID_MAX description.

       -h, --help
           Display help message and exit.

       -K, --key KEY=VALUE
           Overrides /etc/login.defs defaults (GID_MIN, GID_MAX and others).
           Multiple -K options can be specified.

           Example: -K GID_MIN=100  -K GID_MAX=499

           Note: -K GID_MIN=10,GID_MAX=499 doesn't work yet.

       -o, --non-unique
           permits the creation of a group with an already used numerical ID. As
           a result, for this GID, the mapping towards group NEWGROUP may not be
           unique.

       -p, --password PASSWORD
           defines an initial password for the group account. PASSWORD is
           expected to be encrypted, as returned by crypt (3).

           Without this option, the group account will be locked and with no
           password defined, i.e. a single exclamation mark in the respective
           field of ths system account file /etc/group or /etc/gshadow.

           Note: This option is not recommended because the password (or
           encrypted password) will be visible by users listing the processes.

           You should make sure the password respects the system's password
           policy.

       -r, --system
           Create a system group.

           The numeric identifiers of new system groups are chosen in the
           SYS_GID_MIN-SYS_GID_MAX range, defined in login.defs, instead of
           GID_MIN-GID_MAX.

       -R, --root CHROOT_DIR
           Apply changes in the CHROOT_DIR directory and use the configuration
           files from the CHROOT_DIR directory. Only absolute paths are
           supported.

       -P, --prefix PREFIX_DIR
           Apply changes to configuration files under the root filesystem found
           under the directory PREFIX_DIR. This option does not chroot and is
           intended for preparing a cross-compilation target. Some limitations:
           NIS and LDAP users/groups are not verified. PAM authentication is
           using the host files. No SELINUX support.

       -U, --users
           A list of usernames to add as members of the group.

           The default behavior (if the -g, -N, and -U options are not
           specified) is defined by the USERGROUPS_ENAB variable in
           /etc/login.defs.

CONFIGURATION
       The following configuration variables in /etc/login.defs change the
       behavior of this tool:

       GID_MAX (number), GID_MIN (number)
           Range of group IDs used for the creation of regular groups by
           useradd, groupadd, or newusers.

           The default value for GID_MIN (resp.  GID_MAX) is 1000 (resp. 60000).

       MAX_MEMBERS_PER_GROUP (number)
           Maximum members per group entry. When the maximum is reached, a new
           group entry (line) is started in /etc/group (with the same name, same
           password, and same GID).

           The default value is 0, meaning that there are no limits in the
           number of members in a group.

           This feature (split group) permits to limit the length of lines in
           the group file. This is useful to make sure that lines for NIS groups
           are not larger than 1024 characters.

           If you need to enforce such limit, you can use 25.

           Note: split groups may not be supported by all tools (even in the
           Shadow toolsuite). You should not use this variable unless you really
           need it.

       SYS_GID_MAX (number), SYS_GID_MIN (number)
           Range of group IDs used for the creation of system groups by useradd,
           groupadd, or newusers.

           The default value for SYS_GID_MIN (resp.  SYS_GID_MAX) is 101 (resp.
           GID_MIN-1).

FILES
       /etc/group
           Group account information.

       /etc/gshadow
           Secure group account information.

       /etc/login.defs
           Shadow password suite configuration.

CAVEATS
       You may not add a NIS or LDAP group. This must be performed on the
       corresponding server.

       If the groupname already exists in an external group database such as NIS
       or LDAP, groupadd will deny the group creation request.

EXIT VALUES
       The groupadd command exits with the following values:

       0
           success

       2
           invalid command syntax

       3
           invalid argument to option

       4
           GID is already used (when called without -o)

       9
           group name is already used

       10
           can't update group file

SEE ALSO
       chfn(1), chsh(1), passwd(1), gpasswd(8), groupdel(8), groupmod(8),
       login.defs(5), useradd(8), userdel(8), usermod(8).