Groups on Linux control who can read, write, or execute shared resources. Understanding how to Linux list all groups — and what each entry means — is foundational to access management on any multi-user machine. This article covers every reliable method, from reading flat files to querying networked directory services.
What Are Groups on a Linux Machine?
Linux supports multiple accounts at once. To keep things organized, it uses groups. A group is a set of accounts that share identical access rights to files, folders, and system tools.
| Type | Description |
|---|---|
| Primary | Each account belongs to exactly one. Assigned at account creation. |
| Secondary | An account can belong to many. Used for granting extra access. |
Groups make permission handling far simpler. Instead of configuring access for each account individually, admins assign rules to an entire group at once. Shared projects also benefit — teammates can read and edit the same files without security headaches. For how the underlying permission model works, see the permission bits on files and directories man page.
Reading /etc/group to Linux List All Groups
The most direct way to Linux list all groups is reading the /etc/group file. Every group on the local machine has an entry here. Each line follows this structure:
| Field | Meaning |
|---|---|
| Group name | Human-readable label |
| Password placeholder | Almost always “x” — modern systems rely on /etc/gshadow |
| GID | Numeric identifier |
| Account list | Comma-separated member names |
Run cat /etc/group to dump everything. For a tidier view, less /etc/group lets you scroll through at your own pace.
To extract only group names, pipe through field extraction with cut
cut -d: -f1 /etc/group
This prints one name per line with no extra noise.
Pulling Group Data With getent to Linux List All Groups
The getent tool queries system databases configured in /etc/nsswitch.conf. It pulls local entries and remote ones from directory services such as LDAP or NIS — something a plain file read cannot do. To Linux list all groups including those from networked sources:
getent group
Output matches the /etc/group format. For a single group’s details, append its name: getent group sudo. The underlying getgroups system call handles how the kernel surfaces supplementary group lists to running processes.
Checking Which Groups an Account Belongs To
Sometimes you need the reverse lookup — which groups does a particular account hold? Two tools handle this well.
The id command displays the UID, primary GID, and every supplementary group:
id username
For a shorter output showing only group names, pass the -Gn flags: id -Gn username.
The groups command offers an even quicker look:
groups username
Both ship with every standard distribution and require no elevated privileges.
Sorting and Filtering Linux Groups by GID
System groups typically carry GIDs below 1000, while user-created ones sit above that threshold. Sort numerically with:
getent group | sort -t: -k3 -n
To isolate only system-level entries, filter with awk’s field separator syntax:
getent group | awk -F: '$3 < 1000' | sort -t: -k3 -n
Linux GID allocation — system groups vs. user-created groups
Changing a GID is possible via the groupmod reference — specifically groupmod -g NEW_GID groupname — but proceed carefully. File ownership ties to the numeric GID, not the name. Run find / -group OLD_GID afterward to locate affected files and update them.
Quick Access Rules for Linux Group Management
Apply the least-privilege principle: grant only the access each group actually needs. Three commands handle the practical work — chmod for read/write/execute rules, chgrp for reassigning group ownership, and setfacl for per-group granular controls on individual files.
Mastering how to Linux list all groups and manage their membership keeps your system tidy and secure as teams and projects change over time.
FAQs
How do I Linux list all groups on my system?
Run getent group to list all groups including those from LDAP or NIS, or cat /etc/group for local groups only. To show names alone, use cut -d: -f1 /etc/group.
What is the difference between primary and secondary groups in Linux?
Each account has exactly one primary group, assigned at creation. Secondary groups are optional additions that grant extra file access. An account can belong to multiple secondary groups at the same time.
What command shows which groups a specific user belongs to?
Use groups username for a quick name list, or id username for full details including UIDs and GIDs. Both commands work without root privileges on any standard distribution.
How do I list only system groups in Linux?
Run getent group | awk -F: '$3 < 1000'. System groups on most distributions use GIDs below 1000. Pipe through sort -t: -k3 -n to order results by GID.
Where are Linux group definitions stored?
Local group data lives in /etc/group. Encrypted passwords, if configured, go in /etc/gshadow. Groups from LDAP or NIS do not appear in these files but are accessible via getent group.
Willie has over 15 years of experience in Linux system administration and DevOps. After managing infrastructure for startups and enterprises alike, he founded Command Linux to share the practical knowledge he wished he had when starting out. He oversees content strategy and contributes guides on server management, automation, and security.