How to List Groups in Linux and Check User Group Membership

In linux | Tags: #Linux Groups, #Linux Administration, #Linux Commands, #System Administration
How to List Groups in Linux and Check User Group Membership

Tested on: Ubuntu 24.04 LTS, Debian 12, Rocky Linux 9, AlmaLinux 9, Fedora 40, and CentOS Stream 9. These commands work on most modern Linux distributions.

Linux groups are used to organize users and manage access permissions for files, directories, and system resources. Administrators often need to list groups, check group membership, or identify users belonging to specific groups.

Linux provides several commands and configuration files that allow you to retrieve group information from both local systems and centralized authentication services.

Quick Reference: List Groups in Linux

TaskCommand
List all groups on the systemgetent group
List only group namescut -d: -f1 /etc/group
Show groups for current usergroups
Show groups for specific usergroups username
Display group IDs for a userid username
Display only group names for a userid -Gn username
Display only group IDs for a userid -G username
Show primary group of a userid -gn username
List users belonging to a groupgetent group groupname
Extract users from /etc/groupgrep groupname /etc/group
Count total number of groupsgetent group | wc -l
List groups using bash shellcompgen -g
Show groups of logged-in userid -nG
Check if a group existsgetent group groupname
Display group ID of a groupgetent group groupname | cut -d: -f3

List All Groups on a Linux System

Retrieve all groups using getent

The getent command retrieves group information from the system databases configured in /etc/nsswitch.conf.

getent group

Example output:

root:x:0:
daemon:x:1:
sudo:x:27:john
developers:x:1001:alice,bob

This command retrieves groups from multiple sources such as:

  • local /etc/group file
  • LDAP directories
  • Active Directory or other centralized authentication services

Because it queries NSS databases, getent is usually the most reliable way to list groups on Linux.

Extract group names from /etc/group

Group information is stored locally in the /etc/group file. Each line represents a group entry.

To display the file:

cat /etc/group

Example entry:

sudo:x:27:john,alice

To display only group names:

cut -d: -f1 /etc/group

Example output:

root
daemon
sudo
developers
docker

You can also extract group names using awk.

awk -F: '{print $1}' /etc/group

List groups using compgen

Another method to list groups is using the Bash built-in command compgen.

compgen -g

Example output:

root
daemon
sudo
developers
docker

This command retrieves groups known to the shell environment.

Count total number of groups on the system

Administrators may want to determine how many groups exist on a system.

To count groups using the NSS database:

getent group | wc -l

Example output:

85

To count groups stored locally:

cat /etc/group | wc -l

Check Groups for a Specific User

Display groups using groups command

The groups command lists all groups associated with a user.

groups username

Example:

groups john

Output:

john : john sudo developers docker

If no username is provided, the command displays groups for the current user.

groups

Show group IDs and membership using id

The id command displays detailed identity information for a user.

id username

Example:

id john

Output:

uid=1001(john) gid=1001(john) groups=1001(john),27(sudo),1002(developers)

This command shows:

  • user ID
  • primary group ID
  • all secondary groups

Display only group names with id -Gn

If you only want to display group names without additional details:

id -Gn username

Example output:

john sudo developers docker

This option is useful when scripting or automating group checks.

Identify primary group of a user

Each user has a primary group that is assigned when the account is created.

To display the primary group:

id -gn username

Example:

id -gn john

Output:

john

List Users Belonging to a Specific Group

Display group members using getent group

The getent command can retrieve membership details for a specific group.

getent group groupname

Example:

getent group sudo

Output:

sudo:x:27:john,alice

The last field contains the list of users belonging to that group.

Extract users from /etc/group file

You can also check group membership directly from the /etc/group file.

grep groupname /etc/group

Example:

grep sudo /etc/group

Output:

sudo:x:27:john,alice

To display only the usernames:

grep sudo /etc/group | cut -d: -f4

Parse group membership using awk

Using awk, you can extract group members in a more structured way.

awk -F: '/sudo/ {print $4}' /etc/group

Output:

john,alice

This approach is useful when processing group information in scripts.

Identify users in administrative groups

Administrative privileges are typically assigned through groups such as sudo or wheel.

To list users with sudo privileges:

getent group sudo

On Red Hat–based distributions, administrative users are often part of the wheel group.

getent group wheel

Reviewing these groups helps administrators verify which users have elevated permissions.

Identify Administrative Groups

List users in sudo group

On Debian and Ubuntu systems, administrative privileges are usually granted through the sudo group.

To list users in the sudo group:

getent group sudo

Example output:

sudo:x:27:john,alice

Users listed here can execute commands with elevated privileges using sudo.

List users in wheel group

On many Red Hat–based distributions such as CentOS, Rocky Linux, and AlmaLinux, the wheel group is used for administrative access.

To list users in the wheel group:

getent group wheel

Example output:

wheel:x:10:john,admin

Identify privileged accounts in system

To identify all users with administrative privileges, inspect both sudo and wheel groups.

getent group sudo
getent group wheel

If users appear in these groups, they may have permission to run administrative commands on the system.

Display Primary and Secondary Groups

In Linux, every user belongs to at least one group. This is known as the primary group. Users can also belong to additional groups called secondary groups, which grant additional permissions.

Understanding primary and secondary groups helps administrators troubleshoot permission issues and manage access control.

Understand primary group of a user

The primary group is the default group assigned when a user account is created. Files created by the user typically inherit this group.

To display the primary group of a user:

id -gn username

Example:

id -gn john

Output:

john

You can also view this information with the full id command:

id username

Example output:

uid=1001(john) gid=1001(john) groups=1001(john),27(sudo),1002(developers)

Here gid=1001 represents the user's primary group.

Identify secondary groups assigned to a user

Secondary groups provide additional permissions and allow users to access shared resources.

To list all groups associated with a user:

groups username

Example:

groups john

Output:

john : john sudo developers docker

These additional groups are called secondary groups.

You can also display secondary groups using:

id -Gn username

Display group IDs and names

Sometimes administrators need to view group IDs instead of names.

To display group IDs for a user:

id -G username

Example:

id -G john

Output:

1001 27 1002

To display both group IDs and names:

id username

This command provides the most detailed group membership information.

Audit Group Membership for Security

Detect users with elevated privileges

Users with administrative privileges often belong to groups such as sudo or wheel.

To list members of the sudo group:

getent group sudo

Example output:

sudo:x:27:john,alice

On Red Hat–based systems:

getent group wheel

Reviewing these groups helps identify users with elevated system privileges.

Identify groups with multiple members

Groups containing many users may provide access to shared resources.

To display groups with members:

awk -F: '$4 != "" {print $1 ":" $4}' /etc/group

Example output:

sudo:john,alice
developers:bob,charlie

This command helps administrators identify shared-access groups.

Find groups without members

Some groups may exist but have no assigned users.

To locate such groups:

awk -F: '$4 == "" {print $1}' /etc/group

Example output:

games
mail
backup

These groups may be unused or reserved for system services.

Detect unusual group assignments

Administrators should review accounts that belong to multiple high-privilege groups.

To display group membership for all users:

getent group

Reviewing this output can help identify unexpected access privileges.

List Groups from LDAP or Centralized Directory

In enterprise environments, group information may be stored in centralized identity systems such as LDAP, FreeIPA, or Active Directory.

Linux retrieves these groups through the Name Service Switch (NSS) framework.

Retrieve directory groups using getent

The getent command queries all configured group databases.

getent group

Example output:

root:x:0:
sudo:x:27:john
ldapgroup:x:20000:ldapuser

This command returns both local and directory-based groups.

Understand NSS integration with LDAP

The NSS configuration determines how Linux retrieves group information.

To view NSS configuration:

cat /etc/nsswitch.conf

Example configuration entry:

group: files ldap

This means Linux will first check the local /etc/group file and then query the LDAP server.

Differences between local and directory groups

Local groups are stored in:

/etc/group

Directory groups are stored in centralized systems such as:

  • LDAP
  • FreeIPA
  • Active Directory

Commands like getent group allow Linux systems to retrieve groups from both sources seamlessly.

Display Groups for Logged-in Users

Check group membership of active sessions

To list currently logged-in users:

who

Example output:

john    pts/0   2026-03-08 10:15 (192.168.1.10)
alice   pts/1   2026-03-08 10:22 (192.168.1.11)

You can then check group membership for a specific user:

groups john

Display groups for users currently logged in

To automatically check groups for all logged-in users:

for u in $(who | awk '{print $1}'); do groups $u; done

Example output:

john : john sudo developers
alice : alice docker

Combine who and groups commands

Combining login information and group membership can help identify privileged users currently active on the system.

Example workflow:

who
groups username

This approach allows administrators to quickly determine whether logged-in users have administrative privileges or access to sensitive resources.

Common Group Management Tasks

Linux administrators frequently work with groups when managing permissions, shared resources, and access control. The following examples cover common tasks related to Linux group management.

Find group ID of a group

Every Linux group has a Group ID (GID) that uniquely identifies it. You can retrieve the GID using the getent command.

getent group groupname

Example:

getent group sudo

Output:

sudo:x:27:john,alice

In this example, the GID of the sudo group is 27.

To display only the group ID:

getent group sudo | cut -d: -f3

Check if a group exists

Before assigning permissions or adding users, administrators may want to verify whether a group already exists.

getent group groupname

Example:

getent group developers

If the group exists, its entry will be displayed. If not, the command returns no output.

You can also check using:

grep groupname /etc/group

Count number of groups on system

To determine how many groups exist on a system:

getent group | wc -l

Example output:

84

This command counts all groups retrieved through the system database.

To count only local groups stored in /etc/group:

cat /etc/group | wc -l

Display groups created by applications

Many applications create their own groups when installed.

Examples include:

docker
nginx
mysql
ftp

To identify groups created by installed packages:

cut -d: -f1 /etc/group

Administrators can review this list to determine which applications have created service groups on the system.

Overview of Groups in Linux

Groups are an important component of Linux permission management. They allow administrators to organize users and control access to files and system resources.

What is a group in Linux

A Linux group is a collection of users that share the same access permissions. Groups simplify permission management by allowing administrators to assign access rights to multiple users at once.

For example, users in a developers group may have permission to access a shared project directory.

To view groups on the system:

getent group

Difference between primary and secondary groups

Each Linux user has a primary group and may belong to multiple secondary groups.

Primary group:

  • Assigned when the user account is created
  • Used as the default group for files created by the user

Secondary groups:

  • Provide additional access permissions
  • Allow users to collaborate across different teams

To view both primary and secondary groups:

id username

Example output:

uid=1001(john) gid=1001(john) groups=1001(john),27(sudo),1002(developers)

Where Linux stores group information

Group information is stored locally in the /etc/group file.

cat /etc/group

Example entry:

developers:x:1002:john,alice

Fields include:

  • group name
  • password placeholder
  • group ID
  • member usernames

In enterprise environments, groups may also be retrieved from centralized directory services such as LDAP or Active Directory.

Differences Across Linux Distributions

Group management in Ubuntu and Debian

Ubuntu and Debian systems typically assign administrative privileges through the sudo group.

To view members of the sudo group:

getent group sudo

Users listed in this group can run commands with elevated privileges using sudo.

Group management in CentOS and Rocky Linux

Red Hat–based distributions such as CentOS, Rocky Linux, and AlmaLinux usually grant administrative privileges through the wheel group.

To list users in the wheel group:

getent group wheel

System packages may also create additional service groups during installation.

LDAP or FreeIPA group behavior

In enterprise environments using LDAP or FreeIPA, group membership may not be stored locally.

To retrieve groups from centralized directories:

getent group

This command queries all configured sources defined in /etc/nsswitch.conf.

Troubleshooting Group Listing Issues

Why some groups do not appear in /etc/group

If your system uses centralized authentication such as LDAP or Active Directory, some groups may not appear in the /etc/group file.

Instead, these groups are retrieved dynamically through NSS.

To display all groups including directory groups:

getent group

Understanding NSS configuration

The Name Service Switch configuration determines how Linux retrieves group information.

To view NSS configuration:

cat /etc/nsswitch.conf

Look for the group entry:

group: files ldap

This configuration instructs the system to search local files first and then query the LDAP server.

Handling LDAP-based group membership

When LDAP or directory services are used, group membership may be managed externally.

To retrieve directory-based groups:

getent group

If expected groups do not appear, verify that the LDAP client configuration and NSS settings are correct.

Frequently Asked Questions

1. How do I list all groups in Linux?

You can list all groups in Linux using the command getent group or by extracting group names from the /etc/group file.

2. How do I check which groups a user belongs to?

Use the groups username or id username command to display all groups associated with a user.

3. How do I list users in a specific group?

Use getent group groupname or check the /etc/group file to display users belonging to a specific group.

4. Where are Linux group details stored?

Local group information is stored in the /etc/group file. Centralized systems such as LDAP or Active Directory may also provide group data.

5. What is the difference between primary and secondary groups in Linux?

A primary group is the default group assigned to a user, while secondary groups provide additional permissions and access rights.

Summary

Linux groups provide a structured way to manage permissions and control access to system resources. Administrators can use several commands and configuration files to list groups, check group membership, and audit user access.

In this guide we explored multiple methods to list groups in Linux, including retrieving group information using getent, examining the /etc/group file, identifying groups assigned to users, and auditing group membership for security purposes.

We also discussed how Linux handles primary and secondary groups, how centralized authentication systems affect group listings, and how administrators can troubleshoot missing groups.

By understanding these commands and system files, administrators can efficiently manage group membership and maintain secure Linux environments.

Official Documentation

For additional technical details, refer to the official Linux documentation and manual pages.

getent command manual:

man getent

https://man7.org/linux/man-pages/man1/getent.1.html

groups command manual:

man groups

https://man7.org/linux/man-pages/man1/groups.1.html

id command manual:

man id

https://man7.org/linux/man-pages/man1/id.1.html

group file documentation:

https://man7.org/linux/man-pages/man5/group.5.html

Omer Cakmak

Omer Cakmak

Linux Administrator

Highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on OpenStack, KVM, Proxmox, and VMware.

View all posts →

Related Articles

How to List Users in Linux (Complete Guide)

How to List Users in Linux (Complete Guide)