Typing `getent group` into your terminal prints each group name along with its members and group ID. If you are new to Linux or just need a refresher, understanding **how to list groups in linux** is a fundamental skill for managing users and permissions. Groups help you control access to files, directories, and system resources efficiently. This guide covers every practical method to list groups, from simple commands to advanced filtering techniques.
You might be wondering why you need to list groups at all. Groups simplify permission management. Instead of setting permissions for each user individually, you add users to a group and assign permissions to that group. Knowing the current groups and their members helps you troubleshoot access issues, audit security, or plan new user setups.
Let’s start with the most common commands. Each method has its own use case, and I’ll show you exactly when to use each one. By the end of this article, you will confidently list groups on any Linux system.
How To List Groups In Linux
The quickest way to see all groups on your system is with the `getent group` command. This command queries the Name Service Switch (NSS) libraries, which means it works with local files, LDAP, or other backends. It prints every group name, its group ID (GID), and the list of members.
getent groupThis output can be long, especially on systems with many users. You can pipe it to `less` or `more` to scroll through it:
getent group | lessAnother classic method is reading the `/etc/group` file directly. This file stores local group information. Use `cat`, `less`, or `head` to view it:
cat /etc/groupThe format is the same: group name, password placeholder (usually `x`), GID, and a comma-separated list of members. If your system uses LDAP or other network authentication, `/etc/group` might not show all groups. That’s why `getent` is more reliable for complete results.
Using The Groups Command For Current User
To see which groups your current user belongs to, simply type:
groupsThis prints a space-separated list of group names. For example, output might look like:
alice adm cdrom sudo dip plugdev lpadmin sambashareYou can also check groups for another user by passing their username as an argument:
groups bobThis command is quick but doesn’t show GIDs or other details. It’s perfect for a fast check.
Listing Groups With The Id Command
The `id` command provides more detailed information. Without arguments, it shows your user ID (UID), primary group ID, and all supplementary groups:
idOutput example:
uid=1000(alice) gid=1000(alice) groups=1000(alice),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare)To see groups for a specific user:
id bobThe `-nG` flags show only group names, no numbers:
id -nGThis is similar to the `groups` command but gives you more control over formatting.
Filtering Groups By User
Sometimes you need to list all groups that a particular user belongs to. The `groups` and `id` commands work well for one user. But what if you want to find all users in a specific group? Use `getent group` with `grep`:
getent group sudoThis shows the sudo group line, including its members. To extract just the member list:
getent group sudo | cut -d: -f4You can also use `members` command if installed (part of the `members` package on Debian/Ubuntu):
members sudoFor a more comprehensive list of all groups a user is in, combine `getent` with `grep` and the username:
getent group | grep aliceThis shows every group line that contains “alice”. Be careful: if a username appears in another group’s member list, it will show that group too. That’s usually what you want.
Listing Groups With The Groupmems Command
The `groupmems` command is part of the shadow utilities and lets you list members of a group. It’s less common but useful for scripting:
groupmems -g sudo -lThis lists all members of the sudo group. The `-l` flag stands for “list”. You need appropriate permissions to run this command.
Using Awk And Cut For Custom Output
If you want only group names without GIDs or members, use `awk`:
awk -F: '{print $1}' /etc/groupOr with `getent`:
getent group | awk -F: '{print $1}'To get group names and GIDs only:
getent group | awk -F: '{print $1 ":" $3}'The `cut` command is another option. To extract the first field (group name):
cut -d: -f1 /etc/groupThese methods are great for feeding into scripts or further processing.
Checking Primary Group For A User
Every user has a primary group, which is stored in `/etc/passwd`. To see a user’s primary group:
id -gn aliceOr using `getent passwd`:
getent passwd alice | cut -d: -f4The fourth field is the GID. You can then look up the group name:
getent group | grep :$(getent passwd alice | cut -d: -f4):This is a bit complex but gives you the primary group name for any user.
Listing All Groups On A System With Compgen
The `compgen` command is a bash built-in that can list all available groups. It’s often used for tab completion, but you can use it directly:
compgen -gThis prints every group name, one per line. It’s fast and doesn’t require reading files. However, it might not show groups from network sources if they aren’t cached.
Using The Groups File For Local Groups Only
If you are sure your system only uses local groups, `/etc/group` is your friend. You can count how many groups exist:
wc -l /etc/groupTo see groups with no members:
awk -F: '$4 == ""' /etc/groupThis is useful for cleanup tasks. Groups without members might be leftover from removed packages or users.
Listing Groups In A Docker Container
Inside a Docker container, the same commands work. But containers often have minimal installations. The `getent` command might not be available. In that case, use:
cat /etc/groupOr install the `getent` package if needed. For Alpine-based containers, use `apk add shadow` to get `groupmems` and other tools.
Common Pitfalls And Troubleshooting
One common issue is that `groups` command might not show all groups if the user’s group membership is cached. Logging out and back in refreshes the session. Also, if you use LDAP or Active Directory, `getent` is your best bet because it queries all configured sources.
Another pitfall: the `/etc/group` file might have lines with no members (just a colon at the end). That’s normal for system groups. Don’t be alarmed if you see many empty member lists.
If you get a “Permission denied” error when reading `/etc/group`, you might not have root access. Regular users can usually read it, but some systems restrict it. Use `sudo` if needed.
Scripting With Group Lists
You can use group listing in scripts to automate user management. For example, to add a user to all groups that another user belongs to:
groups alice | tr ' ' '\n' | tail -n +2 | while read group; do
sudo usermod -aG "$group" bob
doneThis takes the group list from `groups alice`, converts spaces to newlines, skips the first line (which is the username), and adds bob to each group. Be careful with this—it can give bob extensive permissions.
To list all users in a group for reporting:
getent group sudo | cut -d: -f4 | tr ',' '\n'This prints each member on a separate line, making it easy to process.
Understanding Group Types
Linux has primary groups and supplementary groups. A user’s primary group is set in `/etc/passwd`. Supplementary groups are listed in `/etc/group`. When a user creates a file, it’s owned by their primary group by default. Supplementary groups give additional access rights.
System groups (GID < 1000 typically) are for services and system accounts. User groups (GID >= 1000) are for regular users. Knowing this helps you interpret the output.
Using Getent With Other NSS Sources
If your system uses systemd-homed or SSSD, `getent group` still works because it queries NSS. You can check which sources are configured in `/etc/nsswitch.conf`. Look for the line:
group: compat systemdThis tells you the order of lookups. `getent` follows this order, so you get a complete view.
Quick Reference Table
| Command | What It Shows | Example |
|---|---|---|
| `getent group` | All groups with GID and members | `getent group | grep sudo` |
| `cat /etc/group` | Local groups only | `cat /etc/group` |
| `groups` | Groups for current user | `groups alice` |
| `id` | UID, GID, and all groups | `id bob` |
| `compgen -g` | All group names (bash) | `compgen -g` |
| `groupmems -g |
Members of a group | `groupmems -g sudo -l` |
Frequently Asked Questions
How do I list all groups a user belongs to in Linux?
Use the `groups` command followed by the username, e.g., `groups alice`. Or use `id alice` for more detail including GIDs.
What is the difference between getent group and cat /etc/group?
`getent group` queries all configured name services (like LDAP), while `cat /etc/group` only shows local groups. Use `getent` for a complete list.
Can I list groups without using the terminal?
Some desktop environments have graphical user management tools. For example, on GNOME, you can use “Users” settings. But the terminal is faster for bulk operations.
How do I see which users are in a specific group?
Run `getent group
Why does the groups command show different results than getent group?
The `groups` command shows only the groups for a specific user, while `getent group` lists all groups on the system. They serve different purposes.
Now you have a complete toolkit for listing groups in Linux. Start with `getent group` for a full overview, use `groups` for quick user checks, and combine commands with `grep` or `awk` for custom filtering. Practice these commands on your system to become comfortable. Group management is a core sysadmin skill, and listing groups is the first step.
Remmeber to check your system’s specific configuration if you use network authentication. The commands here work on most Linux distributions, including Ubuntu, Debian, Fedora, CentOS, and Arch Linux. If you encounter any issues, refer to the man pages (`man getent`, `man groups`, `man id`) for more options.
Final tip: combine group listing with user creation scripts to automate onboarding. For example, you can create a script that adds a new user to all standard groups based on a template. This saves time and reduces errors.
Go ahead and try listing groups on your system right now. Open a terminal and type `getent group | head -10` to see the first ten groups. You’ll quickly see how powerful and simple this task realy is.