A group is a collection object in the Linux operating system, which associates certain properties and access control to all its members. It is an efficient way for a system administrator to manage Access Control for its users.

Groups are an important tool for a system administrator to maintain many aspects of the system such as defining roles for users efficiently, defining Access control, etc. Thus, knowing how to add, remove, and update users in a group is an important skill that a user/administrator should have.

In this article, we shall learn different methods to remove all members from a group in a Linux system, without deleting the group itself.

Pre-requisites

• A Linux machine with root privileges.
• gpasswd command installed in the system.
• Basic understanding of Linux terminal and shell scripting.

Removing all users from a group using the gpasswd command

The gpasswd command is used in Linux systems for managing groups. We can use this command to perform various purposes such as editing group properties, removing users, etc. Its syntax is:

gpasswd [options...] <groupname>

We need to delete users from this group so, we can use the -d option followed by the username(s):

gpasswd -d <username(s)> <groupname>

Step 1: Checking all the members of the group(Optional)

We will verify the present users before removing them from the group. In this article, we shall use the group geek. Now, the listing of users can be done by the following command.

getent group geek
from

This command displays information about the group from the /etc/group file and displays the lines specific to the given group. You can replace the ‘geek’ username with the group you need to remove all users from.

Output:

Step 2: Create a script to remove all users from a group.

Now, we shall remove all users from this group. The process is not straightforward as there is no command to remove all users at once from a group. So, we shall create a script that fetches all users of the group and deletes them, one at a time. We shall use the for loop in the bash script to achieve this goal.

Create a bash script and add the following code to it:

#!/bin/bash

group=$1

for user in $(getent group "$group" | cut -d: -f4 | tr ',' ' '); do
    gpasswd -d "$user" "$group"
done

Code Explanation:

• Here, we take the group name as the first positional argument from command execution and save it in a variable.
• Then, we start a for loop which iterates over the given object.
• The object passed to the for loop, $(getent group “$group” | cut -d: -f4 | tr ‘,’ ‘ ‘) fetches the usernames from the output of the getent command as shown in step 1.
• Then, it fetches the comma-separated usernames using the the cut command.
• Finally, it replaces the ‘,’ with a ‘ ‘ (blank space) to make the object iterable.
• Doing this is necessary as a loop can iterate over an array only.
• Then, (assuming you are using the root user, if not then add the prefix sudo) we run the gpasswd command using the above-mentioned syntax and delete users one at a time.

Step 3: Make the script file executable.

Now, you have to give the file execute permissions in order for it to run. We have saved the file as the name remove_all_users_group.sh, you can use any name you want. To provide the executable permissions, type the following command.

chmod +x <your script file's name>

Step 4: Executing the script.

Now, to execute the script, you need to pass the group name as a positional argument to the script like the following:

./remove_all_users_group.sh geek

Then, press enter,

On successful execution, the gpasswd command will give the success alert for each user present.

Step 5: Verifying the execution(Optional)

You can verify whether all users are removed from the group or not with the same intent command as used in step-1.

getent group geek

Output:

As we can verify from this, there is no user present in the group anymore.

Method 2: Editing the /etc/group file

In this method, we shall learn how to remove all the users from a group by editing the /etc/group file. This file contains details of all groups. So, we shall use the following approach.

1. Open the file in an editor with root permissions.
2. Find the line that contains the users of the group we need to edit.
3. Remove all usernames from the line without removing the entire line.
4. Save the changes and verify the result.

Step 1: Opening the /etc/group file

We shall use the nano editor to open the file in this example, however, you can use any editor of your choice.

nano /etc/group

This will open the file in the editor.

Here, we can see the geek group. We shall delete the users in the next step.

Step 2: Removing the user names from the geek group

As we can see the syntax in the group file is as follows

<groupname>:x:<GID>:[users...]

Now, the first 3 fields contain the information about the group such as group name, and group ID. The last field contains all its users’ names separated by ‘,’. We need to remove all the user names from this line without removing any delimiter ‘:’. You can do this by navigating to the line entry corresponding to your group and editing it like any normal file.

After editing, the line should look like this:

Now, you can save this file by pressing the following key combination in order:

1. `Ctrl + S` (For saving the edition in the file).
2. `Ctrl + X` (For exiting the editor).

Step 3: Verifying the results

We can verify the result of this method as we did of the previous method, by executing the following command:

getent group geek

Output:

As we can see, there are no users present in this group anymore.

Conclusion

In this article, we explained how to remove all member users from a group in linux. We used the gpasswd command to remove all users. We created a custom script to remove all users from the group as gpasswd only allows one user removal at a time and it does not support the wildcard (*) syntax either.

Then, we learned how to directly edit the /etc/group file to remove all users from a group. Lastly, we verified the successful execution of our script.