What does 'sudo usermod -a -G group $USER' do on Linux?
In our posts, especially posts likeĀ Solving Docker permission denied while trying to connect to the Docker daemon socket you can often see commands like
sudo usermod -a -G docker $USER
But what does this command actually do on your system?
Let’s break it down:
sudo
means: Run this command as root. This is required for usermod since usually only root can modify which groups a user belongs tousermod
is a command that modifies the system configuration for a specific user ($USER
in our example - see below). See the manpage documentation for more details on what you can do with it!-a
is a shortcut for--append
: It means append the group to the list of groups the user belongs to!-G
is a shortcut for--groups
: It tells usermod that the next argument is a group. Note that you need to use a capital-G
here because we don’t want to modify the user’s primary group but the list of supplemental groups the user belongs to. See the Primary and supplemental groups section below for more details.docker
is the group we want to add$USER
to. This could be any Linuxgroup
, provided that it exists. Useless /etc/group
to have a look at all the groups that exist!$USER
is the user that we want to modify.$USER
is a shell shortcut for the user that is running the command. This works even when usingsudo
(i.e. if your user is nameduli
and you are runningsudo usermod -a -G docker $USER
, the user uli will be added to the docker group, not the user root even though the command is run as root). You can also use a specific username instead of $USER, e.g.sudo usermod -a -G docker john
to add the userjohn
to the docker group
Primary and supplemental groups
When you browse through the usermod manpage, you’ll see there’s -G
which adds a group to a user’s list of supplementary groups, and there’s -g
which modifies a user’s primary group.
The pragmatic answer is: If you need to ask, you’ll always need to use -G
.
Having to modify the primary group of a user is extremely rare in my experience. The purpose of primary groups existing is mainly that if you create a file, Linux needs to know which group it belongs to by default (i.e. if you don’t explicitly specify a group).
See this AskUbuntu post for more details on the purpose of primary and supplemental groups.