Delete every users from a group












2















I search a clean way to delete every users from the 'sudo' group. On several distributions the user created during the installation process has sudo rights, I don't want this. I search for an automated method working for (nearly) every situations.



Basically, I want to empty a group.



To remove every users : GROUP=my_group; for u in $(getent group $GROUP | sed -e 's/^.*:.*:.*://' -e 's/,/ /g'); do echo gpasswd --delete $u $GROUP; done

This command line works :

1. if the group doesn't exist

2. if the group is empty

3. if the group contains one user

4. if the group contains several users

So everything is okay. But is their something simplier ?



Another way is to delete the group, and recreate it. Ugly ?






bash users group







share|improve this question























  • How about just deleting the group and then recreating it?

    – jordanm
    Dec 18 '12 at 19:32











  • Either make sure you have the root password set, or better leave at least one user in the sudo group that can keep this privilege. Also make sure you have an extra open root shell when experimenting with this, so you can always revert your changes.

    – jippie
    Dec 18 '12 at 19:35











  • Consider updating /etc/login.defs with your preferred defaults for future new users.

    – jippie
    Dec 18 '12 at 19:39


















2















I search a clean way to delete every users from the 'sudo' group. On several distributions the user created during the installation process has sudo rights, I don't want this. I search for an automated method working for (nearly) every situations.



Basically, I want to empty a group.



To remove every users : GROUP=my_group; for u in $(getent group $GROUP | sed -e 's/^.*:.*:.*://' -e 's/,/ /g'); do echo gpasswd --delete $u $GROUP; done

This command line works :

1. if the group doesn't exist

2. if the group is empty

3. if the group contains one user

4. if the group contains several users

So everything is okay. But is their something simplier ?



Another way is to delete the group, and recreate it. Ugly ?






bash users group







share|improve this question























  • How about just deleting the group and then recreating it?

    – jordanm
    Dec 18 '12 at 19:32











  • Either make sure you have the root password set, or better leave at least one user in the sudo group that can keep this privilege. Also make sure you have an extra open root shell when experimenting with this, so you can always revert your changes.

    – jippie
    Dec 18 '12 at 19:35











  • Consider updating /etc/login.defs with your preferred defaults for future new users.

    – jippie
    Dec 18 '12 at 19:39
















2












2








2


0






I search a clean way to delete every users from the 'sudo' group. On several distributions the user created during the installation process has sudo rights, I don't want this. I search for an automated method working for (nearly) every situations.



Basically, I want to empty a group.



To remove every users : GROUP=my_group; for u in $(getent group $GROUP | sed -e 's/^.*:.*:.*://' -e 's/,/ /g'); do echo gpasswd --delete $u $GROUP; done

This command line works :

1. if the group doesn't exist

2. if the group is empty

3. if the group contains one user

4. if the group contains several users

So everything is okay. But is their something simplier ?



Another way is to delete the group, and recreate it. Ugly ?






bash users group







share|improve this question














I search a clean way to delete every users from the 'sudo' group. On several distributions the user created during the installation process has sudo rights, I don't want this. I search for an automated method working for (nearly) every situations.



Basically, I want to empty a group.



To remove every users : GROUP=my_group; for u in $(getent group $GROUP | sed -e 's/^.*:.*:.*://' -e 's/,/ /g'); do echo gpasswd --delete $u $GROUP; done

This command line works :

1. if the group doesn't exist

2. if the group is empty

3. if the group contains one user

4. if the group contains several users

So everything is okay. But is their something simplier ?



Another way is to delete the group, and recreate it. Ugly ?






bash users group




bash users group






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 18 '12 at 19:16









Gregory MOUSSATGregory MOUSSAT

762924




762924













  • How about just deleting the group and then recreating it?

    – jordanm
    Dec 18 '12 at 19:32











  • Either make sure you have the root password set, or better leave at least one user in the sudo group that can keep this privilege. Also make sure you have an extra open root shell when experimenting with this, so you can always revert your changes.

    – jippie
    Dec 18 '12 at 19:35











  • Consider updating /etc/login.defs with your preferred defaults for future new users.

    – jippie
    Dec 18 '12 at 19:39





















  • How about just deleting the group and then recreating it?

    – jordanm
    Dec 18 '12 at 19:32











  • Either make sure you have the root password set, or better leave at least one user in the sudo group that can keep this privilege. Also make sure you have an extra open root shell when experimenting with this, so you can always revert your changes.

    – jippie
    Dec 18 '12 at 19:35











  • Consider updating /etc/login.defs with your preferred defaults for future new users.

    – jippie
    Dec 18 '12 at 19:39



















How about just deleting the group and then recreating it?

– jordanm
Dec 18 '12 at 19:32





How about just deleting the group and then recreating it?

– jordanm
Dec 18 '12 at 19:32













Either make sure you have the root password set, or better leave at least one user in the sudo group that can keep this privilege. Also make sure you have an extra open root shell when experimenting with this, so you can always revert your changes.

– jippie
Dec 18 '12 at 19:35





Either make sure you have the root password set, or better leave at least one user in the sudo group that can keep this privilege. Also make sure you have an extra open root shell when experimenting with this, so you can always revert your changes.

– jippie
Dec 18 '12 at 19:35













Consider updating /etc/login.defs with your preferred defaults for future new users.

– jippie
Dec 18 '12 at 19:39







Consider updating /etc/login.defs with your preferred defaults for future new users.

– jippie
Dec 18 '12 at 19:39












2 Answers
2






active

oldest

votes


















3














In general you shouldn't delete a group because some files may belong to that group but it may be sufficient for your specific sudo usecase.



A more general usecase is to use gpasswd (1) at it allows you to set the members of a specific group, so it should be enough to run:



gpasswd sudo -M ''


To only run this if the group sudo exists you can combine it with a getent call, i.e.:



getent group sudo && gpasswd sudo -M ''





share|improve this answer
























  • Does this cover cases where sudo is a primary group for some users?

    – Nils
    Dec 21 '12 at 21:57











  • @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

    – Ulrich Dangel
    Dec 21 '12 at 23:23



















0














There's another simplier way with /usr/sbin/groupmems



groupmems -p -g group_to_clean


All members will be removed from the group.



Tested in CentOS.






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f58801%2fdelete-every-users-from-a-group%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    3














    In general you shouldn't delete a group because some files may belong to that group but it may be sufficient for your specific sudo usecase.



    A more general usecase is to use gpasswd (1) at it allows you to set the members of a specific group, so it should be enough to run:



    gpasswd sudo -M ''


    To only run this if the group sudo exists you can combine it with a getent call, i.e.:



    getent group sudo && gpasswd sudo -M ''





    share|improve this answer
























    • Does this cover cases where sudo is a primary group for some users?

      – Nils
      Dec 21 '12 at 21:57











    • @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

      – Ulrich Dangel
      Dec 21 '12 at 23:23
















    3














    In general you shouldn't delete a group because some files may belong to that group but it may be sufficient for your specific sudo usecase.



    A more general usecase is to use gpasswd (1) at it allows you to set the members of a specific group, so it should be enough to run:



    gpasswd sudo -M ''


    To only run this if the group sudo exists you can combine it with a getent call, i.e.:



    getent group sudo && gpasswd sudo -M ''





    share|improve this answer
























    • Does this cover cases where sudo is a primary group for some users?

      – Nils
      Dec 21 '12 at 21:57











    • @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

      – Ulrich Dangel
      Dec 21 '12 at 23:23














    3












    3








    3







    In general you shouldn't delete a group because some files may belong to that group but it may be sufficient for your specific sudo usecase.



    A more general usecase is to use gpasswd (1) at it allows you to set the members of a specific group, so it should be enough to run:



    gpasswd sudo -M ''


    To only run this if the group sudo exists you can combine it with a getent call, i.e.:



    getent group sudo && gpasswd sudo -M ''





    share|improve this answer













    In general you shouldn't delete a group because some files may belong to that group but it may be sufficient for your specific sudo usecase.



    A more general usecase is to use gpasswd (1) at it allows you to set the members of a specific group, so it should be enough to run:



    gpasswd sudo -M ''


    To only run this if the group sudo exists you can combine it with a getent call, i.e.:



    getent group sudo && gpasswd sudo -M ''






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Dec 18 '12 at 19:35









    Ulrich DangelUlrich Dangel

    20.3k25771




    20.3k25771













    • Does this cover cases where sudo is a primary group for some users?

      – Nils
      Dec 21 '12 at 21:57











    • @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

      – Ulrich Dangel
      Dec 21 '12 at 23:23



















    • Does this cover cases where sudo is a primary group for some users?

      – Nils
      Dec 21 '12 at 21:57











    • @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

      – Ulrich Dangel
      Dec 21 '12 at 23:23

















    Does this cover cases where sudo is a primary group for some users?

    – Nils
    Dec 21 '12 at 21:57





    Does this cover cases where sudo is a primary group for some users?

    – Nils
    Dec 21 '12 at 21:57













    @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

    – Ulrich Dangel
    Dec 21 '12 at 23:23





    @Nils no as gpasswd is used to manage /etc/group but the primary group is specified in /etc/passwd

    – Ulrich Dangel
    Dec 21 '12 at 23:23













    0














    There's another simplier way with /usr/sbin/groupmems



    groupmems -p -g group_to_clean


    All members will be removed from the group.



    Tested in CentOS.






    share|improve this answer






























      0














      There's another simplier way with /usr/sbin/groupmems



      groupmems -p -g group_to_clean


      All members will be removed from the group.



      Tested in CentOS.






      share|improve this answer




























        0












        0








        0







        There's another simplier way with /usr/sbin/groupmems



        groupmems -p -g group_to_clean


        All members will be removed from the group.



        Tested in CentOS.






        share|improve this answer















        There's another simplier way with /usr/sbin/groupmems



        groupmems -p -g group_to_clean


        All members will be removed from the group.



        Tested in CentOS.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jun 11 '16 at 6:46









        LukeM

        3,44932140




        3,44932140










        answered Jun 11 '16 at 3:22









        danielfcanddanielfcand

        61




        61






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f58801%2fdelete-every-users-from-a-group%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to reconfigure Docker Trusted Registry 2.x.x to use CEPH FS mount instead of NFS and other traditional...

            Image
            0 I am having trouble trying to reconfigure my DTR container to try and use a CEPH FS mount we created to act as a storage backend for our image repository. The Docs are very vague on this and nothing exactly explains on how to do it. Has anyone yet connected the dots? linux filesystems mount storage docker share | improve this question asked Feb 1 at 6:40 jRapp3r jRapp3r 1 1 add a comment  | 
            Read more

            is 'sed' thread safe

            Image
            2 If I have a shell/python script that uses sed to modify a file in place based on user inputs, and then two users run the same script at the same time or approx. same time, is 'sed' thread safe ? Or perhaps it is not an issue because the file_descripor that was opened by the first thread will be used to lock the file anyway ? thx linux sed python share | improve this question edited 7 hours ago Jeff Schaller 42.9k 11 59 137 asked 7 hours ago terreys terreys
            Read more

            How to make a Squid Proxy server?

            Image
            1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
            Read more