cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
TudorRaduta
Community Manager
Community Manager
4 weeks ago
  • 582 Views

The Most Dangerous Typo in User Management

That moment you remove a user from the wheel group...

Happy Wednesday, everyone!

It's time for our "Problem & a Polish," where we look at a common mistake that teaches us a critical lesson. Today's topic comes straight from the RHCSA objective: "Create, delete, and modify local groups and group memberships."

The Problem: A user named 'susan' (who is already in the 'wheel' and 'dev' groups) needs to be added to the new 'managers' group. You quickly run the command: usermod -G managers susan. A few minutes later, Susan messages you in a panic: she can no longer run sudo and has lost access to the dev share!

The problem? The -G flag replaces the user's entire supplementary group list. You didn't *add* her to 'managers'—you *set* 'managers' as her *only* supplementary group, wiping out 'wheel' and 'dev'.

The Polish: Always use the -a (append) flag.

The correct, safe command is:

usermod -aG managers susan

The -a (append) flag tells usermod to add this new group to the user's existing list, not replace it.

Your Turn!

  1. Has this simple -a flag ever caught you out in practice?
  2. What command do you use to quickly verify all the groups a user belongs to? (Hint: There's a simple one that just shows the group names!)

Share your experiences in the comments!

Join the discussion
5 Replies
Chetan_Tiwary_
Community Manager
Community Manager
4 weeks ago
  • 547 Views

Another food for thought would be to know this  : Suppose you wanted to remove a user from a supplementary group ,how would you do it safely ?

Andrew
Flight Engineer
Flight Engineer
4 weeks ago
  • 520 Views

HA!

That gets philosophical quickly!

My goto is taboo (for good reasons) - vim /etc/group

The non-intuitive "gpasswd" is the much safer option:

sudo gpasswd -d username groupname

To the bigger question - no, the -a option hasn't caught me out, but I largely count luck. That, and, whenever possible, I recommend building scripts to do user management work. They bring the added value of being able to quickly log the before state, make the change, and log the after state. Plus, fewer typohs (once the scripts are built - plenty happen during the building ).

Chetan_Tiwary_
Community Manager
Community Manager
3 weeks ago
  • 418 Views

@Andrew kudos for bringing that "gpasswd" into this discussion. 

Blue_bird
Starfighter Starfighter
Starfighter
3 weeks ago
  • 450 Views

Thanks for sharing such a valuable information..! @TudorRaduta , which is useful not only the exam point of view, Even working in real time.

To quickly verify all the groups a user belongs to - I commonly use groups <username> or id <username>  commands

Thanks

Chetan_Tiwary_
Community Manager
Community Manager
3 weeks ago
  • 418 Views

@Blue_bird very subtle, id <username> is such a sweet little cute utility for the above mentioned objective! 

Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright @ 2025 Red Hat Privacy statement Terms of service Community Guidelines