In modern Linux systems, both users and groups are assigned numeric IDs. Users have UIDs, and groups have GIDs. By convention, system accounts typically use IDs below 1000, while regular user accounts use IDs 1000 and above.

When a user account is created, a corresponding group with the same name is usually created as the user’s primary group. To identify groups that are not associated with individual users (such as groups created for application or role-based access control), you can use the following command:

comm -23 <(getent group | awk -F: '$3>=1000 {print $1}' | sort) <(getent passwd | awk -F: '{print $1}' | sort)

How It Works

This command compares two lists:

1. Group names with GID ≥ 1000
2. All usernames in the system

It then outputs only the groups that don’t have a matching username, which typically identifies non-user groups.

Command Breakdown:

1. getent group – Lists all groups from system databases
2. awk -F: '$3>=1000 {print $1}' – Filters for groups with GID ≥ 1000 and outputs only group names
3. getent passwd | awk -F: '{print $1}' – Lists all usernames
4. comm -23 – Compares the sorted lists and outputs only items unique to the first list

Use Cases

This command is useful for:

• Auditing group configurations
• Identifying application-specific groups
• Cleaning up unused groups
• Security reviews of group-based access controls

Variations

To include additional information about the groups (like GID and members), modify the output:

getent group | awk -F: '$3>=1000 {print $1}' | sort > /tmp/groups.txt
getent passwd | awk -F: '{print $1}' | sort > /tmp/users.txt
comm -23 /tmp/groups.txt /tmp/users.txt | while read group; do getent group "$group"; done

Output

mygroup1
mygroup2
mygroup3