NAME
group —
format of the group permissions
file
DESCRIPTION
The
group file
/etc/group is the local
source of group information. It can be used in conjunction with the Hesiod
domain ‘group’, and the NIS maps ‘group.byname’ and
‘group.bygid’, as controlled by
nsswitch.conf(5).
The
group file consists of newline separated ASCII records,
usually one per group, containing four colon
‘
:
’ separated fields. Each line has the
form:
group:passwd:gid:[member[,member]...]
These fields are as follows:
- group
- Name of the group.
- passwd
- Group's encrypted password.
- gid
- The group's decimal ID.
- member
- Group members.
The
group field is the group name used for granting file
access to users who are members of the group.
The
gid field is the number associated with the group name.
They should both be unique across the system (and often across a group of
systems) since they control file access.
The
passwd field is an optional
encrypted
password. This field is rarely used and an asterisk is normally placed in it
rather than leaving it blank.
The
member field contains the names of users granted the
privileges of
group. The member names are separated by
commas without spaces or newlines. A user is automatically in a group if that
group was specified in their
/etc/passwd entry and does not
need to be added to that group in the
/etc/group file.
Very large groups can be accommodated over multiple lines by specifying the same
group name in all of them; other than this, each line has an identical format
to that described above. This can be necessary to avoid the record's length
limit, which is currently set to 1024 characters. Note that the limit can be
queried through
sysconf(3) by
using the
_SC_GETGR_R_SIZE_MAX
parameter. For example:
biggrp:*:1000:user001,user002,user003,...,user099,user100
biggrp:*:1000:user101,user102,user103,...
The group with the name “wheel” has a special meaning to the
su(1) command: if it exists and has
any members, only users listed in that group are allowed to
su to “root”.
HESIOD SUPPORT
If ‘dns’ is specified for the ‘group’ database in
nsswitch.conf(5), then
group lookups occur from the ‘group’ Hesiod
domain.
NIS SUPPORT
If ‘nis’ is specified for the ‘group’ database in
nsswitch.conf(5), then
group lookups occur from the ‘group.byname’ and
‘group.bygid’ NIS map.
COMPAT SUPPORT
If ‘compat’ is specified for the ‘group’ database, and
either ‘dns’ or ‘nis’ is specified for the
‘group_compat’ database in
nsswitch.conf(5), then
the
group file may also contain lines of the format
+name:*::
which causes the specified group to be included from the ‘group’
Hesiod domain or the ‘group.byname’ NIS map (respectively).
If no group name is specified, or the plus sign (“+”) appears alone
on line, all groups are included from the Hesiod domain or the NIS map.
Hesiod or NIS compat references may appear anywhere in the file, but the single
plus sign (“+”) form should be on the last line, for historical
reasons. Only the first group with a specific name encountered, whether in the
group file itself, or included via Hesiod or NIS, will be
used.
FILES
- /etc/group
-
SEE ALSO
newgrp(1),
passwd(1),
su(1),
setgroups(2),
crypt(3),
initgroups(3),
nsswitch.conf(5),
passwd(5),
yp(8)
HISTORY
A
group file format appeared in
Version 6 AT&T UNIX.
The NIS file format first appeared in SunOS.
The Hesiod support first appeared in
NetBSD 1.4.
BUGS
The
passwd(1) command does not
change the
group passwords.