group(4) Kernel Interfaces Manual group(4)
group, logingroup - group file, grp.h
contains for each group the following information:
o group name
o encrypted password
o numerical group ID
o comma-separated list of all users allowed in the group
The file is an ASCII file. Fields are separated by colons, and each group is separated from the next by a new-line. No spaces should sep-
arate the fields or parts of fields on any line. If the password field is null, no password is associated with the group.
There are two files of this form in the system, and The file exists to supply names for each group, and to support changing groups by means
of the utility (see newgrp(1)). provides a default group access list for each user via and (see login(1) and initgroups(3C)).
The real and effective group ID set up by for each user is defined in (see passwd(4)). If is empty, the default group access list is
empty. If and are links to the same file, the default access list includes the entire set of groups associated with the user. The group
name and password fields in are never used; they are included only to give the two files a uniform format, allowing them to be linked
All group IDs used in or should be defined in
These files reside in directory Because of the encrypted passwords, these files can and do have general read permission and can be used,
for example, to map numerical group IDs to names.
The group structure is defined in and includes the following members:
The file can contain a line beginning with a plus which means to incorporate entries from Network Information Services (NIS). There are
two styles of entries: means to insert the entire contents of NIS group file at that point, and means to insert the entry (if any) for name
from NIS at that point. If a entry has a non-null password or group member field, the contents of that field overide what is contained in
NIS. The numerical group ID field cannot be overridden.
A group file can also have a line beginning with a minus these entries are used to disallow group entries. There is only one style of
entry; an entry that consists of means to disallow any subsequent entry (if any) for name. These entries are disallowed regardless of
whether the subsequent entry comes from the NIS or the local group file.
Group files must not contain any blank lines. Blank lines can cause unpredictable behavior in system administration software that uses
Group ID (gid) 9 is reserved for the Pascal Language operating system and the BASIC Language operating system. These are operating systems
for Series 300/400 computers that can co-exist with HP-UX on the same disk. Using this gid for other purposes can inhibit file transfer
The length of each line in is limited to as defined in Because of this limit, users should not be listed in their primary group - only in
their additional groups.
If is linked to group membership for a user is managed by NIS, and no NIS server is able to respond, that user cannot log in until a server
There is no single tool available to completely ensure that and are compatible. However, and can be used to simplify the task (see
There is no tool for setting group passwords in
Here is a sample file:
Group has a gid of 1 and members and The group is ignored since it appears after the entry Also, the group has members and and the password
and group ID of the NIS entry for the group All groups listed in the NIS are pulled in and placed after the entry for The plus and minus
features are part of NIS. Therefore if NIS is not installed, these features cannot work.
groups(1), newgrp(1), passwd(1), setgroups(2), crypt(3C), getgrent(3C), initgroups(3C), passwd(4).