GROUP(5) | File Formats Manual | GROUP(5) |
group
—
group
file /etc/group is the
local source of group information. It can be used in conjunction with the
Hesiod domain ‘group’, and the NIS maps
‘group.byname’ and ‘group.bygid’, as controlled by
nsswitch.conf(5).
The group
file consists of newline
separated ASCII records, usually one per group, containing four colon
‘:
’ separated fields. Each line has
the form:
group:passwd:gid:[member[,member]...]
These fields are as follows:
The group field is the group name used for granting file access to users who are members of the group.
The gid field is the number associated with the group name. They should both be unique across the system (and often across a group of systems) since they control file access.
The passwd field is an optional encrypted password. This field is rarely used and an asterisk is normally placed in it rather than leaving it blank.
The member field contains the names of users granted the privileges of group. The member names are separated by commas without spaces or newlines. A user is automatically in a group if that group was specified in their /etc/passwd entry and does not need to be added to that group in the /etc/group file.
Very large groups can be accommodated over multiple lines by
specifying the same group name in all of them; other than this, each line
has an identical format to that described above. This can be necessary to
avoid the record's length limit, which is currently set to 1024 characters.
Note that the limit can be queried through
sysconf(3) by using the
_SC_GETGR_R_SIZE_MAX
parameter. For example:
biggrp:*:1000:user001,user002,user003,...,user099,user100 biggrp:*:1000:user101,user102,user103,...
The group with the name “wheel” has a special
meaning to the su(1) command: if
it exists and has any members, only users listed in that group are allowed
to su
to “root”.
group
lookups occur from the ‘group’
Hesiod domain.
group
lookups occur from the
‘group.byname’ and ‘group.bygid’ NIS map.
group
file may also contain lines of the format
+name:*::
which causes the specified group to be included from the ‘group’ Hesiod domain or the ‘group.byname’ NIS map (respectively).
If no group name is specified, or the plus sign (“+”) appears alone on line, all groups are included from the Hesiod domain or the NIS map.
Hesiod or NIS compat references may appear anywhere in the file,
but the single plus sign (“+”) form should be on the last
line, for historical reasons. Only the first group with a specific name
encountered, whether in the group
file itself, or
included via Hesiod or NIS, will be used.
group
file format appeared in
Version 6 AT&T UNIX.
The NIS file format first appeared in SunOS.
The Hesiod support first appeared in NetBSD 1.4.
group
passwords.
June 21, 2007 | NetBSD 9.4 |