Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
group(4)		   Kernel Interfaces Manual		      group(4)

       group, logingroup - group file, grp.h

       contains	for each group the following information:

	      o	 group name

	      o	 encrypted password

	      o	 numerical group ID

	      o	 comma-separated list of all users allowed in the group

       This  is	an ASCII file.	Fields are separated by	colons,	and each group
       is separated from the next by a new-line.  No  spaces  should  separate
       the  fields  or	parts of fields	on any line.  If the password field is
       null, no	password is associated with the	group.

       There are two files of this form	in the system, and The file exists  to
       supply names for	each group, and	to support changing groups by means of
       the utility (see	newgrp(1)).  provides a	default	group access list  for
       each user via and (see login(1) and initgroups(3C)).

       The  real  and effective	group ID set up	by for each user is defined in
       (see passwd(4)).	 If is empty, the default group	access list is	empty.
       If and are links	to the same file, the default access list includes the
       entire set of groups associated with the	 user.	 The  group  name  and
       password	 fields	 in are	never used; they are included only to give the
       two files a uniform format, allowing them to be linked together.

       All group IDs used in or	should be defined in No	user should be associ-
       ated with more than (see	setgroups(2)) groups in

       These  files  reside  in	 directory Because of the encrypted passwords,
       these files can and do have general read	permission and	can  be	 used,
       for example, to map numerical group IDs to names.

       The group structure is defined in and includes the following members:

       The file	can contain a line beginning with a plus which means to	incor-
       porate entries from Network Information Services	(NIS).	There are  two
       styles  of  entries:  means  to insert the entire contents of NIS group
       file at that point, and means to	insert the entry  (if  any)  for  name
       from  NIS  at  that point.  If a	entry has a non-null password or group
       member field, the contents of that field	overide	what is	 contained  in
       NIS.  The numerical group ID field cannot be overridden.

       A  group	file can also have a line beginning with a minus these entries
       are used	to disallow group entries.  There is only one style of	entry;
       an  entry  that	consists of means to disallow any subsequent entry (if
       any) for	name.  These entries are disallowed regardless of whether  the
       subsequent entry	comes from the NIS or the local	group file.

       Group  files  must  not contain any blank lines.	 Blank lines can cause
       unpredictable behavior in  system  administration  software  that  uses
       these files.

       Group  ID  (gid)	9 is reserved for the Pascal Language operating	system
       and the BASIC Language operating	system.	 These are  operating  systems
       for  Series  300/400 computers that can co-exist	with HP-UX on the same
       disk.  Using this gid for other purposes	can inhibit file transfer  and

       The  length of each line	in is limited to as defined in Because of this
       limit, users should not be listed in their  primary  group  -  only  in
       their additional	groups.

       If  is  linked to group membership for a	user is	managed	by NIS,	and no
       NIS server is able to respond, that user	cannot log in until  a	server
       does respond.

       There  is  no  single  tool available to	completely ensure that and are
       compatible.  However, and  can  be  used	 to  simplify  the  task  (see

       There is	no tool	for setting group passwords in

       Here is a sample	file:

       Group  has a gid	of 1 and members and The group is ignored since	it ap-
       pears after the entry Also, the group has members and and the  password
       and  group  ID  of the NIS entry	for the	group All groups listed	in the
       NIS are pulled in and placed after the entry for	 The  plus  and	 minus
       features	 are  part  of	NIS.  Therefore	if NIS is not installed, these
       features	cannot work.

       groups(1), newgrp(1), passwd(1),	setgroups(2), crypt(3C), getgrent(3C),
       initgroups(3C), passwd(4).



Want to link to this manual page? Use this URL:

home | help