group.4 (2010 09)
g
group(4) group(4)
NAME
group, logingroup - group file, grp.h
DESCRIPTION
group contains for each group the following information:
• group name
• encrypted password
• numerical group ID
• comma-separated list of all users allowed in the group
The
group file is an ASCII file. Fields are separated by colons, and each group is separated from the
next by a new-line. No spaces should separate the fields or parts of fields on any line. If the password
field is null, no password is associated with the group.
There are two files of this form in the system,
/etc/group and /etc/logingroup
. The file
/etc/group exists to supply names for each group, and to support changing groups by means of the
newgrp utility (see newgrp(1)). /etc/logingroup
provides a default group access list for each user
via
login and initgroups() (see login (1) and initgroups (3C)).
The real and effective group ID set up by
login for each user is defined in /etc/passwd (see
passwd (4)). If
/etc/logingroup
is empty, the default group access list is empty. If
/etc/logingroup and /etc/group
are links to the same file, the default access list includes the
entire set of groups associated with the user. The group name and password fields in
/etc/logingroup are never used; they are included only to give the two files a uniform format, allow-
ing them to be linked together.
All group IDs used in
/etc/logingroup
or /etc/passwd should be defined in /etc/group.
These files reside in directory
/etc. Because of the encrypted passwords, these files can and do have
general read permission and can be used, for example, to map numerical group IDs to names.
The group structure is defined in
<grp.h> and includes the following members:
char *gr_name; /* the name of the group */
char *gr_passwd; /* the encrypted group password */
gid_t gr_gid; /* the numerical group ID */
char **gr_mem; /* null-terminated array of pointers
to member names */
NETWORKING FEATURES
NIS
The /etc/group file can contain a line beginning with a plus (+), which means to incorporate entries
from Network Information Services (NIS). There are two styles of + entries: + means to insert the entire
contents of NIS group file at that point, and +name means to insert the entry (if any) for name from NIS
at that point. If a
+ entry has a non-null password or group member field, the contents of that field
overide what is contained in NIS. The numerical group ID field cannot be overridden.
A group file can also have a line beginning with a minus (
-), these entries are used to disallow group
entries. There is only one style of - entry; an entry that consists of -name means to disallow any subse-
quent entry (if any) for name. These entries are disallowed regardless of whether the subsequent entry
comes from the NIS or the local group file.
WARNINGS
Group files must not contain any blank lines. Blank lines can cause unpredictable behavior in system
administration software that uses these files.
Group ID (gid) 9 is reserved for the Pascal Language operating system and the BASIC Language operat-
ing system. These are operating systems for Series 300/400 computers that can co-exist with HP-UX on
the same disk. Using this gid for other purposes can inhibit file transfer and sharing.
The length of each line in
/etc/group is limited to LINE_MAX, as defined in <limits.h>.Because
of this limit, users should not be listed in their primary group - only in their additional groups.
If
/etc/group is linked to /etc/logingroup, group membership for a user is managed by NIS, and
no NIS server is able to respond, that user cannot log in until a server does respond.
There is no single tool available to completely ensure that
/etc/passwd, /etc/group, and
/etc/logingroup are compatible. However, pwck and grpck can be used to simplify the task (see
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1