File Formats group(4)
NAME
group - group file
DESCRIPTION
The group file is a local source of group information. The
group file can be used in conjunction with other group
sources, including the NIS maps, group.byname and
group.bygid, or group information stored on an LDAP server.
Programs use the getgrnam(3C) routines to access this infor-
mation.The group file contains a one-line entry for each group
recognized by the system, of the form:groupname:password: gid:user-list
wheregroupname The name of the group. A string consisting of
lower case alphabetic characters and numeric characters. Neither a colon (:) nor a NEWLINEcan be part of a groupname. The string can not
exceed, MAXGLEN-1, which is usually eight char-
acters.gid The group's unique numerical ID (GID) within
the system.user-list A comma-separated list of users allowed in the
group.
The maximum value of the gid field is 2147483647. To maxim-
ize interoperability and compatibility, administrators arerecommended to assign groups using the range of GIDs below
60000 where possible.A password can be demanded by newgrp(1) if the group pass-
word field is not empty. The only way to create a passwordfor a group is to use passwd(1), then cut and paste the
password from /etc/shadow to /etc/group. Group passwords are
antiquated and not often used.SunOS 5.11 Last change: 22 Feb 2010 1
File Formats group(4)
During user identification and authentication, the supple-
mentary group access list is initialized sequentially from
information in this file. If a user is in more groups than
the system is configured for, {NGROUPS_MAX}, a warning is
given and subsequent group specifications is ignored.
Malformed entries cause routines that read this file tohalt, in which case group assignments specified further
along are never made. To prevent this from happening, usegrpck(1B) to check the /etc/group database from time to
time.If the number of characters in an entry exceeds 2047, group
maintenance commands, such as groupdel(1M) and groupmod(1M),
fail.Previous releases used a group entry beginning with a `+'
(plus sign) or `-' (minus sign) to selectively incorporate
entries from a naming service source (for example, an NISmap or data from an LDAP server) for group. If still
required, this is supported by specifying group:compat in
nsswitch.conf(4). The compat source might not be supported in future releases. A possible sources is files followed by ldap. This has the effect of incorporating information froman LDAP server after the group file.
EXAMPLES
Example 1 An Example group File
The following is an example of a group file:
root::0:root stooges:q.mJzTnu8icF.:10:larry,moe,curlyand the sample group entry from nsswitch.conf:
group: files ldap
With these entries, the group stooges has members larry,
moe, and curly, and all groups listed on the LDAP server are
SunOS 5.11 Last change: 22 Feb 2010 2
File Formats group(4)
effectively incorporated after the entry for stooges.If the group file was:
root::0:root stooges:q.mJzTnu8icF.:10:larry,moe,curly +:and the group entry from nsswitch.conf:
group: compat
all the groups listed in the NIS group.bygid and
group.byname maps would be effectively incorporated after
the entry for stooges.SEE ALSO
groups(1), grpck(1B), newgrp(1), groupadd(1M), groupdel(1M),
groupmod(1M), getgrnam(3C), initgroups(3C),
nsswitch.conf(4), unistd.h(3HEAD) System Administration Guide: Basic AdministrationSunOS 5.11 Last change: 22 Feb 2010 3