'\" te .\" Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. .\" Copyright 1989 AT&T .TH group 4 "20 Nov 2013" "SunOS 5.11" "File Formats" .SH NAME group \- group file .SH DESCRIPTION .sp .LP The \fBgroup\fR file is a local source of group information. The \fBgroup\fR file can be used in conjunction with other group sources, including the \fBNIS\fR maps, \fBgroup.byname\fR and \fBgroup.bygid\fR, or group information stored on an LDAP server. Programs use the \fBgetgrnam\fR(3C) routines to access this information. .sp .LP The \fBgroup\fR file contains a one-line entry for each group recognized by the system, of the form: .sp .LP \fIgroupname\fR:\fIpassword\fR: \fIgid\fR:\fIuser-list\fR .sp .LP where .sp .ne 2 .mk .na \fB\fIgroupname\fR\fR .ad .RS 13n .rt The name of the group. A string consisting of lower case alphabetic characters and numeric characters. The group name should be restricted to the Portable Filename Characters: A-Z, a-z, 0-9, underscore (\fB_\fR), hyphen (\fB-\fR) ,and period (\fB\&.\fR). Neither a colon (\fB:\fR) nor a NEWLINE can be part of a \fIgroupname\fR. The string cannot exceed, \fBMAXGLEN-1\fR, which is currently defined as thirty two characters. .RE .sp .ne 2 .mk .na \fB\fIgid\fR\fR .ad .RS 13n .rt The group's unique numerical ID (GID) within the system. .RE .sp .ne 2 .mk .na \fB\fIuser-list\fR\fR .ad .RS 13n .rt A comma-separated list of users allowed in the group. .RE .sp .LP The maximum value of the \fIgid\fR field is 2147483647. To maximize interoperability and compatibility, administrators are recommended to assign groups using the range of GIDs below 60000 where possible. .sp .LP A password can be demanded by \fBnewgrp\fR(1) if the group password field is not empty. The only way to create a password for a group is to use \fBpasswd\fR(1), then cut and paste the password from \fB/etc/shadow\fR to \fB/etc/group\fR. Group passwords are antiquated and not often used. .sp .LP During user identification and authentication, the supplementary group access list is initialized sequentially from information in this file. If a user is in more groups than the system is configured for, \fB{NGROUPS_MAX}\fR, a warning is given and subsequent group specifications is ignored. .sp .LP Malformed entries cause routines that read this file to halt, in which case group assignments specified further along are never made. To prevent this from happening, use \fBgrpck\fR(1M) to check the \fB/etc/group\fR database from time to time. .sp .LP If the number of characters in an entry exceeds 2047, group maintenance commands, such as \fBgroupdel\fR(1M) and \fBgroupmod\fR(1M), fail. .sp .LP Previous releases used a group entry beginning with a `\fB+\fR' (plus sign) or `\fB\(mi\fR\&' (minus sign) to selectively incorporate entries from a naming service source (for example, an NIS map or data from an LDAP server) for group. If still required, this is supported by specifying \fBgroup:compat\fR in \fBnsswitch.conf\fR(4). The \fBcompat\fR source might not be supported in future releases. A possible sources is \fBfiles\fR followed by \fBldap\fR. This has the effect of incorporating information from an LDAP server after the \fBgroup\fR file. .SH EXAMPLES .LP \fBExample 1 \fRAn Example \fBgroup\fR File .sp .LP The following is an example of a \fBgroup\fR file: .sp .in +2 .nf root::0:root stooges:q.mJzTnu8icF.:10:larry,moe,curly .fi .in -2 .sp .sp .LP and the sample group entry from \fBnsswitch.conf\fR: .sp .in +2 .nf group: files ldap .fi .in -2 .sp .sp .LP With these entries, the group \fBstooges\fR has members \fBlarry\fR, \fBmoe\fR, and \fBcurly\fR, and all groups listed on the LDAP server are effectively incorporated after the entry for \fBstooges\fR. .sp .LP If the \fBgroup\fR file was: .sp .in +2 .nf root::0:root stooges:q.mJzTnu8icF.:10:larry,moe,curly +: .fi .in -2 .sp .sp .LP and the group entry from \fBnsswitch.conf\fR: .sp .in +2 .nf group: compat .fi .in -2 .sp .sp .LP all the groups listed in the \fBNIS\fR \fBgroup.bygid\fR and \fBgroup.byname\fR maps would be effectively incorporated after the entry for stooges. .SH SEE ALSO .sp .LP \fBgroups\fR(1), \fBnewgrp\fR(1), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBgrpck\fR(1M), \fBgetgrnam\fR(3C), \fBinitgroups\fR(3C), \fBnsswitch.conf\fR(4), \fBunistd.h\fR(3HEAD) .sp .LP \fIIntroduction to Oracle Solaris 11.3 Administration\fR .SH NOTES .sp .LP An administrator must have \fBsolaris.group.manage\fR authorization to add a new group. An administrator can add a user to any group or modify any group for which it has a matching authorization of the form \fBsolaris.group.assign/\fR\fIgroupname\fR. An administrator must have both \fBsolaris.group.manage\fR and either \fBsolaris.group.assign\fR or an authorization of the form \fBsolaris.group.assign/\fR\fIgroupname\fR to delete a group.