group, logingroup - group file, grp.h
group contains for each group the following information:
+ group name
+ encrypted password
+ numerical group ID
+ comma-separated list of all users allowed in the group
This is an ASCII file. Fields are separated by colons, and each group
is separated from the next by a new-line. No spaces should separate
the fields or parts of fields on any line. If the password field is
null, no password is associated with the group.
There are two files of this form in the system, /etc/group and
/etc/logingroup. The file /etc/group exists to supply names for each
group, and to support changing groups by means of the newgrp utility
(see newgrp(1)). /etc/logingroup provides a default group access list
for each user via login and initgroups() (see login(1) and
The real and effective group ID set up by login for each user is
defined in /etc/passwd (see passwd(4)). If /etc/logingroup is empty
or non-existent, the default group access list is empty. If
/etc/logingroup and /etc/group are links to the same file, the default
access list includes the entire set of groups associated with the
user. The group name and password fields in /etc/logingroup are never
used; they are included only to give the two files a uniform format,
allowing them to be linked together.
All group IDs used in /etc/logingroup or /etc/passwd should be defined
in /etc/group. No user should be associated with more than NGROUPS
(see setgroups(2)) groups in /etc/logingroup.
These files reside in directory /etc. Because of the encrypted
passwords, these files can and do have general read permission and can
be used, for example, to map numerical group IDs to names.
The group structure is defined in <grp.h> and includes the following
char *gr_name; /* the name of the group */
char *gr_passwd; /* the encrypted group password */
gid_t gr_gid; /* the numerical group ID */
char **gr_mem; /* null-terminated array of pointers
to member names */
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
The /etc/group file can contain a line beginning with a plus (+),
which means to incorporate entries from Network Information Services
(NIS). There are two styles of + entries: + means to insert the
entire contents of NIS group file at that point, and +name means to
insert the entry (if any) for name from NIS at that point. If a +
entry has a non-null password or group member field, the contents of
that field overide what is contained in NIS. The numerical group ID
field cannot be overridden.
A group file can also have a line beginning with a minus (-), these
entries are used to disallow group entries. There is only one style
of - entry; an entry that consists of -name means to disallow any
subsequent entry (if any) for name. These entries are disallowed
regardless of whether the subsequent entry comes from the NIS or the
local group file.
Group files must not contain any blank lines. Blank lines can cause
unpredictable behavior in system administration software that uses
Group ID (gid) 9 is reserved for the Pascal Language operating system
and the BASIC Language operating system. These are operating systems
for Series 300/400 computers that can co-exist with HP-UX on the same
disk. Using this gid for other purposes can inhibit file transfer and
The length of each line in /etc/group is limited to LINE_MAX, as
defined in <limits.h>. Because of this limit, users should not be
listed in their primary group - only in their additional groups.
If /etc/group is linked to /etc/logingroup, group membership for a
user is managed by NIS, and no NIS server is able to respond, that
user cannot log in until a server does respond.
There is no single tool available to completely ensure that
/etc/passwd, /etc/group, and /etc/logingroup are compatible. However,
pwck and grpck can be used to simplify the task (see pwck(1M)).
There is no tool for setting group passwords in /etc/group.
Here is a sample /etc/group file:
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
Group other has a gid of 1 and members root, daemon, uucp, who, date,
and sync. The group oldproj is ignored since it appears after the
entry -oldproj. Also, the group myproject has members bill and steve,
and the password and group ID of the NIS entry for the group
myproject. All groups listed in the NIS are pulled in and placed
after the entry for myproject.
The plus (+) and minus (-) features are part of NIS. Therefore if NIS
is not installed, these features cannot work.
groups(1), newgrp(1), passwd(1), setgroups(2), crypt(3C),
getgrent(3C), initgroups(3C), passwd(4).
group: SVID2, SVID3, XPG2
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000