unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

group(4)                         File Formats                         group(4)



NAME
       group - group file

DESCRIPTION
       The  group  file is a local source of group information. The group file
       can be used in conjunction with other group sources, including the  NIS
       maps  group.byname  and  group.bygid,  the  NIS+  table group, or group
       information stored on an LDAP server.  Programs  use  the  getgrnam(3C)
       routines to access this information.

       The  group  file contains a one-line entry for each group recognized by
       the system, of the form:

              groupname:password: gid:user-list


       where

       groupname       The name of the group.



       gid             The group's unique numerical ID (GID) within  the  sys-
                       tem.



       user-list       A comma-separated list of users allowed in the group.



       The  maximum value of the gid field is 2147483647. To maximize interop-
       erability and compatibility, administrators are recommended  to  assign
       groups using the range of GIDs below 60000 where possible.

       If  the  password  field is empty, no password is demanded. During user
       identification and authentication, the supplementary group access  list
       is initialized sequentially from information in this file. If a user is
       in more groups than the system  is  configured  for,  {NGROUPS_MAX},  a
       warning  will  be  given  and  subsequent  group specifications will be
       ignored.

       Malformed entries cause routines that read this file to halt, in  which
       case  group assignments specified further along are never made. To pre-
       vent this from happening, use grpck(1B) to check the  /etc/group  data-
       base from time to time.

       Previous  releases  used a group entry beginning with a `+' (plus sign)
       or `-' (minus sign) to selectively incorporate entries  from  a  naming
       service  source  (for  example, an NIS map or data from an LDAP server)
       for  group.  If  still  required,  this  is  supported  by   specifying
       group:compat  in  nsswitch.conf(4).  The  compat source may not be sup-
       ported in future releases. Possible sources are files followed by  ldap
       or  nisplus.  This  has the effect of incorporating information from an
       LDAP server or the entire contents of the NIS+ group  table  after  the
       group file.

EXAMPLES
       Example 1: Sample of a group File.

       Here is a sample group file:

       root::0:root
       stooges:q.mJzTnu8icF.:10:larry,moe,curly

       and the sample group entry from nsswitch.conf:

       group: files ldap

       With these entries, the group stooges will have members larry, moe, and
       curly, and all groups listed on the LDAP server are effectively  incor-
       porated after the entry for stooges.

       If the group file was:

       root::0:root
       stooges:q.mJzTnu8icF.:10:larry,moe,curly
       +:

       and the group entry from nsswitch.conf:

       group: compat

       all  the  groups  listed  in  the NIS group.bygid and group.byname maps
       would be effectively incorporated after the entry for stooges.

SEE ALSO
       groups(1), grpck(1B),  newgrp(1),  getgrnam(3C),  initgroups(3C),  nss-
       witch.conf(4), unistd.h(3HEAD)

       System Administration Guide: Basic Administration



SunOS 5.10                        22 Jul 2004                         group(4)