Verifies the correctness of a group definition.
grpck { -n | -p | -t | -y } { ALL | Group ... }
The grpck command verifies the correctness of the group definitions in the user database files by checking the definitions for ALL the groups or for the groups specified by the Group parameter. If more than one group is specified, there must be a space between the groups.
Note: This command writes its messages to stderr.
You must select a flag to indicate whether the system should try to fix erroneous attributes. The following attributes are checked:
admin | Checks for a valid admin attribute for each group in the /etc/security/group file. No system fix is available. |
Generally, the sysck command calls the grpck command as part of the verification of a trusted-system installation. In addition, the root user or a member of the security group can enter the command.
The grpck command checks to see if the database management security files (/etc/passwd.nm.idx, /etc/passwd.id.idx, /etc/security/passwd.idx, and /etc/security/lastlog.idx) files are up-to-date or newer than the corresponding system security files. Please note, it is alright for the /etc/security/lastlog.idx to be not newer than /etc/security/lastlog. If the database management security files are out-of-date, a warning message appears indicating that the root user should run the mkpasswd command.
-n | Reports errors but does not fix them. |
-p | Fixes errors but does not report them. |
-t | Reports errors and asks if they should be fixed. |
-y | Fixes errors and reports them. |
Access Control: This command should grant execute (x) access to the root user and members of the security group. The command should be setuid to the root user and have the trusted computing base attribute.
Mode | File |
---|---|
r | /etc/passwd |
r | /etc/security/user |
rw | /etc/security/group |
rw | /etc/group |
Event | Information |
---|---|
GROUP_User | user, groups, attribute | error, status |
GROUP_Adms | user, groups, attribute | error, status |
grpck -n ALL
grpck -p ALL
grpck -n installOR
grpck -t installOR
grpck -y installThe grpck command does not correct the group names and IDs. Therefore, the -n, -t and -y flags report problems with group names and group IDs, but do not correct them.
/usr/sbin/grpck | Contains the grpck command. |
/etc/passwd | Contains the basic attributes of users. |
/etc/security/user | Contains the extended attributes of users. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |
The pwdck command, sysck command, usrck command.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX Version 4.3 System Management Concepts: Operating System and Devices.