[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Files Reference

/etc/group File

Purpose

Contains basic group attributes.

Description

The /etc/group file contains basic group attributes. This is an ASCII file that contains records for system groups. Each record appears on a single line and is the following format:

Name:Password:ID:User1,User2,...,Usern

You must separate each attribute with a colon. Records are separated by new-line characters. The attributes in a record have the following values:

Name Specifies a group name that is unique on the system. The name is a string of 8 bytes or less. See the mkgroup command for information on the restrictions for naming groups.
Password Not used. Group administrators are provided instead of group passwords. See the /etc/security/group file for more information.
ID Specifies the group ID. The value is a unique decimal integer string.
User1,User2,...,Usern
                          Identifies a list of one or more users. Separate group member names with commas. Each user must already be defined in the local database configuration files.

Do not use a : (colon) in any of the attribute fields. For an example of a record, see the "Examples" section . Additional attributes are defined in the /etc/security/group file.

Note: Certain system-defined group and user names are required for proper installation and update of the system software. Exercise care before replacing the /etc/group file to ensure that no system-supplied groups or users are removed.

You should access the /etc/group file through the system commands and subroutines defined for this purpose. You can use the following commands to manage groups:

To change the Name parameter, you first use the mkgroup command to add a new entry. Then, you use the rmgroup command to remove the old group. To display all the attributes in the file, use the lsgroup command.

You can use the chgroup, chgrpmem, or chuser command to change all user and group attributes. The mkuser command adds a user whose primary group is defined in the /usr/lib/security/mkuser.default file and the rmuser command removes a user. Although you can change the group ID with the chgroup command, this is not recommended.

Security

Access Control: This file should grant read (r) access to all users and grant write (w) access only to the root user and members of the security group.

Examples

A typical record looks like the following example for the staff group:

staff:!:1:shadow,cjf  

In this example, the GroupID parameter is 1 and the users are defined to be shadow and cjf.

Implementation Specifics

This file is part of Base Operating System (BOS) Runtime.

Files

/etc/group Contains basic group attributes.
/etc/security/group Contains the extended attributes of groups.
/etc/passwd Contains the basic attributes of users.
/etc/security/passwd Contains password information.
/etc/security/user Contains the extended attributes of users.
/etc/security/environ Contains the environment attributes of users.
/etc/security/limits Contains the process resource limits of users.
/etc/security/audit/config Contains audit system configuration information.

Related Information

The chgroup command, chgrpmem command, lsgroup command, mkgroup command, rmgroup command, setgroups command, setsenv command.

The enduserdb subroutine, getgroupattr subroutine, IDtogroup subroutine, nextgroup subroutine, putgroupattr subroutine, setuserdb subroutine.

File and System Security Overview in AIX Version 4.3 System User's Guide: Operating System and Devices.


[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]