/etc/group File
Purpose
Contains basic group attributes.
Description
The /etc/group file contains basic group attributes. This is an ASCII file that contains records for system groups. Each record appears on a single line and is the following format:
Name:Password:ID:User1,User2,...,Usern
You must separate each attribute with a colon. Records are separated by new-line characters. The attributes in a record have the following values:
| Attribute | Description |
|---|---|
| Name | Specifies a group name that is unique on the system. See the mkgroup command for information on the restrictions for naming groups. |
| Password | Not used. Group administrators are provided instead of group passwords. See the /etc/security/group file for more information. |
| ID | Specifies the group ID. The value is a unique decimal integer string. The maximum value is 4,294,967,295 (4 GB). |
| User1,User2,...,Usern | Identifies a list of one or more users. Separate group member names with commas. Each user must already be defined in the local database configuration files. |
Do not use a : (colon) in any of the attribute fields. For an example of a record, see the "Examples" section . Additional attributes are defined in the /etc/security/group file.
You should access the /etc/group file through the system commands and subroutines defined for this purpose. You can use the following commands to manage groups:
- chgroup
- chgrpmem
- chuser
- lsgroup
- mkgroup
- mkuser
- rmgroup
To change the Name parameter, you first use the mkgroup command to add a new entry. Then, you use the rmgroup command to remove the old group. To display all the attributes in the file, use the lsgroup command.
You can use the chgroup, chgrpmem, or chuser command to change all user and group attributes. The mkuser command adds a user whose primary group is defined in the /usr/lib/security/mkuser.default file and the rmuser command removes a user. Although you can change the group ID with the chgroup command, this is not recommended.
| Group name | Description |
|---|---|
| system | This group is used for configuration and maintenance for hardware and software. |
| printq | This group is used for managing queuing functions such as, enable, disable, qadm, and qpri. |
| security | This group is used for handling password and limits control. |
| adm | This group is used for monitoring functions such as, performance, cron, and accounting. |
| staff | This group is the default group assigned to all new users. |
| audit | This group is used for auditing. |
| shutdown | This group allows users access to the shutdown command. |
| bin | This group is used for the system internal group. |
| sys | This group is used for the system internal group. |
| uucp | This group manages the UUCP system. |
| This group allows users to access the mail command. | |
| cron | This group allows users to access the crontab command. |
| nobody | This group is for user that do not owns any files and can be used as the default user for unprivileged operations. |
| kmem | This group allows users virtual memory read and write access such as, /dev/mem, /dev/port, and /dev/kmem. |
| log | This group allows users access to log files in /var/log. |
| lp | This group allows users access to the lp command. |
| network | This group allows users access to use the NetworkManager functions such as NM-Applet and KNetwrokmanager. |
| power | This group allows users access to suspend power. |
| root | This group allows users access to all system functions. |
| tty | This group allows users access to serial and USB devices. |
| users | This group is the default users group. This is the recommended group name you should use for users. |
Security
Access Control: This file should grant read (r) access to all users and grant write (w) access only to the root user and members of the security group.
Examples
A typical record looks like the following example for the staff group:
staff:!:1:shadow,cjf In this example, the GroupID parameter is 1 and the users are defined to be shadow and cjf.
Files
| Item | Description |
|---|---|
| /etc/group | Contains basic group attributes. |
| /etc/security/group | Contains the extended attributes of groups. |
| /etc/passwd | Contains the basic attributes of users. |
| /etc/security/passwd | Contains password information. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/security/environ | Contains the environment attributes of users. |
| /etc/security/limits | Contains the process resource limits of users. |
| /etc/security/audit/config | Contains audit system configuration information. |