chgrpmem Command
Purpose
Changes the administrators or members of a group.
Syntax
chgrpmem [-R load_module] [ { -a | -m } { + | - | = } User ... ] Group
Description
The chgrpmem command changes the administrators or members of the group specified by the Group parameter. Use this command to add, delete, or set a group's members or administrators list. You cannot remove users from their primary group. A user's primary group is maintained in the /etc/passwd file. If you specify only a group with the chgrpmem command, the command lists the group's members and administrators.
To change the administrators or members of a group that were created with an alternate Identification and Authentication (I&A) mechanism, the -R flag can be used to specify the I&A loadable module. Load modules are defined in the /usr/lib/security/methods.cfg file.
To add, delete, or set a user as a group administrator, specify the -a flag. Otherwise, to add, delete, or set a user as a group member, specify the -m flag. You must specify one of these flags and an operator to change a user's group membership. The operators do the following:
| Item | Description |
|---|---|
| + | Adds the specified user. |
| - | Deletes the specified user. |
| = | Sets the list of administrators or members to the specified user. |
You can specify more than one User parameter at a time. To do this, specify a comma-separated list of user names.
See the chgroup command for a list of restrictions that apply to changing group information.
Flags
| Item | Description |
|---|---|
| -a | Changes a group's administrators list. |
| -m | Changes the group's members list. |
| -R | Specifies the loadable I&A module used to change the administrators or members of a group. |
Exit Status
| Item | Description |
|---|---|
| 0 | The command runs successfully and all requested changes are made. |
| >0 | An error occurred. The printed error message gives further details about the type of failure. |
Security
Access Control
All users should have execute (x) access to this command because the command itself enforces the access rights. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the security group with the setgid (SGID) bit set.
Files Accessed
| Item | Description |
|---|---|
| Mode | File |
| x | /usr/bin/chgroup |
| r | /etc/passwd |
| r | /etc/group |
| rw | /etc/security/group |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Examples
- To remove jones as an administrator of the f612 group,
enter: chgrpmem -a - jones f612
- To add members davis and edwards to group f612,
enter: chgrpmem -m + davis,edwards f612
- To list members and administrators of group staff, enter:
chgrpmem staff - To list members of the LDAP I&A loadable module group
monsters, enter:chgrpmem -R LDAP monsters
Files
| Item | Description |
|---|---|
| /usr/bin/chgrpmem | Specifies the path to the chgrpmem command. |
| /etc/passwd | Contains the basic attributes of users. |
| /etc/group | Contains the basic attributes of groups. |
| /etc/security/group | Contains the extended attributes of groups. |