Removes a group.
The rmgroup command removes a group specified by the Name parameter. This command deletes all the group attributes as well. To remove a group, the group name must already exist. Users who are group members are not removed from the system.
If the group is the primary group for any user, you cannot remove it unless you redefine the user's primary group with the chuser command. The chuser command alters the /etc/passwd file. Only the root user or a user with GroupAdmin authorization can remove an administrative group or a group with administrative users as members.
For groups that were created with an alternate Identification and Authentication (I&A) mechanism, the -R flag can be used to specify the I&A load module used. Load modules are defined in the /usr/lib/security/methods.cfg file.
You can use the Users application in Web-based System Manager (wsm) to change user characteristics.
You could also use the System Management Interface Tool (SMIT) smit rmgroup fast path to run this command.
Item | Description |
---|---|
-p | Removes the group keystore. |
-R load_module | Specifies the loadable I&A module used to remove a group. |
Item | Description |
---|---|
0 | The command executes successfully and all requested changes are made. |
>0 | An error occurred. The printed error message gives further details about the type of failure. |
Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.
Files Accessed:
Mode | File |
---|---|
r | /etc/passwd |
rw | /etc/group |
rw | /etc/security/group |
Auditing Events:
Event | Information |
---|---|
GROUP_Remove | group |
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Removing a group may not be supported by all loadable I&A modules. If the loadable I&A module does not support removing a group, an error is reported.
rmgroup finance
rmgroup -R LDAP monsters
Item | Description |
---|---|
/usr/sbin/rmgroup | Contains the rmgroup command. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |