/etc/group File

Purpose

Contains basic group attributes.

Description

The /etc/group file contains basic group attributes. This is an ASCII file that contains records for system groups. Each record appears on a single line and is the following format:

Name:Password:ID:User1,User2,...,Usern

You must separate each attribute with a colon. Records are separated by new-line characters. The attributes in a record have the following values:

Attribute Description
Name Specifies a group name that is unique on the system. See the mkgroup command for information on the restrictions for naming groups.
Password Not used. Group administrators are provided instead of group passwords. See the /etc/security/group file for more information.
ID Specifies the group ID. The value is a unique decimal integer string. The maximum value is 4,294,967,295 (4 GB).
User1,User2,...,Usern Identifies a list of one or more users. Separate group member names with commas. Each user must already be defined in the local database configuration files.

Do not use a : (colon) in any of the attribute fields. For an example of a record, see the "Examples" section . Additional attributes are defined in the /etc/security/group file.

Note: Certain system-defined group and user names are required for proper installation and update of the system software. Exercise care before replacing the /etc/group file to ensure that no system-supplied groups or users are removed.

You should access the /etc/group file through the system commands and subroutines defined for this purpose. You can use the following commands to manage groups:

To change the Name parameter, you first use the mkgroup command to add a new entry. Then, you use the rmgroup command to remove the old group. To display all the attributes in the file, use the lsgroup command.

You can use the chgroup, chgrpmem, or chuser command to change all user and group attributes. The mkuser command adds a user whose primary group is defined in the /usr/lib/security/mkuser.default file and the rmuser command removes a user. Although you can change the group ID with the chgroup command, this is not recommended.

The following table lists all the possible group names and what functions the group controls.
Group name Description
system This group is used for configuration and maintenance for hardware and software.
printq This group is used for managing queuing functions such as, enable, disable, qadm, and qpri.
security This group is used for handling password and limits control.
adm This group is used for monitoring functions such as, performance, cron, and accounting.
staff This group is the default group assigned to all new users.
audit This group is used for auditing.
shutdown This group allows users access to the shutdown command.
bin This group is used for the system internal group.
sys This group is used for the system internal group.
uucp This group manages the UUCP system.
mail This group allows users to access the mail command.
cron This group allows users to access the crontab command.
nobody This group is for user that do not owns any files and can be used as the default user for unprivileged operations.
kmen This group allows users virtual memory read and write access such as, /deev/mem, /dev/port, and /dev/kmem.
log This group allows users access to log files in /var/log.
lp This group allows users access to the lp command.
network This group allows users access to use the NetworkManager functions such as NM-Applet and KNetwrokmanager.
power This group allows users access to suspend power.
root This group allows users access to all system functions.
tty This group allows users access to serial and USB devices.
users This group is the default users group. This is the recommended group name you should use for users.

Security

Access Control: This file should grant read (r) access to all users and grant write (w) access only to the root user and members of the security group.

Examples

A typical record looks like the following example for the staff group:

staff:!:1:shadow,cjf  

In this example, the GroupID parameter is 1 and the users are defined to be shadow and cjf.

Files

Item Description
/etc/group Contains basic group attributes.
/etc/security/group Contains the extended attributes of groups.
/etc/passwd Contains the basic attributes of users.
/etc/security/passwd Contains password information.
/etc/security/user Contains the extended attributes of users.
/etc/security/environ Contains the environment attributes of users.
/etc/security/limits Contains the process resource limits of users.
/etc/security/audit/config Contains audit system configuration information.