groupname:password:gid:user-list
where:
The group file is an ASCII file. The fields are separated by colons; each group is separated from the next by a new-line.
A group entry beginning with a ``+'' (plus sign), means to incorporate an entry or entries from the Network Information Service (NIS) into the local /etc/group file. A ``+'' on a line itself means to insert the entire contents of the NIS group file at that point in the local file. An entry of the form ``+''groupname means to insert the NIS entry (if any) for that group name. If a ``+''groupname entry has an empty password or user-list field, the fields in the NIS entry will used to fill in the corresponding fields in the local entry. The group ID in the NIS entry will never be used.
An entry of the form -groupname indicates that the group is disallowed. All subsequent entries for that group name, whether in the NIS group file, or in the local group file are ignored.
If the password field is empty, no password is demanded.
Because of the encrypted passwords, the group file can and does have general read permission and can be used, for example, to map numerical group ID to names.
During user identification and authentication, the supplementary group access list is initialized sequentially from information in this file. If a user is in more groups than the system is configured for, {NGROUPS_MAX}, a warning will be given and subsequent group specifications will be ignored.
When the Network Information Service (NIS) is in use, the local /etc/group file is consulted first, then the NIS map group.bygid or group.byname on the NIS server.