rmgroup Command

Purpose

Removes a group.

Syntax

rmgroup [-p] [ -R load_module ] Name

Description

The rmgroup command removes a group specified by the Name parameter. This command deletes all the group attributes as well. To remove a group, the group name must already exist. Users who are group members are not removed from the system.

If the group is the primary group for any user, you cannot remove it unless you redefine the user's primary group with the chuser command. The chuser command alters the /etc/passwd file. Only the root user or a user with GroupAdmin authorization can remove an administrative group or a group with administrative users as members.

For groups that were created with an alternate Identification and Authentication (I&A) mechanism, the -R flag can be used to specify the I&A load module used. Load modules are defined in the /usr/lib/security/methods.cfg file.

You can use the Users application in Web-based System Manager (wsm) to change user characteristics.

You could also use the System Management Interface Tool (SMIT) smit rmgroup fast path to run this command.

Flag

Item Description
-p Removes the group keystore.
-R load_module Specifies the loadable I&A module used to remove a group.

Exit Status

This command returns the following exit values:
Item Description
0 The command executes successfully and all requested changes are made.
>0 An error occurred. The printed error message gives further details about the type of failure.

Security

Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Files Accessed:

Mode File
r /etc/passwd
rw /etc/group
rw /etc/security/group

Auditing Events:

Event Information
GROUP_Remove group

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Limitations

Removing a group may not be supported by all loadable I&A modules. If the loadable I&A module does not support removing a group, an error is reported.

Examples

  1. To remove the finance group, type:
    rmgroup finance
  2. To remove the LDAP I&A loadable module group monsters, type:
    rmgroup -R LDAP monsters

Files

Item Description
/usr/sbin/rmgroup Contains the rmgroup command.
/etc/group Contains the basic attributes of groups.
/etc/security/group Contains the extended attributes of groups.