Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
GROUP(5) File Formats Manual GROUP(5)
NAME
group - format of the group permissions file
DESCRIPTION
The group file /etc/group is the local source of group information. It
can be used in conjunction with the Hesiod domain `group', and the NIS
maps `group.byname' and `group.bygid', as controlled by nsswitch.conf(5).
The group file consists of newline separated ASCII records, usually one
per group, containing four colon `:' separated fields. Each line has the
form:
group:passwd:gid:[member[,member]...]
These fields are as follows:
group Name of the group.
passwd Group's encrypted password.
gid The group's decimal ID.
member Group members.
The group field is the group name used for granting file access to users
who are members of the group.
The gid field is the number associated with the group name. They should
both be unique across the system (and often across a group of systems)
since they control file access.
The passwd field is an optional encrypted password. This field is rarely
used and an asterisk is normally placed in it rather than leaving it
blank.
The member field contains the names of users granted the privileges of
group. The member names are separated by commas without spaces or
newlines. A user is automatically in a group if that group was specified
in their /etc/passwd entry and does not need to be added to that group in
the /etc/group file.
Very large groups can be accommodated over multiple lines by specifying
the same group name in all of them; other than this, each line has an
identical format to that described above. This can be necessary to avoid
the record's length limit, which is currently set to 1024 characters.
Note that the limit can be queried through sysconf(3) by using the
_SC_GETGR_R_SIZE_MAX parameter. For example:
biggrp:*:1000:user001,user002,user003,...,user099,user100
biggrp:*:1000:user101,user102,user103,...
The group with the name "wheel" has a special meaning to the su(1)
command: if it exists and has any members, only users listed in that
group are allowed to su to "root".
HESIOD SUPPORT
If `dns' is specified for the `group' database in nsswitch.conf(5), then
group lookups occur from the `group' Hesiod domain.
NIS SUPPORT
If `nis' is specified for the `group' database in nsswitch.conf(5), then
group lookups occur from the `group.byname' and `group.bygid' NIS map.
COMPAT SUPPORT
If `compat' is specified for the `group' database, and either `dns' or
`nis' is specified for the `group_compat' database in nsswitch.conf(5),
then the group file may also contain lines of the format
+name:*::
which causes the specified group to be included from the `group' Hesiod
domain or the `group.byname' NIS map (respectively).
If no group name is specified, or the plus sign ("+") appears alone on
line, all groups are included from the Hesiod domain or the NIS map.
Hesiod or NIS compat references may appear anywhere in the file, but the
single plus sign ("+") form should be on the last line, for historical
reasons. Only the first group with a specific name encountered, whether
in the group file itself, or included via Hesiod or NIS, will be used.
FILES
/etc/group
SEE ALSO
newgrp(1), passwd(1), su(1), setgroups(2), crypt(3), initgroups(3),
nsswitch.conf(5), passwd(5), yp(8)
HISTORY
A group file format appeared in Version 6 AT&T UNIX.
The NIS file format first appeared in SunOS.
The Hesiod support first appeared in NetBSD 1.4.
BUGS
The passwd(1) command does not change the group passwords.
NetBSD 10.99 June 21, 2007 NetBSD 10.99