JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 4: File Formats     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

File Formats

addresses(4)

admin(4)

ai_manifest(4)

alias(4)

aliases(4)

a.out(4)

au(4)

audit_class(4)

audit_event(4)

audit.log(4)

auth_attr(4)

autofs(4)

bart_manifest(4)

bart_rules(4)

bootparams(4)

cardbus(4)

compver(4)

contents(4)

contract(4)

copyright(4)

core(4)

crypt.conf(4)

crypto_certs(4)

dacf.conf(4)

dat.conf(4)

dc_manifest(4)

defaultdomain(4)

default_fs(4)

defaultrouter(4)

depend(4)

device_allocate(4)

device_contract(4)

device_maps(4)

devices(4)

devid_cache(4)

devname_cache(4)

dfstab(4)

dhcp_inittab(4)

dhcp_network(4)

dhcpsvc.conf(4)

dhcptab(4)

dialups(4)

dir(4)

dir_ufs(4)

d_passwd(4)

driver(4)

driver.conf(4)

ds.log(4)

dumpdates(4)

ethers(4)

exec_attr(4)

fbtab(4)

fd(4)

fdi(4)

flash_archive(4)

format.dat(4)

forward(4)

fs(4)

fspec(4)

fstypes(4)

ftp(4)

ftpusers(4)

fx_dptbl(4)

gateways(4)

geniconvtbl(4)

group(4)

gsscred.conf(4)

hba.conf(4)

holidays(4)

hosts(4)

hosts.equiv(4)

ib(4)

idnkit.pc(4)

ike.config(4)

ike.preshared(4)

inetd.conf(4)

inet_type(4)

infiniband_hca_persistent_cache(4)

init.d(4)

inittab(4)

ipaddrsel.conf(4)

ipf(4)

ipf.conf(4)

ipnat(4)

ipnat.conf(4)

ipnodes(4)

ippool(4)

ippool.conf(4)

isa(4)

issue(4)

kadm5.acl(4)

kdc.conf(4)

keytables(4)

krb5.conf(4)

label_encodings(4)

ldapfilter.conf(4)

ldapsearchprefs.conf(4)

ldaptemplates.conf(4)

llc2(4)

logadm.conf(4)

logindevperm(4)

loginlog(4)

magic(4)

md.cf(4)

mddb.cf(4)

mdi_ib_cache(4)

mdi_scsi_vhci_cache(4)

md.tab(4)

mech(4)

meddb(4)

mnttab(4)

mod_ipp(4)

mpapi.conf(4)

named.conf(4)

ncad_addr(4)

nca.if(4)

ncakmod.conf(4)

ncalogd.conf(4)

ncaport.conf(4)

ndmp(4)

ndpd.conf(4)

netconfig(4)

netgroup(4)

netid(4)

netmasks(4)

netrc(4)

networks(4)

nfs(4)

nfslog.conf(4)

nfssec.conf(4)

NISLDAPmapping(4)

nodename(4)

nologin(4)

note(4)

notrouter(4)

nscd.conf(4)

nss(4)

nsswitch.conf(4)

packingrules(4)

pam.conf(4)

pam.d(4)

passwd(4)

path_to_inst(4)

pci(4)

pcie(4)

pci_unitaddr_persistent(4)

phones(4)

pkginfo(4)

pkgmap(4)

plot(4B)

policy.conf(4)

priv_names(4)

proc(4)

process(4)

prof_attr(4)

profile(4)

project(4)

protocols(4)

prototype(4)

pseudo(4)

publickey(4)

qop(4)

queuedefs(4)

rcmscript(4)

rdc.cf(4)

registration_profile(4)

remote(4)

resolv.conf(4)

rhosts(4)

rmtab(4)

rndc.conf(4)

rpc(4)

rt_dptbl(4)

sasl_appname.conf(4)

sbus(4)

sccsfile(4)

scsi(4)

securenets(4)

sel_config(4)

sendmail(4)

sendmail.cf(4)

service_bundle(4)

service_provider.conf(4)

services(4)

shadow(4)

sharetab(4)

shells(4)

slp.conf(4)

slpd.reg(4)

smb(4)

smbautohome(4)

smhba.conf(4)

snapshot_cache(4)

sndr(4)

sock2path.d(4)

space(4)

ssh_config(4)

sshd_config(4)

submit.cf(4)

sulog(4)

sysbus(4)

syslog.conf(4)

system(4)

telnetrc(4)

term(4)

terminfo(4)

TIMEZONE(4)

timezone(4)

TrustedExtensionsPolicy(4)

ts_dptbl(4)

ttydefs(4)

ttysrch(4)

ufsdump(4)

updaters(4)

user_attr(4)

utmp(4)

utmpx(4)

vfstab(4)

volume-config(4)

volume-defaults(4)

volume-request(4)

wanboot.conf(4)

warn.conf(4)

wtmp(4)

wtmpx(4)

ypfiles(4)

yppasswdd(4)

ypserv(4)

zoneinfo(4)

group

- group file

Description

The group file is a local source of group information. The group file can be used in conjunction with other group sources, including the NIS maps, group.byname and group.bygid, or group information stored on an LDAP server. Programs use the getgrnam(3C) routines to access this information.

The group file contains a one-line entry for each group recognized by the system, of the form:

groupname:password: gid:user-list

where

groupname

The name of the group. A string consisting of lower case alphabetic characters and numeric characters. Neither a colon (:) nor a NEWLINE can be part of a groupname. The string can not exceed, MAXGLEN-1, which is usually eight characters.

gid

The group's unique numerical ID (GID) within the system.

user-list

A comma-separated list of users allowed in the group.

The maximum value of the gid field is 2147483647. To maximize interoperability and compatibility, administrators are recommended to assign groups using the range of GIDs below 60000 where possible.

A password can be demanded by newgrp(1) if the group password field is not empty. The only way to create a password for a group is to use passwd(1), then cut and paste the password from /etc/shadow to /etc/group. Group passwords are antiquated and not often used.

During user identification and authentication, the supplementary group access list is initialized sequentially from information in this file. If a user is in more groups than the system is configured for, {NGROUPS_MAX}, a warning is given and subsequent group specifications is ignored.

Malformed entries cause routines that read this file to halt, in which case group assignments specified further along are never made. To prevent this from happening, use grpck(1M) to check the /etc/group database from time to time.

If the number of characters in an entry exceeds 2047, group maintenance commands, such as groupdel(1M) and groupmod(1M), fail.

Previous releases used a group entry beginning with a `+' (plus sign) or `-' (minus sign) to selectively incorporate entries from a naming service source (for example, an NIS map or data from an LDAP server) for group. If still required, this is supported by specifying group:compat in nsswitch.conf(4). The compat source might not be supported in future releases. A possible sources is files followed by ldap. This has the effect of incorporating information from an LDAP server after the group file.

Examples

Example 1 An Example group File

The following is an example of a group file:

root::0:root
stooges:q.mJzTnu8icF.:10:larry,moe,curly

and the sample group entry from nsswitch.conf:

group: files ldap

With these entries, the group stooges has members larry, moe, and curly, and all groups listed on the LDAP server are effectively incorporated after the entry for stooges.

If the group file was:

root::0:root
stooges:q.mJzTnu8icF.:10:larry,moe,curly
+:

and the group entry from nsswitch.conf:

group: compat

all the groups listed in the NIS group.bygid and group.byname maps would be effectively incorporated after the entry for stooges.

See Also

groups(1), newgrp(1), groupadd(1M), groupdel(1M), groupmod(1M), grpck(1M), getgrnam(3C), initgroups(3C), nsswitch.conf(4), unistd.h(3HEAD)

Oracle Solaris Administration: Common Tasks

Notes

An administrator must have solaris.group.manage authorization to add a new group. An administrator can add a user to any group or modify any group for which it has a matching authorization of the form solaris.group.assign/groupname. An administrator must have both solaris.group.manage and either solaris.group.assign or an authorization of the form solaris.group.assign/groupname to delete a group.