- modify a group definition on the system
/usr/sbin/groupmod [-S repository] [-g gid [-o]] [-n name] [-U [+|-]user1[,user2]...] group
The groupmod command modifies the definition of the specified group by modifying the appropriate entry in the group database in the repository.
An administrator can modify any group for which it has a matching authorization of the form solaris.group.assign/groupname. This authorization is automatically assigned to the administrator who created the group. An administrator must have solaris.group.assign authorization to modify all other groups.
The following options are supported:
Specify the new group ID for the group. This group ID must be a non-negative decimal integer less than MAXUID, as defined in <param.h>. The group ID defaults to the next available (unique) number above 99. (Group IDs from 0-99 are reserved by SunOS for future applications.)
Specify the new name for the group. The name argument is a string of no more than eight bytes consisting of characters from the set of lower case alphabetic characters and numeric characters. A warning message will be written if these restrictions are not met. A future Solaris release may refuse to accept group fields that do not meet these requirements. The name argument must contain at least one character and must not include a colon (:) or NEWLINE (\n).
Allow the gid to be duplicated (non-unique). An administrator must have solaris.group.assign authorization to use this option.
The valid repositories are files and ldap. The repository specifies which name service will be updated. When repository is not specified, groupmod consults nsswitch.conf(4). When the repository is files, the user name and other items can be present in other name service repositories and can be assigned to a group in the files repository. When the repository is ldap, all the assignable attributes must be present in the ldap repository.
Updates the list of users for the group as follows:
A prefix + before the list adds that list to existing users list.
A prefix - before the list removes each user in the list from the existing users list.
With no prefix before the list, replaces the existing users list with the new list of users specified.
The following operands are supported:
An existing group name to be modified.
The groupmod utility exits with one of the following values:
Invalid command syntax. A usage message for the groupmod command is displayed.
An invalid argument was provided to an option.
gid is not unique (when the -o option is not used).
group does not exist.
name already exists as a group name.
Cannot update the /etc/group file.
See attributes(5) for descriptions of the following attributes:
The groupmod utility only modifies group definitions in the group database in the repository. If a network name service such as NIS is being used to supplement the local /etc/group file with additional entries, groupmod cannot change information supplied by the network name service. groupmod verifies the uniqueness of group name and group ID against the external name service and uses the entries in the files repository.
groupmod fails if a group entry (a single line in /etc/group) exceeds 2047 characters.