Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, July 27, 2022



groupmod - modify a group definition on the system


/usr/sbin/groupmod [-S repository] [-g gid [-o]] [-n name]
     [-U [+|-]user1[,user2]...] group


The groupmod command modifies the definition of the specified group by modifying the appropriate entry in the group database in the repository.

An administrator can modify any group for which it has a matching authorization of the form solaris.group.assign/groupname. This authorization is automatically assigned to the administrator who created the group. An administrator must have solaris.group.assign authorization to modify all other groups.


The following options are supported:

–g gid

Specify the new group ID for the group. This group ID must be a non-negative decimal integer less than MAXUID, as defined in <param.h>. The group ID defaults to the next available (unique) number above 99. (Group IDs from 0-99 are reserved by Oracle Solaris for future applications.)

–n name

Specify the new name for the group. The name argument is a string of no more than 32 bytes consisting of characters from the set of ASCII lowercase alphabetic characters and numeric characters. A warning message will be written if these restrictions are not met. A future Oracle Solaris release may refuse to accept group fields that do not meet these requirements. The name argument must contain at least one character and must not include a colon (:) or NEWLINE (\n).


Allow the gid to be duplicated (non-unique). An administrator must have solaris.group.assign authorization to use this option.

–S repository

The repository specifies which name service will be updated. The valid repositories are files and ldap. The default repository is files. When the repository is files, the user names can be present in other name service repositories and can be assigned to a group in the files repository. When the repository is ldap, all the assignable attributes must be present in the ldap repository, and both the LDAP server and client must be configured with enableShadowUpdate. See ldapclient(8) for details.

–U [+|-]user1[,user2]

Updates the list of users for the group as follows:

  • A prefix + before the list adds that list to existing users list.

  • A prefix - before the list removes each user in the list from the existing users list.

  • With no prefix before the list, replaces the existing users list with the new list of users specified.


The following operands are supported:


An existing group name to be modified.

Exit Status

The groupmod utility exits with one of the following values:




Invalid command syntax. A usage message for the groupmod command is displayed.


An invalid argument was provided to an option.


gid is not unique (when the –o option is not used).


group does not exist.


name already exists as a group name.


Cannot update the /etc/group file.



group file


See attributes(7) for descriptions of the following attributes:


See Also

group(5), attributes(7), groupadd(8), groupdel(8), logins(8), useradd(8), userdel(8), usermod(8)


The groupmod utility modifies group definitions in the group database in the repository. If a network name service is being used to supplement the local /etc/group file with additional entries, groupmod verifies the uniqueness of a specified group name and group ID against the external name service and uses the entries in the files repository. The group name should be restricted to the Portable Filename Characters: A-Z, a-z, 0-9, '_', '-', and '.'.

groupmod fails if a group entry (a single line in /etc/group) exceeds 2047 characters.