xref: /netbsd-src/share/man/man5/group.5 (revision 166859c3e105df2d83b25da138ce3604de6586e2)

.\"	$NetBSD: group.5,v 1.19 2009/05/13 22:33:59 wiz Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" Portions Copyright(c) 1994, Jason Downs. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)group.5	8.3 (Berkeley) 4/19/94
.\"
.Dd June 21, 2007
.Dt GROUP 5
.Os
.Sh NAME
.Nm group
.Nd format of the group permissions file
.Sh DESCRIPTION
The
.Nm
file
.Pa /etc/group
is the local source of group information.
It can be used in conjunction with the Hesiod domain
.Sq group ,
and the
.Tn NIS
maps
.Sq group.byname
and
.Sq group.bygid ,
as controlled by
.Xr nsswitch.conf 5 .
.Pp
The
.Nm
file consists of newline separated
.Tn ASCII
records, usually one per group, containing four colon
.Ql \&:
separated fields.
Each line has the form:
.Dl group:passwd:gid:[member[,member]...]
.Pp
These fields are as follows:
.Bl -tag -width password -offset indent -compact
.It Em group
Name of the group.
.It Em passwd
Group's
.Em encrypted
password.
.It Em gid
The group's decimal ID.
.It Em member
Group members.
.El
.Pp
The
.Em group
field is the group name used for granting file access to users
who are members of the group.
.Pp
The
.Em gid
field is the number associated with the group name.
They should both be unique across the system (and often
across a group of systems) since they control file access.
.Pp
The
.Em passwd
field
is an optional
.Em encrypted
password.
This field is rarely used
and an asterisk is normally placed in it rather than leaving it blank.
.Pp
The
.Em member
field contains the names of users granted the privileges of
.Em group .
The member names are separated by commas without spaces or newlines.
A user is automatically in a group if that group was specified
in their
.Pa /etc/passwd
entry and does not need to be added to that group in the
.Pa /etc/group
file.
.Pp
Very large groups can be accommodated over multiple lines by specifying the
same group name in all of them; other than this, each line has an identical
format to that described above.
This can be necessary to avoid the record's length limit, which is currently
set to 1024 characters.
Note that the limit can be queried through
.Xr sysconf 3
by using the
.Li _SC_GETGR_R_SIZE_MAX
parameter.
For example:
.Bd -literal -offset indent
biggrp:*:1000:user001,user002,user003,...,user099,user100
biggrp:*:1000:user101,user102,user103,...
.Ed
.Pp
The group with the name
.Dq wheel
has a special meaning to the
.Xr su 1
command: if it exists and has any members, only users listed in that group
are allowed to
.Nm su
to
.Dq root .
.Sh HESIOD SUPPORT
If
.Sq dns
is specified for the
.Sq group
database in
.Xr nsswitch.conf 5 ,
then
.Nm
lookups occur from the
.Sq group
Hesiod domain.
.Sh NIS SUPPORT
If
.Sq nis
is specified for the
.Sq group
database in
.Xr nsswitch.conf 5 ,
then
.Nm
lookups occur from the
.Sq group.byname
and
.Sq group.bygid
.Tn NIS
map.
.Sh COMPAT SUPPORT
If
.Sq compat
is specified for the
.Sq group
database, and either
.Sq dns
or
.Sq nis
is specified for the
.Sq group_compat
database in
.Xr nsswitch.conf 5 ,
then the
.Nm
file may also contain lines of the format
.Pp
+name:*::
.Pp
which causes the specified group to be included from the
.Sq group
Hesiod domain
or the
.Sq group.byname
.Tn NIS
map (respectively).
.Pp
If no group name is specified, or the plus sign
.Pq Dq \&+
appears alone
on line, all groups are included from the
Hesiod domain or the
.Tn NIS
map.
.Pp
Hesiod or
.Tn NIS
compat references may appear anywhere in the file, but the single
plus sign
.Pq Dq \&+
form should be on the last line, for historical reasons.
Only the first group with a specific name encountered, whether in the
.Nm
file itself, or included via Hesiod or
.Tn NIS ,
will be used.
.Sh FILES
.Bl -tag -width /etc/group -compact
.It Pa /etc/group
.El
.Sh SEE ALSO
.Xr newgrp 1 ,
.Xr passwd 1 ,
.Xr su 1 ,
.Xr setgroups 2 ,
.Xr crypt 3 ,
.Xr initgroups 3 ,
.Xr nsswitch.conf 5 ,
.Xr passwd 5 ,
.Xr yp 8
.Sh HISTORY
A
.Nm
file format appeared in
.At v6 .
.Pp
The
.Tn NIS
file format first appeared in SunOS.
.Pp
The Hesiod support first appeared in
.Nx 1.4 .
.Sh BUGS
The
.Xr passwd 1
command does not change the
.Nm group
passwords.