1.\" $NetBSD: group.5,v 1.12 2000/11/17 10:14:17 lukem Exp $ 2.\" 3.\" Copyright (c) 1980, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" Portions Copyright(c) 1994, Jason Downs. All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 3. All advertising materials mentioning features or use of this software 16.\" must display the following acknowledgement: 17.\" This product includes software developed by the University of 18.\" California, Berkeley and its contributors. 19.\" 4. Neither the name of the University nor the names of its contributors 20.\" may be used to endorse or promote products derived from this software 21.\" without specific prior written permission. 22.\" 23.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33.\" SUCH DAMAGE. 34.\" 35.\" @(#)group.5 8.3 (Berkeley) 4/19/94 36.\" 37.Dd November 17, 2000 38.Dt GROUP 5 39.Os 40.Sh NAME 41.Nm group 42.Nd format of the group permissions file 43.Sh DESCRIPTION 44The 45.Nm 46file 47.Pa /etc/group 48is the local source of group information. 49It can be used in conjunction with the Hesiod domain 50.Sq group , 51and the 52.Tn NIS 53maps 54.Sq group.byname 55and 56.Sq group.bygid , 57as controlled by 58.Xr nsswitch.conf 5 . 59.Pp 60The 61.Nm 62file consists of newline separated 63.Tn ASCII 64records, one per group, containing four colon 65.Ql \&: 66separated fields. 67Each line has the form: 68.Dl group:passwd:gid:[member[,member]...] 69.Pp 70These fields are as follows: 71.Bl -tag -width password -offset indent -compact 72.It Em group 73Name of the group. 74.It Em passwd 75Group's 76.Em encrypted 77password. 78.It Em gid 79The group's decimal ID. 80.It Em member 81Group members. 82.El 83.Pp 84The 85.Em group 86field is the group name used for granting file access to users 87who are members of the group. 88.Pp 89The 90.Em gid 91field is the number associated with the group name. 92They should both be unique across the system (and often 93across a group of systems) since they control file access. 94.Pp 95The 96.Em passwd 97field 98is an optional 99.Em encrypted 100password. 101This field is rarely used 102and an asterisk is normally placed in it rather than leaving it blank. 103.Pp 104The 105.Em member 106field contains the names of users granted the privileges of 107.Em group . 108The member names are separated by commas without spaces or newlines. 109A user is automatically in a group if that group was specified 110in their 111.Pa /etc/passwd 112entry and does not need to be added to that group in the 113.Pa /etc/group file. 114.Pp 115The group with the name 116.Dq wheel 117has a special meaning to the 118.Xr su 1 119command: if it exists and has any members, only users listed in that group 120are allowed to 121.Nm su 122to 123.Dq root . 124.Sh HESIOD SUPPORT 125If 126.Sq dns 127is specified for the 128.Sq group 129database in 130.Xr nsswitch.conf 5 , 131then 132.Nm 133lookups occur from the 134.Sq group 135Hesiod domain. 136.Sh NIS SUPPORT 137If 138.Sq nis 139is specified for the 140.Sq group 141database in 142.Xr nsswitch.conf 5 , 143then 144.Nm 145lookups occur from the 146.Sq group.byname 147and 148.Sq group.bygid 149.Tn NIS 150map. 151.Sh COMPAT SUPPORT 152If 153.Sq compat 154is specified for the 155.Sq group 156database, and either 157.Sq dns 158or 159.Sq nis 160is specified for the 161.Sq group_compat 162database in 163.Xr nsswitch.conf 5 , 164then the 165.Nm 166file may also contain lines of the format 167.Pp 168+name:*:: 169.Pp 170which causes the specified group to be included from the 171.Sq group 172Hesiod domain 173or the 174.Sq group.byname 175.Tn NIS 176map (respectively). 177.Pp 178If no group name is specified, or the plus sign 179.Pq Dq \&+ 180appears alone 181on line, all groups are included from the 182Hesiod domain or the 183.Tn NIS 184map. 185.Pp 186Hesiod or 187.Tn NIS 188compat references may appear anywhere in the file, but the single 189plus sign 190.Pq Dq \&+ 191form should be on the last line, for historical reasons. 192Only the first group with a specific name encountered, whether in the 193.Nm 194file itself, or included via Hesiod or 195.Tn NIS , 196will be used. 197.Sh FILES 198.Bl -tag -width /etc/group -compact 199.It Pa /etc/group 200.El 201.Sh SEE ALSO 202.Xr passwd 1 , 203.Xr su 1 , 204.Xr setgroups 2 , 205.Xr initgroups 3 , 206.Xr crypt 3 , 207.Xr nsswitch.conf 5 , 208.Xr passwd 5 , 209.Xr yp 8 210.Sh BUGS 211The 212.Xr passwd 1 213command does not change the 214.Nm group 215passwords. 216.Sh HISTORY 217A 218.Nm 219file format appeared in 220.At v6 . 221.Pp 222The 223.Tn NIS 224file format first appeared in SunOS. 225.Pp 226The Hesiod support first appeared in 227.Nx 1.4 . 228