1.\" $OpenBSD: group.5,v 1.13 2009/03/27 12:31:31 schwarze Exp $ 2.\" $NetBSD: group.5,v 1.4 1995/07/28 06:41:39 phil Exp $ 3.\" 4.\" Copyright (c) 1980, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" Portions Copyright(c) 1994, Jason Downs. All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 3. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)group.5 8.3 (Berkeley) 4/19/94 33.\" 34.Dd $Mdocdate: March 27 2009 $ 35.Dt GROUP 5 36.Os 37.Sh NAME 38.Nm group 39.Nd format of the group permissions file 40.Sh DESCRIPTION 41The file 42.Pa /etc/group 43consists of newline separated 44.Tn ASCII 45records, one per group, containing four colon 46.Pq Ql \&: 47separated fields. 48These fields are as follows: 49.Pp 50.Bl -tag -width password -offset indent -compact 51.It group 52Name of the group. 53.It passwd 54Group's encrypted password. 55.It gid 56The group's decimal ID. 57.It member 58Group members. 59.El 60.Pp 61The 62.Ar group 63field is the group name used for granting file access to users 64who are members of the group. 65The 66.Ar gid 67field is the number associated with the group name. 68They should both be unique across the system (and often 69across a group of systems) since they control file access. 70The 71.Ar passwd 72field is an optional encrypted password. 73This field is rarely used and an asterisk is normally placed in it 74rather than leaving it blank. 75The 76.Ar member 77field contains the names of users granted the privileges of 78.Ar group . 79The member names are separated by commas without spaces or newlines. 80A user is automatically in a group if that group was specified in their 81.Pa /etc/passwd 82entry and does not need to be added to that group in the 83.Pa /etc/group 84file. 85.\" .Pp 86.\" When the system reads the file 87.\" .Pa /etc/group 88.\" the fields are read into the structure 89.\" .Fa group 90.\" declared in 91.\" .Aq Pa grp.h : 92.\" .Bd -literal -offset indent 93.\" struct group { 94.\" char *gr_name; /* group name */ 95.\" char *gr_passwd; /* group password */ 96.\" int gr_gid; /* group id */ 97.\" char **gr_mem; /* group members */ 98.\" }; 99.\" .Ed 100.Sh YP SUPPORT 101If YP is active, the 102.Nm 103file may also contain lines of the format 104.Bd -literal -offset indent 105+name:*:: 106.Ed 107.Pp 108which causes the specified group to be included from the 109.Pa group.byname 110YP map. 111If no group name is specified, or the 112.Ql + 113(plus sign) appears alone on a line, all groups are included from the YP map. 114.Pp 115YP references may appear anywhere in the file, but the single 116.Ql + 117form should be on the last line, for historical reasons. 118Only the first group with a specific name encountered, whether in the 119.Nm 120file itself, or included via YP, will be used. 121.Pp 122Proper YP group support requires consistent 123.Pa group.byname , 124.Pa group.bygid 125and 126.Pa netid.byname 127YP maps. 128See 129.Xr getgrent 3 130and 131.Xr getgrouplist 3 132for details. 133.Pp 134When YP is enabled but temporarily unavailable, login becomes impossible 135for all users except those having an entry in the 136.Xr netid 5 137file. 138.Sh FILES 139.Bl -tag -width /etc/group -compact 140.It Pa /etc/group 141.El 142.Sh SEE ALSO 143.Xr passwd 1 , 144.Xr setgroups 2 , 145.Xr crypt 3 , 146.Xr initgroups 3 , 147.Xr netid 5 , 148.Xr passwd 5 , 149.Xr yp 8 150.Sh HISTORY 151A 152.Nm 153file format appeared in 154.At v6 . 155.Pp 156The YP file format first appeared in SunOS. 157.Sh BUGS 158The 159.Xr passwd 1 160command does not change the 161.Nm 162passwords. 163.Pp 164Lines in 165.Pa /etc/group 166are limited to 1024 characters. 167YP groups are not affected by this limit. 168.Pp 169Groups are limited to a maximum of 200 members per group. 170