| blob | 296d5f757d1bbc5a5ef3eb99672e91ef88041d70 |
1 .\" $NetBSD: group.5,v 1.18 2007/06/21 15:12:59 ginsbach Exp $
2 .\"
3 .\" Copyright (c) 1980, 1991, 1993
4 .\" The Regents of the University of California. All rights reserved.
5 .\"
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
8 .\" are met:
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the University nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
17 .\"
18 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" SUCH DAMAGE.
29 .\"
30 .\" Portions Copyright(c) 1994, Jason Downs. All rights reserved.
31 .\"
32 .\" Redistribution and use in source and binary forms, with or without
33 .\" modification, are permitted provided that the following conditions
34 .\" are met:
35 .\" 1. Redistributions of source code must retain the above copyright
36 .\" notice, this list of conditions and the following disclaimer.
37 .\" 2. Redistributions in binary form must reproduce the above copyright
38 .\" notice, this list of conditions and the following disclaimer in the
39 .\" documentation and/or other materials provided with the distribution.
40 .\"
41 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
42 .\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
43 .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
44 .\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
45 .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
46 .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
47 .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
48 .\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 .\" SUCH DAMAGE.
52 .\"
53 .\" @(#)group.5 8.3 (Berkeley) 4/19/94
54 .\"
55 .Dd June 21, 2007
56 .Dt GROUP 5
57 .Os
58 .Sh NAME
59 .Nm group
60 .Nd format of the group permissions file
61 .Sh DESCRIPTION
62 The
63 .Nm
64 file
65 .Pa /etc/group
66 is the local source of group information.
67 It can be used in conjunction with the Hesiod domain
68 .Sq group ,
69 and the
70 .Tn NIS
71 maps
72 .Sq group.byname
73 and
74 .Sq group.bygid ,
75 as controlled by
76 .Xr nsswitch.conf 5 .
77 .Pp
78 The
79 .Nm
80 file consists of newline separated
81 .Tn ASCII
82 records, usually one per group, containing four colon
83 .Ql \&:
84 separated fields.
85 Each line has the form:
86 .Dl group:passwd:gid:[member[,member]...]
87 .Pp
88 These fields are as follows:
89 .Bl -tag -width password -offset indent -compact
90 .It Em group
91 Name of the group.
92 .It Em passwd
93 Group's
94 .Em encrypted
95 password.
96 .It Em gid
97 The group's decimal ID.
98 .It Em member
99 Group members.
100 .El
101 .Pp
102 The
103 .Em group
104 field is the group name used for granting file access to users
105 who are members of the group.
106 .Pp
107 The
108 .Em gid
109 field is the number associated with the group name.
110 They should both be unique across the system (and often
111 across a group of systems) since they control file access.
112 .Pp
113 The
114 .Em passwd
115 field
116 is an optional
117 .Em encrypted
118 password.
119 This field is rarely used
120 and an asterisk is normally placed in it rather than leaving it blank.
121 .Pp
122 The
123 .Em member
124 field contains the names of users granted the privileges of
125 .Em group .
126 The member names are separated by commas without spaces or newlines.
127 A user is automatically in a group if that group was specified
128 in their
129 .Pa /etc/passwd
130 entry and does not need to be added to that group in the
131 .Pa /etc/group
132 file.
133 .Pp
134 Very large groups can be accommodated over multiple lines by specifying the
135 same group name in all of them; other than this, each line has an identical
136 format to that described above.
137 This can be necessary to avoid the record's length limit, which is currently
138 set to 1024 characters.
139 Note that the limit can be queried through
140 .Xr sysconf 3
141 by using the
142 .Li _SC_GETGR_R_SIZE_MAX
143 parameter.
144 For example:
145 .Bd -literal -offset indent
146 biggrp:*:1000:user001,user002,user003,...,user099,user100
147 biggrp:*:1000:user101,user102,user103,...
148 .Ed
149 .Pp
150 The group with the name
151 .Dq wheel
152 has a special meaning to the
153 .Xr su 1
154 command: if it exists and has any members, only users listed in that group
155 are allowed to
156 .Nm su
157 to
158 .Dq root .
159 .Sh HESIOD SUPPORT
160 If
161 .Sq dns
162 is specified for the
163 .Sq group
164 database in
165 .Xr nsswitch.conf 5 ,
166 then
167 .Nm
168 lookups occur from the
169 .Sq group
170 Hesiod domain.
171 .Sh NIS SUPPORT
172 If
173 .Sq nis
174 is specified for the
175 .Sq group
176 database in
177 .Xr nsswitch.conf 5 ,
178 then
179 .Nm
180 lookups occur from the
181 .Sq group.byname
182 and
183 .Sq group.bygid
184 .Tn NIS
185 map.
186 .Sh COMPAT SUPPORT
187 If
188 .Sq compat
189 is specified for the
190 .Sq group
191 database, and either
192 .Sq dns
193 or
194 .Sq nis
195 is specified for the
196 .Sq group_compat
197 database in
198 .Xr nsswitch.conf 5 ,
199 then the
200 .Nm
201 file may also contain lines of the format
202 .Pp
203 +name:*::
204 .Pp
205 which causes the specified group to be included from the
206 .Sq group
207 Hesiod domain
208 or the
209 .Sq group.byname
210 .Tn NIS
211 map (respectively).
212 .Pp
213 If no group name is specified, or the plus sign
214 .Pq Dq \&+
215 appears alone
216 on line, all groups are included from the
217 Hesiod domain or the
218 .Tn NIS
219 map.
220 .Pp
221 Hesiod or
222 .Tn NIS
223 compat references may appear anywhere in the file, but the single
224 plus sign
225 .Pq Dq \&+
226 form should be on the last line, for historical reasons.
227 Only the first group with a specific name encountered, whether in the
228 .Nm
229 file itself, or included via Hesiod or
230 .Tn NIS ,
231 will be used.
232 .Sh FILES
233 .Bl -tag -width /etc/group -compact
234 .It Pa /etc/group
235 .El
236 .Sh SEE ALSO
237 .Xr newgrp 1 ,
238 .Xr passwd 1 ,
239 .Xr su 1 ,
240 .Xr setgroups 2 ,
241 .Xr crypt 3 ,
242 .Xr initgroups 3 ,
243 .Xr nsswitch.conf 5 ,
244 .Xr passwd 5 ,
245 .Xr yp 8
246 .Sh HISTORY
247 A
248 .Nm
249 file format appeared in
250 .At v6 .
251 .Pp
252 The
253 .Tn NIS
254 file format first appeared in SunOS.
255 .Pp
256 The Hesiod support first appeared in
257 .Nx 1.4 .
258 .Sh BUGS
259 The
260 .Xr passwd 1
261 command does not change the
262 .Nm group
263 passwords.