264 lines
6.8 KiB
Groff
264 lines
6.8 KiB
Groff
.\" $NetBSD: group.5,v 1.18 2007/06/21 15:12:59 ginsbach Exp $
|
|
.\"
|
|
.\" Copyright (c) 1980, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" Portions Copyright(c) 1994, Jason Downs. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
|
|
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
|
|
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)group.5 8.3 (Berkeley) 4/19/94
|
|
.\"
|
|
.Dd June 21, 2007
|
|
.Dt GROUP 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm group
|
|
.Nd format of the group permissions file
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
file
|
|
.Pa /etc/group
|
|
is the local source of group information.
|
|
It can be used in conjunction with the Hesiod domain
|
|
.Sq group ,
|
|
and the
|
|
.Tn NIS
|
|
maps
|
|
.Sq group.byname
|
|
and
|
|
.Sq group.bygid ,
|
|
as controlled by
|
|
.Xr nsswitch.conf 5 .
|
|
.Pp
|
|
The
|
|
.Nm
|
|
file consists of newline separated
|
|
.Tn ASCII
|
|
records, usually one per group, containing four colon
|
|
.Ql \&:
|
|
separated fields.
|
|
Each line has the form:
|
|
.Dl group:passwd:gid:[member[,member]...]
|
|
.Pp
|
|
These fields are as follows:
|
|
.Bl -tag -width password -offset indent -compact
|
|
.It Em group
|
|
Name of the group.
|
|
.It Em passwd
|
|
Group's
|
|
.Em encrypted
|
|
password.
|
|
.It Em gid
|
|
The group's decimal ID.
|
|
.It Em member
|
|
Group members.
|
|
.El
|
|
.Pp
|
|
The
|
|
.Em group
|
|
field is the group name used for granting file access to users
|
|
who are members of the group.
|
|
.Pp
|
|
The
|
|
.Em gid
|
|
field is the number associated with the group name.
|
|
They should both be unique across the system (and often
|
|
across a group of systems) since they control file access.
|
|
.Pp
|
|
The
|
|
.Em passwd
|
|
field
|
|
is an optional
|
|
.Em encrypted
|
|
password.
|
|
This field is rarely used
|
|
and an asterisk is normally placed in it rather than leaving it blank.
|
|
.Pp
|
|
The
|
|
.Em member
|
|
field contains the names of users granted the privileges of
|
|
.Em group .
|
|
The member names are separated by commas without spaces or newlines.
|
|
A user is automatically in a group if that group was specified
|
|
in their
|
|
.Pa /etc/passwd
|
|
entry and does not need to be added to that group in the
|
|
.Pa /etc/group
|
|
file.
|
|
.Pp
|
|
Very large groups can be accommodated over multiple lines by specifying the
|
|
same group name in all of them; other than this, each line has an identical
|
|
format to that described above.
|
|
This can be necessary to avoid the record's length limit, which is currently
|
|
set to 1024 characters.
|
|
Note that the limit can be queried through
|
|
.Xr sysconf 3
|
|
by using the
|
|
.Li _SC_GETGR_R_SIZE_MAX
|
|
parameter.
|
|
For example:
|
|
.Bd -literal -offset indent
|
|
biggrp:*:1000:user001,user002,user003,...,user099,user100
|
|
biggrp:*:1000:user101,user102,user103,...
|
|
.Ed
|
|
.Pp
|
|
The group with the name
|
|
.Dq wheel
|
|
has a special meaning to the
|
|
.Xr su 1
|
|
command: if it exists and has any members, only users listed in that group
|
|
are allowed to
|
|
.Nm su
|
|
to
|
|
.Dq root .
|
|
.Sh HESIOD SUPPORT
|
|
If
|
|
.Sq dns
|
|
is specified for the
|
|
.Sq group
|
|
database in
|
|
.Xr nsswitch.conf 5 ,
|
|
then
|
|
.Nm
|
|
lookups occur from the
|
|
.Sq group
|
|
Hesiod domain.
|
|
.Sh NIS SUPPORT
|
|
If
|
|
.Sq nis
|
|
is specified for the
|
|
.Sq group
|
|
database in
|
|
.Xr nsswitch.conf 5 ,
|
|
then
|
|
.Nm
|
|
lookups occur from the
|
|
.Sq group.byname
|
|
and
|
|
.Sq group.bygid
|
|
.Tn NIS
|
|
map.
|
|
.Sh COMPAT SUPPORT
|
|
If
|
|
.Sq compat
|
|
is specified for the
|
|
.Sq group
|
|
database, and either
|
|
.Sq dns
|
|
or
|
|
.Sq nis
|
|
is specified for the
|
|
.Sq group_compat
|
|
database in
|
|
.Xr nsswitch.conf 5 ,
|
|
then the
|
|
.Nm
|
|
file may also contain lines of the format
|
|
.Pp
|
|
+name:*::
|
|
.Pp
|
|
which causes the specified group to be included from the
|
|
.Sq group
|
|
Hesiod domain
|
|
or the
|
|
.Sq group.byname
|
|
.Tn NIS
|
|
map (respectively).
|
|
.Pp
|
|
If no group name is specified, or the plus sign
|
|
.Pq Dq \&+
|
|
appears alone
|
|
on line, all groups are included from the
|
|
Hesiod domain or the
|
|
.Tn NIS
|
|
map.
|
|
.Pp
|
|
Hesiod or
|
|
.Tn NIS
|
|
compat references may appear anywhere in the file, but the single
|
|
plus sign
|
|
.Pq Dq \&+
|
|
form should be on the last line, for historical reasons.
|
|
Only the first group with a specific name encountered, whether in the
|
|
.Nm
|
|
file itself, or included via Hesiod or
|
|
.Tn NIS ,
|
|
will be used.
|
|
.Sh FILES
|
|
.Bl -tag -width /etc/group -compact
|
|
.It Pa /etc/group
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr passwd 1 ,
|
|
.Xr newgrp 1 ,
|
|
.Xr su 1 ,
|
|
.Xr setgroups 2 ,
|
|
.Xr crypt 3 ,
|
|
.Xr initgroups 3 ,
|
|
.Xr nsswitch.conf 5 ,
|
|
.Xr passwd 5 ,
|
|
.Xr yp 8
|
|
.Sh HISTORY
|
|
A
|
|
.Nm
|
|
file format appeared in
|
|
.At v6 .
|
|
.Pp
|
|
The
|
|
.Tn NIS
|
|
file format first appeared in SunOS.
|
|
.Pp
|
|
The Hesiod support first appeared in
|
|
.Nx 1.4 .
|
|
.Sh BUGS
|
|
The
|
|
.Xr passwd 1
|
|
command does not change the
|
|
.Nm group
|
|
passwords.
|