|HP-UX Reference > G
group(4)HP-UX 11i Version 3: February 2007
group, logingroup — group file, grp.h
group contains for each group the following information:
This is an ASCII file. Fields are separated by colons, and each group is separated from the next by a new-line. No spaces should separate the fields or parts of fields on any line. If the password field is null, no password is associated with the group.
There are two files of this form in the system, /etc/group and /etc/logingroup. The file /etc/group exists to supply names for each group, and to support changing groups by means of the newgrp utility (see newgrp(1)). /etc/logingroup provides a default group access list for each user via login and initgroups() (see login(1) and initgroups(3C)).
The real and effective group ID set up by login for each user is defined in /etc/passwd (see passwd(4)). If /etc/logingroup is empty, the default group access list is empty. If /etc/logingroup and /etc/group are links to the same file, the default access list includes the entire set of groups associated with the user. The group name and password fields in /etc/logingroup are never used; they are included only to give the two files a uniform format, allowing them to be linked together.
All group IDs used in /etc/logingroup or /etc/passwd should be defined in /etc/group. No user should be associated with more than NGROUPS_MAX (see setgroups(2)) groups in /etc/logingroup.
These files reside in directory /etc. Because of the encrypted passwords, these files can and do have general read permission and can be used, for example, to map numerical group IDs to names.
The group structure is defined in <grp.h> and includes the following members:
char *gr_name; /* the name of the group */ char *gr_passwd; /* the encrypted group password */ gid_t gr_gid; /* the numerical group ID */ char **gr_mem; /* null-terminated array of pointers to member names */
The /etc/group file can contain a line beginning with a plus (+), which means to incorporate entries from Network Information Services (NIS). There are two styles of + entries: + means to insert the entire contents of NIS group file at that point, and +name means to insert the entry (if any) for name from NIS at that point. If a + entry has a non-null password or group member field, the contents of that field overide what is contained in NIS. The numerical group ID field cannot be overridden.
A group file can also have a line beginning with a minus (-), these entries are used to disallow group entries. There is only one style of - entry; an entry that consists of -name means to disallow any subsequent entry (if any) for name. These entries are disallowed regardless of whether the subsequent entry comes from the NIS or the local group file.
Group files must not contain any blank lines. Blank lines can cause unpredictable behavior in system administration software that uses these files.
Group ID (gid) 9 is reserved for the Pascal Language operating system and the BASIC Language operating system. These are operating systems for Series 300/400 computers that can co-exist with HP-UX on the same disk. Using this gid for other purposes can inhibit file transfer and sharing.
The length of each line in /etc/group is limited to LINE_MAX, as defined in <limits.h>. Because of this limit, users should not be listed in their primary group - only in their additional groups.
If /etc/group is linked to /etc/logingroup, group membership for a user is managed by NIS, and no NIS server is able to respond, that user cannot log in until a server does respond.
There is no single tool available to completely ensure that /etc/passwd, /etc/group, and /etc/logingroup are compatible. However, pwck and grpck can be used to simplify the task (see pwck(1M)).
There is no tool for setting group passwords in /etc/group.
Here is a sample /etc/group file:
other:*:1:root,daemon,uucp,who,date,sync -oldproj bin:*:2:root,bin,daemon,lp +myproject:::bill,steve +:
Group other has a gid of 1 and members root, daemon, uucp, who, date, and sync. The group oldproj is ignored since it appears after the entry -oldproj. Also, the group myproject has members bill and steve, and the password and group ID of the NIS entry for the group myproject. All groups listed in the NIS are pulled in and placed after the entry for myproject.
groups(1), newgrp(1), passwd(1), setgroups(2), crypt(3C), getgrent(3C), initgroups(3C), passwd(4).