Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ group_override(5sec) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

group_override(5sec)  —  Macro Packages and Conventions

NAME

group_override - Registry database group override file

DESCRIPTION

The dcelocal/etc/group_override administrative file lets you override the group UNIX ID and member list for a group in the network registry database.  The passwd_override file serves a similar function for principals; see the passwd_override(5sec) reference page for more information. 

Each host machine contains its own group_override file.  Override entries contained in the file take effect transparently, but on the local machine only; they have no effect on the centralized registry.  You may find group_override especially useful for overriding the default group definitions supplied with the registry if they do not match your local UNIX system’s group definitions. 

The group_override File Format

The format of a group_override entry is similar to entries in the UNIX group file.  The format is as follows:

group_name:passwd:group_uid:members

In an override entry, group_name and group_uid are keyfields.  You must enter one of them to identify the group to which the override applies.  The keyfield is used to perform a lookup in the override file.   The lookup is performed in order as the fields are specified in an entry: first by group name, then by group UNIX ID.  If you specify both keyfields in an override entry, the group_name keyfield is used as the lookup key; the group_uid key field is used as an override. 

Field Descriptions

The fields contained in a group_override file are described in the following:

group_nameA keyfield that contains the name that identifies the group to which the override applies. 

passwdThe encrypted password.  If you specify an override in this field, the password you enter is in effect for the local machine only. 

You can also specify OMIT in the passwd field to disallow use of the newgrp command specifying this group on the local machine.  The use of OMIT along with an option to the passwd_export command also omits this group from the group file created by passwd_export.  (See the section Using OMIT for details.) 

group_uidA group UNIX ID.  This field can function as a keyfield when the group_name keyfield is not entered, or as a field specifying an override when entered in conjunction with group_name.  When used in an override entry, this field specifies the ID to be used for the group on the local machine. 

membersThis field specifies a comma-separated list of members of the group.  The contents of this field overrides information in the registry when passwd_export creates an /etc/group file.  Note that to specify a null membership, as opposed to indicating that no override is required (see Leaving Fields Blank), you must specify a ∗ (asterisk) in this field. 

Leaving Fields Blank

If you do not want to override an item, leave its field blank, being sure to use a : (colon) to separate blank fields.  (You must enter one of the keyfields, however, to identify the group for which you are creating overrides.)  You are required to enter the colons associated with any blank trailing fields.  Note that to override a group with a null membership list, you must enter an asterisk in the members field. 

Using OMIT

If you enter either the word OMIT or another invalid password string (such as an asterisk or NO GOOD) in the passwd field for a particular group, users will not be able to issue a newgrp command specifying this group on the local machine.  If you specify OMIT and run passwd_export with the -x option, the named group will not appear in the /etc/group file produced by passwd_export.  You should be aware that if you have omitted groups from the /etc/group file, information about those groups will not be available to any programs that use the group file.  For example, the ls -lg command reads the group file to obtain further information about a group; if no group entry exists in the group file, no information is be available.  For this reason you should use OMIT to omit groups from the /etc/group file only if your user community is very large and either of the following conditions occur:

       •The group file is taking up too much space. 

       •Group-ID-to-name mapping is too slow (during ls -lg, for example). 

EXAMPLES

     1.To override the group ID of group kmem and change it to 3 on the local machine, include the following the entry in the group_override file:

kmem::3:

     2.To override the membership of group system so that it includes only the single account root on the local machine, include the following entry:

system:::root

     3.To prevent users from invoking newgrp to change their primary group identification to the group typists, and to omit this group from the local group file, putOMIT in the passwd field as follows:

typists:OMIT::

Then run the passwd_export command with the ­-x option to omit the group typists from the /etc/passwd file, as follows:

dcelocal/etc/passwd_export -x

RELATED INFORMATION

Commands: rgy_edit(8sec), passwd_export(8sec). 

Files: passwd_override(5sec). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026