group
Purpose
Identifies a group.
Description
Users can be assigned to one or more groups, each of
which share certain protection privileges. The person
who sets up the system may want to place users in the
same group because they need access to a common set of
files. Similarly, a certain group of users can have
access restricted to certain files.
When users log in, they are assigned to the group speci-
fied in the password file. In addition, they are
assigned as a member of all groups specified in this
file. Users are allowed to access to any files that the
group to which they are assigned has access. However,
any files created by the user can be accessed only by the
members of the primary group of which that user is a
member. A user is allowed to change his primary group
for the duration of the terminal session using the newgrp
command.
The group file defines to which groups a user has member-
ship. Each line in this file defines a group and con-
sists of four fields separated by colons. It contains
the following information for each group:
group name A character string of up to 8 charac-
ters that references the group.
password This field is &c2del. optional. If
specified, anyone attempting to enter
the group must correctly supply the
password to the system. &c2off.
&c2ins. not used. (See "s_group" for
information on the group pasword file.)
&c2off.
group ID A number assigned to the group and used
in access decisions.
user group list A list that specifies the login names
of all users allowed in the group.
User IDs in the list are separated by
commas. The user group list may
contain up to 500 eight-character login
names.
In newly distributed systems, there are typically only
two groups: the staff group and the system group. New
users can be added to groups and new groups can be added
as necessary.
If several users wish to share the same privileges,
including the ability to terminate each other's processes
as well as to access the files of others, the same numer-
ical user ID can be assigned to each. This mechanism is
sometimes used to give the same person several accounts
on the system, each with potentially different login
directories and other characteristics, such as electronic
mailboxes or login programs. For example, the operator
has the same user ID, and therefore superuser authority.
However, this operator typically uses a restricted
version of the shell that does not give access to com-
mands that allow reading the files of others.
Example
The following is an example of a group file. This is an
ASCII file. Each group is separated from the next by a
new-line character. The fields are separated by colons.
This file resides in /etc/group. Because the password is
encrypted, it can be used to map numerical group IDs to
names without concern of compromise to user security.
system::0:su,bill,jack,gary
staff::1:
bin::2:su,bin
sys::3:su,bin.sys
adm::4:su,bin,adm
mail::6:su
usr::100:guest
File
/etc/group
Related Information
In this book: "passwd."
The newgrp, passwd, and users commands in AIX Operating
System Commands Reference.