Contains basic group attributes.
The /etc/group file contains basic group attributes. This is an ASCII file that contains records for system groups. Each record appears on a single line and is the following format:
Name:Password:ID:User1,User2,...,Usern
You must separate each attribute with a colon. Records are separated by new-line characters. The attributes in a record have the following values:
| Name | Specifies a group name that is unique on the system. The name is a string of 8 bytes or less. See the mkgroup command for information on the restrictions for naming groups. |
| Password | Not used. Group administrators are provided instead of group passwords. See the /etc/security/group file for more information. |
| ID | Specifies the group ID. The value is a unique decimal integer string. |
| User1,User2,...,Usern | |
| Identifies a list of one or more users. Separate group member names with commas. Each user must already be defined in the local database configuration files. | |
Do not use a : (colon) in any of the attribute fields. For an example of a record, see the "Examples" section. Additional attributes are defined in the /etc/security/group file.
Note: Certain system-defined group and user names are required for proper installation and update of the system software. Exercise care before replacing the /etc/group file to ensure that no system-supplied groups or users are removed.
You should access the /etc/group file through the system commands and subroutines defined for this purpose. You can use the following commands to manage groups:
To change the Name parameter, you first use the mkgroup command to add a new entry. Then, you use the rmgroup command to remove the old group. To display all the attributes in the file, use the lsgroup command.
You can use the chgroup, chgrpmem, or chuser command to change all user and group attributes. The mkuser command adds a user whose primary group is defined in the /usr/lib/security/mkuser.default file and the rmuser command removes a user. Although you can change the group ID with the chgroup command, this is not recommended.
Access Control: This file should grant read (r) access to all users and grant write (w) access only to the root user and members of the security group.
A typical record looks like the following example for the staff group:
staff:!:1:shadow,cjf
In this example, the GroupID parameter is 1 and the users are defined to be shadow and cjf.
This file is part of Base Operating System (BOS) Runtime.
| /etc/group | Contains basic group attributes. |
| /etc/security/group | Contains the extended attributes of groups. |
| /etc/passwd | Contains the basic attributes of users. |
| /etc/security/passwd | Contains password information. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/security/environ | Contains the environment attributes of users. |
| /etc/security/limits | Contains the process resource limits of users. |
| /etc/security/audit/config | Contains audit system configuration information. |
The chgroup command, chgrpmem command, lsgroup command, mkgroup command, rmgroup command, setgroups command, setsenv command.
The enduserdb subroutine, getgroupattr subroutine, IDtogroup subroutine, nextgroup subroutine, putgroupattr subroutine, setuserdb subroutine.
File and System Security Overview in AIX Version 4.3 System User's Guide: Operating System and Devices.