1994-05-30 21:09:18 +02:00
|
|
|
.\" Copyright (c) 1980, 1991, 1993
|
|
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the University of
|
|
|
|
.\" California, Berkeley and its contributors.
|
|
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
1994-09-21 00:44:37 +02:00
|
|
|
.\" From: @(#)group.5 8.3 (Berkeley) 4/19/94
|
1997-03-12 15:05:36 +01:00
|
|
|
.\" $Id: group.5,v 1.11 1997/03/12 13:46:15 mpp Exp $
|
1994-05-30 21:09:18 +02:00
|
|
|
.\"
|
1994-09-21 00:44:37 +02:00
|
|
|
.Dd September 29, 1994
|
1994-05-30 21:09:18 +02:00
|
|
|
.Dt GROUP 5
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm group
|
|
|
|
.Nd format of the group permissions file
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
The file
|
|
|
|
.Aq Pa /etc/group
|
|
|
|
consists of newline separated
|
|
|
|
.Tn ASCII
|
|
|
|
records, one per group, containing four colon
|
|
|
|
.Ql \&:
|
|
|
|
separated fields. These fields are as follows:
|
|
|
|
.Bl -tag -width password -offset indent -compact
|
|
|
|
.It group
|
|
|
|
Name of the group.
|
|
|
|
.It passwd
|
|
|
|
Group's
|
|
|
|
.Em encrypted
|
|
|
|
password.
|
|
|
|
.It gid
|
|
|
|
The group's decimal ID.
|
|
|
|
.It member
|
|
|
|
Group members.
|
|
|
|
.El
|
|
|
|
.Pp
|
1997-03-12 14:46:16 +01:00
|
|
|
Lines whose first non-whitespace character is a pound-sign (#)
|
|
|
|
are comments, and are ignored. Blank lines which consist
|
1997-03-12 15:05:36 +01:00
|
|
|
only of spaces, tabs or newlines are also ignored.
|
1997-03-09 13:20:48 +01:00
|
|
|
.Pp
|
1994-05-30 21:09:18 +02:00
|
|
|
The
|
|
|
|
.Ar group
|
|
|
|
field is the group name used for granting file access to users
|
|
|
|
who are members of the group.
|
|
|
|
The
|
|
|
|
.Ar gid
|
|
|
|
field is the number associated with the group name.
|
|
|
|
They should both be unique across the system (and often
|
|
|
|
across a group of systems) since they control file access.
|
|
|
|
The
|
|
|
|
.Ar passwd
|
|
|
|
field
|
|
|
|
is an optional
|
|
|
|
.Em encrypted
|
|
|
|
password.
|
|
|
|
This field is rarely used
|
|
|
|
and an asterisk is normally placed in it rather than leaving it blank.
|
|
|
|
The
|
|
|
|
.Ar member
|
|
|
|
field contains the names of users granted the privileges of
|
|
|
|
.Ar group .
|
|
|
|
The member names are separated by commas without spaces or newlines.
|
|
|
|
A user is automatically in a group if that group was specified
|
|
|
|
in their
|
|
|
|
.Pa /etc/passwd
|
|
|
|
entry and does not need to be added to that group in the
|
|
|
|
.Pa /etc/group file.
|
|
|
|
.\" .Pp
|
|
|
|
.\" When the system reads the file
|
|
|
|
.\" .Pa /etc/group
|
|
|
|
.\" the fields are read into the structure
|
|
|
|
.\" .Fa group
|
|
|
|
.\" declared in
|
|
|
|
.\" .Aq Pa grp.h :
|
|
|
|
.\" .Bd -literal -offset indent
|
|
|
|
.\" struct group {
|
|
|
|
.\" char *gr_name; /* group name */
|
|
|
|
.\" char *gr_passwd; /* group password */
|
|
|
|
.\" int gr_gid; /* group id */
|
|
|
|
.\" char **gr_mem; /* group members */
|
|
|
|
.\" };
|
|
|
|
.\" .Ed
|
1994-09-21 00:44:37 +02:00
|
|
|
.Sh YP/NIS INTERACTION
|
|
|
|
The
|
|
|
|
.Pa /etc/group
|
|
|
|
file can be configured to enable the YP/NIS group database.
|
|
|
|
An entry whose
|
|
|
|
.Ar name
|
|
|
|
field consists of a plus sign (`+') followed by a group name, will be
|
|
|
|
replaced internally to the C library with the YP/NIS group entry for the
|
|
|
|
named group. An entry whose
|
|
|
|
.Ar name
|
|
|
|
field consists of a single plus sign with no group name following,
|
|
|
|
will be replaced with the entire YP/NIS
|
|
|
|
.Dq Li group.byname
|
|
|
|
map.
|
|
|
|
.Pp
|
|
|
|
If the YP/NIS group database is enabled for any reason, all reverse
|
|
|
|
lookups (i.e.,
|
|
|
|
.Fn getgrgid )
|
|
|
|
will use the entire database, even if only a few groups are enabled.
|
|
|
|
Thus, the group name returned by
|
|
|
|
.Fn getgrgid
|
|
|
|
is not guaranteed to have a valid forward mapping.
|
1997-01-08 23:57:15 +01:00
|
|
|
.Sh LIMITS
|
|
|
|
There are various limitations which are explained in
|
|
|
|
the function where they occurs; see section
|
|
|
|
.Sx SEE ALSO .
|
|
|
|
|
|
|
|
In older implementations,
|
|
|
|
a group cannot have more than 200 members. The maximum line length of
|
|
|
|
.Pa /etc/group
|
1997-03-12 14:46:16 +01:00
|
|
|
is 1024 characters. Longer lines will be skipped.
|
1997-01-08 23:57:15 +01:00
|
|
|
This limitations disappeared in
|
|
|
|
.Fx 3.0 .
|
|
|
|
Older binaries which are statically linked, depend on old
|
|
|
|
shared libraries, or non-FreeBSD binaries in compatibility mode
|
|
|
|
may still have this limits.
|
1994-05-30 21:09:18 +02:00
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width /etc/group -compact
|
|
|
|
.It Pa /etc/group
|
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
1996-12-26 03:02:31 +01:00
|
|
|
.Xr passwd 1 ,
|
|
|
|
.Xr setgroups 2 ,
|
1994-05-30 21:09:18 +02:00
|
|
|
.Xr crypt 3 ,
|
1994-09-21 00:44:37 +02:00
|
|
|
.Xr getgrent 3 ,
|
|
|
|
.Xr initgroups 3 ,
|
1996-12-26 03:02:31 +01:00
|
|
|
.Xr yp 4 ,
|
|
|
|
.Xr passwd 5
|
1994-05-30 21:09:18 +02:00
|
|
|
.Sh BUGS
|
|
|
|
The
|
|
|
|
.Xr passwd 1
|
|
|
|
command does not change the
|
|
|
|
.Nm group
|
|
|
|
passwords.
|
|
|
|
.Sh HISTORY
|
|
|
|
A
|
|
|
|
.Nm
|
|
|
|
file format appeared in
|
|
|
|
.At v6 .
|
1994-09-21 00:44:37 +02:00
|
|
|
The YP/NIS functionality is modeled after
|
|
|
|
.Tn SunOS
|
|
|
|
and first appeared in
|
|
|
|
.Tn FreeBSD
|
|
|
|
1.1.
|
1997-03-12 14:46:16 +01:00
|
|
|
Support for comments first appeared in
|
1997-03-09 13:20:48 +01:00
|
|
|
.Fx 3.0 .
|