GROUP(5,F) AIX Technical Reference GROUP(5,F) ------------------------------------------------------------------------------- group PURPOSE Identifies a group. DESCRIPTION Users can be assigned to one or more groups, each of which share certain protection privileges. The person who sets up the system may want to place users in the same group because they need access to a common set of files. Similarly, a certain group of users can have access restricted to certain files. When users log in, they are assigned to the group specified in the /etc/password file. In addition, they are assigned as a member of all groups specified in this file. Users are allowed to access any files that the group to which they are assigned has access. However, any files created by the user can be accessed only by the members of the primary group of which that user is a member. A user is allowed to change his primary group for the duration of the terminal session using the newgrp command. The /etc/group file defines to which groups a user has membership. Each line in this file defines a group and consists of four fields separated by colons. It contains the following information for each group: Note: In the multibyte environment, the group file may contain only ASCII characters. Group Description group name A character string of up to eight characters that references the group. password This field is optional. If specified, anyone attempting to enter the group must correctly supply the password to the system. group ID A number assigned to the group and used in access decisions. user group list A list that specifies the login names of all users allowed in the group. User IDs in the list are separated by commas. The user group list may contain up to 500 eight-character login names. In newly distributed systems, there are typically only two groups: the staff group and the system group. New users can be added to groups and new groups can be added as necessary. Processed November 7, 1990 GROUP(5,F) 1 GROUP(5,F) AIX Technical Reference GROUP(5,F) If several users wish to share the same privileges, including the ability to terminate each other's processes as well as to access the files of others, the same numerical user ID can be assigned to each. This mechanism is sometimes used to give the same person several accounts on the system, each with potentially different login directories and other characteristics, such as electronic mailboxes or login programs. For example, the operator has the same user ID, and therefore superuser authority. However, this operator typically uses a restricted version of the shell that does not give access to commands that allow reading the files of others. EXAMPLE The following is an example of the /etc/group file. This is an ASCII file. Each group is separated from the next by a new-line character. The fields are separated by colons. Because the password is encrypted, it can be used to map numerical group IDs to names without concern of compromise to user security. system::0:su,bill,jack,gary staff::1: bin::2:su,bin sys::3:su,bin.sys adm::4:su,bin,adm mail::6:su usr::100:guest FILE /etc/group RELATED INFORMATION In this book: "passwd." The newgrp, passwd, and users commands in AIX Operating System Commands Reference. Processed November 7, 1990 GROUP(5,F) 2