[dragonfly.git] / share / man / man5 / group.5

.\" Copyright (c) 1980, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     From: @(#)group.5	8.3 (Berkeley) 4/19/94
.\" $FreeBSD: src/share/man/man5/group.5,v 1.15.2.4 2002/02/01 15:51:18 ru Exp $
.\" $DragonFly: src/share/man/man5/group.5,v 1.3 2004/03/11 12:28:56 hmp Exp $
.\"
.Dd September 29, 1994
.Dt GROUP 5
.Os
.Sh NAME
.Nm group
.Nd format of the group permissions file
.Sh DESCRIPTION
The file
.Aq Pa /etc/group
consists of newline separated
.Tn ASCII
records, one per group, containing four colon
.Ql \&:
separated fields.
These fields are as follows:
.Bl -tag -width password -offset indent -compact
.It group
Name of the group.
.It passwd
Group's
.Em encrypted
password.
.It gid
The group's decimal ID.
.It member
Group members.
.El
.Pp
Lines whose first non-whitespace character is a pound-sign (#)
are comments, and are ignored.
Blank lines that consist
only of spaces, tabs or newlines are also ignored.
.Pp
The
.Ar group
field is the group name used for granting file access to users
who are members of the group.
The
.Ar gid
field is the number associated with the group name.
They should both be unique across the system (and often
across a group of systems) since they control file access.
The
.Ar passwd
field
is an optional
.Em encrypted
password.
This field is rarely used
and an asterisk is normally placed in it rather than leaving it blank.
The
.Ar member
field contains the names of users granted the privileges of
.Ar group .
The member names are separated by commas without spaces or newlines.
A user is automatically in a group if that group was specified
in their
.Pa /etc/passwd
entry and does not need to be added to that group in the
.Pa /etc/group file.
.\" .Pp
.\" When the system reads the file
.\" .Pa /etc/group
.\" the fields are read into the structure
.\" .Fa group
.\" declared in
.\" .Aq Pa grp.h :
.\" .Bd -literal -offset indent
.\" struct group {
.\"	char    *gr_name;        /* group name */
.\"	char    *gr_passwd;      /* group password */
.\"	int     gr_gid;          /* group id */
.\"	char    **gr_mem;        /* group members */
.\" };
.\" .Ed
.Sh YP/NIS INTERACTION
The
.Pa /etc/group
file can be configured to enable the YP/NIS group database.
An entry whose
.Ar name
field consists of a plus sign (`+') followed by a group name, will be
replaced internally to the C library with the YP/NIS group entry for the
named group.  An entry whose
.Ar name
field consists of a single plus sign with no group name following,
will be replaced with the entire YP/NIS
.Dq Li group.byname
map.
.Pp
If the YP/NIS group database is enabled for any reason, all reverse
lookups (i.e.,
.Fn getgrgid )
will use the entire database, even if only a few groups are enabled.
Thus, the group name returned by
.Fn getgrgid
is not guaranteed to have a valid forward mapping.
.Sh LIMITS
There are various limitations which are explained in
the function where they occur; see section
.Sx SEE ALSO .
.Pp
In older implementations,
a group cannot have more than 200 members.
The maximum line length of
.Pa /etc/group
is 1024 characters.
Longer lines will be skipped.
This limitation disappeared in
.Fx 3.0 .
Older binaries that are statically linked, depend on old
shared libraries, or
.No non- Ns Dx
binaries in compatibility mode
may still have this limits.
.Sh FILES
.Bl -tag -width /etc/group -compact
.It Pa /etc/group
.El
.Sh SEE ALSO
.Xr passwd 1 ,
.Xr setgroups 2 ,
.Xr crypt 3 ,
.Xr getgrent 3 ,
.Xr initgroups 3 ,
.Xr passwd 5 ,
.Xr yp 8
.Sh BUGS
The
.Xr passwd 1
command does not change the
.Nm
passwords.
.Sh HISTORY
A
.Nm
file format appeared in
.At v6 .
The YP/NIS functionality is modeled after
.Tn SunOS
and first appeared in
.Fx 1.1 .
Support for comments first appeared in
.Fx 3.0 .
Commit	Line	Data
984263bc MD	1	.\" Copyright (c) 1980, 1991, 1993
	2	.\" The Regents of the University of California. All rights reserved.
	3	.\"
	4	.\" Redistribution and use in source and binary forms, with or without
	5	.\" modification, are permitted provided that the following conditions
	6	.\" are met:
	7	.\" 1. Redistributions of source code must retain the above copyright
	8	.\" notice, this list of conditions and the following disclaimer.
	9	.\" 2. Redistributions in binary form must reproduce the above copyright
	10	.\" notice, this list of conditions and the following disclaimer in the
	11	.\" documentation and/or other materials provided with the distribution.
	12	.\" 3. All advertising materials mentioning features or use of this software
	13	.\" must display the following acknowledgement:
	14	.\" This product includes software developed by the University of
	15	.\" California, Berkeley and its contributors.
	16	.\" 4. Neither the name of the University nor the names of its contributors
	17	.\" may be used to endorse or promote products derived from this software
	18	.\" without specific prior written permission.
	19	.\"
	20	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	21	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	22	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	23	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	24	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	25	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	26	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	27	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	28	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	29	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	30	.\" SUCH DAMAGE.
	31	.\"
	32	.\" From: @(#)group.5 8.3 (Berkeley) 4/19/94
	33	.\" $FreeBSD: src/share/man/man5/group.5,v 1.15.2.4 2002/02/01 15:51:18 ru Exp $
9bb2a92d	34	.\" $DragonFly: src/share/man/man5/group.5,v 1.3 2004/03/11 12:28:56 hmp Exp $
984263bc MD	35	.\"
	36	.Dd September 29, 1994
	37	.Dt GROUP 5
	38	.Os
	39	.Sh NAME
	40	.Nm group
	41	.Nd format of the group permissions file
	42	.Sh DESCRIPTION
	43	The file
	44	.Aq Pa /etc/group
	45	consists of newline separated
	46	.Tn ASCII
	47	records, one per group, containing four colon
	48	.Ql \&:
	49	separated fields.
	50	These fields are as follows:
	51	.Bl -tag -width password -offset indent -compact
	52	.It group
	53	Name of the group.
	54	.It passwd
	55	Group's
	56	.Em encrypted
	57	password.
	58	.It gid
	59	The group's decimal ID.
	60	.It member
	61	Group members.
	62	.El
	63	.Pp
	64	Lines whose first non-whitespace character is a pound-sign (#)
	65	are comments, and are ignored.
	66	Blank lines that consist
	67	only of spaces, tabs or newlines are also ignored.
	68	.Pp
	69	The
	70	.Ar group
	71	field is the group name used for granting file access to users
	72	who are members of the group.
	73	The
	74	.Ar gid
	75	field is the number associated with the group name.
	76	They should both be unique across the system (and often
	77	across a group of systems) since they control file access.
	78	The
	79	.Ar passwd
	80	field
	81	is an optional
	82	.Em encrypted
	83	password.
	84	This field is rarely used
	85	and an asterisk is normally placed in it rather than leaving it blank.
	86	The
	87	.Ar member
	88	field contains the names of users granted the privileges of
	89	.Ar group .
	90	The member names are separated by commas without spaces or newlines.
	91	A user is automatically in a group if that group was specified
	92	in their
	93	.Pa /etc/passwd
	94	entry and does not need to be added to that group in the
	95	.Pa /etc/group file.
	96	.\" .Pp
	97	.\" When the system reads the file
	98	.\" .Pa /etc/group
99	.\" the fields are read into the structure
100	.\" .Fa group
101	.\" declared in
102	.\" .Aq Pa grp.h :
103	.\" .Bd -literal -offset indent
104	.\" struct group {
105	.\" char gr_name; / group name */
106	.\" char gr_passwd; / group password */
107	.\" int gr_gid; /* group id */
108	.\" char *gr_mem; / group members */
109	.\" };
110	.\" .Ed
111	.Sh YP/NIS INTERACTION
112	The
113	.Pa /etc/group
114	file can be configured to enable the YP/NIS group database.
115	An entry whose
116	.Ar name
117	field consists of a plus sign (`+') followed by a group name, will be
118	replaced internally to the C library with the YP/NIS group entry for the
119	named group. An entry whose
120	.Ar name
121	field consists of a single plus sign with no group name following,
122	will be replaced with the entire YP/NIS
123	.Dq Li group.byname
124	map.
125	.Pp
126	If the YP/NIS group database is enabled for any reason, all reverse
127	lookups (i.e.,
128	.Fn getgrgid )
129	will use the entire database, even if only a few groups are enabled.
130	Thus, the group name returned by
131	.Fn getgrgid
132	is not guaranteed to have a valid forward mapping.
133	.Sh LIMITS
134	There are various limitations which are explained in
135	the function where they occur; see section
136	.Sx SEE ALSO .
137	.Pp
138	In older implementations,
139	a group cannot have more than 200 members.
140	The maximum line length of
141	.Pa /etc/group
142	is 1024 characters.
143	Longer lines will be skipped.
144	This limitation disappeared in
145	.Fx 3.0 .
146	Older binaries that are statically linked, depend on old
147	shared libraries, or
9bb2a92d	148	.No non- Ns Dx
984263bc MD	149	binaries in compatibility mode
	150	may still have this limits.
	151	.Sh FILES
	152	.Bl -tag -width /etc/group -compact
	153	.It Pa /etc/group
	154	.El
	155	.Sh SEE ALSO
	156	.Xr passwd 1 ,
	157	.Xr setgroups 2 ,
	158	.Xr crypt 3 ,
	159	.Xr getgrent 3 ,
	160	.Xr initgroups 3 ,
	161	.Xr passwd 5 ,
	162	.Xr yp 8
	163	.Sh BUGS
	164	The
	165	.Xr passwd 1
	166	command does not change the
	167	.Nm
	168	passwords.
	169	.Sh HISTORY
	170	A
	171	.Nm
	172	file format appeared in
	173	.At v6 .
	174	The YP/NIS functionality is modeled after
	175	.Tn SunOS
	176	and first appeared in
	177	.Fx 1.1 .
	178	Support for comments first appeared in
	179	.Fx 3.0 .