man/man5/group.5

         te
 Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
 Copyright 1989 AT&T
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 GROUP 5 "Feb 17, 2023"
 NAME
group - group file
 DESCRIPTION
The group file is a local source of group information. The group
file can be used in conjunction with other group sources, including the
NIS maps group.byname and group.bygid, or group information
stored on an LDAP server. Programs use the
getgrnam(3C) routines to access this information.

The group file contains a one-line entry for each group recognized by the
system, of the form:

groupname:password:gid:user-list

where
groupname

The name of the group. A string consisting of lower case alphabetic characters
and numeric characters. Neither a colon (:) nor a NEWLINE can be part of
a groupname. The string must be less than MAXGLEN-1, usually
8, characters long.


gid

The group's unique numerical ID (GID) within the system.


user-list

A comma-separated list of users allowed in the group.


The maximum value of the gid field is 2147483647. To maximize
interoperability and compatibility, administrators are recommended to assign
groups using the range of GIDs below 60000 where possible.

If the password field is empty, no password is demanded. During user
identification and authentication, the supplementary group access list is
initialized sequentially from information in this file. If a user is in more
groups than the system is configured for, {NGROUPS_MAX}, a warning will
be given and subsequent group specifications will be ignored.

Malformed entries cause routines that read this file to halt, in which case
group assignments specified further along are never made. To prevent this from
happening, use grpck(1B) to check the /etc/group database from time
to time.

If the number of characters in an entry exceeds 2047, group maintenance
commands, such as groupdel(8) and groupmod(8), fail.

Previous releases used a group entry beginning with a `+' (plus sign) or
`-' (minus sign) to selectively incorporate entries from a naming
service source (for example, an NIS map or data from an LDAP server) for group.
If still required, this is supported by specifying group: compat in
nsswitch.conf(5). The compat source may not be supported in future
releases. Possible sources are files followed by ldap.
This has the effect of incorporating information from an LDAP
server after the group file.
 EXAMPLES
Example 1 Example group File.

The following is an example of a group file:

root::0:root
stooges:q.mJzTnu8icF.:10:larry,moe,curly


and the sample group entry from nsswitch.conf:

group: files ldap


With these entries, the group stooges will have members larry,
moe, and curly, and all groups listed on the LDAP server are
effectively incorporated after the entry for stooges.


If the group file was:

root::0:root
stooges:q.mJzTnu8icF.:10:larry,moe,curly
+:


and the group entry from nsswitch.conf:

group: compat


all the groups listed in the NIS group.bygid and group.byname
maps would be effectively incorporated after the entry for stooges.

 SEE ALSO
 groups (1),  newgrp (1),  grpck (1B),  getgrnam (3C),  initgroups (3C),  unistd.h (3HEAD),  nsswitch.conf (5),  groupadd (8),  groupdel (8),  groupmod (8)
System Administration Guide: Basic Administration