1.\" $OpenBSD: group.5,v 1.15 2012/06/20 22:15:13 schwarze Exp $ 2.\" $NetBSD: group.5,v 1.4 1995/07/28 06:41:39 phil Exp $ 3.\" 4.\" Copyright (c) 1980, 1991, 1993 5.\" The Regents of the University of California. All rights reserved. 6.\" Portions Copyright(c) 1994, Jason Downs. All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 3. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)group.5 8.3 (Berkeley) 4/19/94 33.\" 34.Dd $Mdocdate: June 20 2012 $ 35.Dt GROUP 5 36.Os 37.Sh NAME 38.Nm group 39.Nd format of the group permissions file 40.Sh DESCRIPTION 41The file 42.Pa /etc/group 43consists of newline separated 44.Tn ASCII 45records, one per group, containing four colon 46.Pq Ql \&: 47separated fields. 48These fields are as follows: 49.Pp 50.Bl -tag -width password -offset indent -compact 51.It group 52Name of the group. 53.It passwd 54Group's encrypted password. 55.It gid 56The group's decimal ID. 57.It member 58Group members. 59.El 60.Pp 61The 62.Ar group 63field is the group name used for granting file access to users 64who are members of the group. 65The 66.Ar gid 67field is the number associated with the group name. 68They should both be unique across the system (and often 69across a group of systems) since they control file access. 70The 71.Ar passwd 72field is an optional encrypted password. 73This field is rarely used and an asterisk is normally placed in it 74rather than leaving it blank. 75The 76.Ar member 77field contains the names of users granted the privileges of 78.Ar group . 79The member names are separated by commas without spaces or newlines. 80A user is automatically in a group if that group was specified in their 81.Xr passwd 5 82entry and does not need to be added to that group in the 83.Nm 84file. 85.\" .Pp 86.\" When the system reads the file 87.\" .Pa /etc/group 88.\" the fields are read into the structure 89.\" .Fa group 90.\" declared in 91.\" .Aq Pa grp.h : 92.\" .Bd -literal -offset indent 93.\" struct group { 94.\" char *gr_name; /* group name */ 95.\" char *gr_passwd; /* group password */ 96.\" int gr_gid; /* group id */ 97.\" char **gr_mem; /* group members */ 98.\" }; 99.\" .Ed 100.Sh YP SUPPORT 101If YP is active, the 102.Nm 103file also supports YP exclusions and inclusions. 104.Pp 105Lines beginning with a 106.Ql \&- 107(minus sign) are entries marked as being excluded from any following 108inclusions, which are marked with a `+' (plus sign). 109.Pp 110Lines of the format 111.Bd -literal -offset indent 112+name:*:: 113.Ed 114.Pp 115cause the specified group to be included from the 116.Pa group.byname 117YP map. 118If no group name is specified, or the 119.Ql + 120(plus sign) appears alone on a line, all groups are included from the YP map. 121.Pp 122YP references may appear anywhere in the file, but the single 123.Ql + 124form should be on the last line, for historical reasons. 125Only the first group with a specific name encountered, whether in the 126.Nm 127file itself, or included via YP, will be used. 128.Pp 129Proper YP group support requires consistent 130.Pa group.byname , 131.Pa group.bygid 132and 133.Pa netid.byname 134YP maps. 135See 136.Xr getgrent 3 137and 138.Xr getgrouplist 3 139for details. 140.Pp 141When YP is enabled but temporarily unavailable, login becomes impossible 142for all users except those having an entry in the 143.Xr netid 5 144file. 145.Sh FILES 146.Bl -tag -width /etc/group -compact 147.It Pa /etc/group 148.El 149.Sh SEE ALSO 150.Xr passwd 1 , 151.Xr setgroups 2 , 152.Xr crypt 3 , 153.Xr initgroups 3 , 154.Xr netid 5 , 155.Xr passwd 5 , 156.Xr yp 8 157.Sh HISTORY 158The 159.Nm 160file format first appeared in 161.At v6 . 162.Pp 163The YP file format first appeared in SunOS. 164.Sh BUGS 165The 166.Xr passwd 1 167command does not change the 168.Nm 169passwords. 170.Pp 171Lines in 172.Pa /etc/group 173are limited to 1024 characters. 174YP groups are not affected by this limit. 175.Pp 176Groups are limited to a maximum of 200 members per group. 177