Saturday, July 16, 2011

AIX group administration - rmgroup

To remove a group from the system, simply execute rmgroup with the group's name as the argument:
# rmgroup atctest


The rmgroup command does not allow you to remove the group until you have moved all users that have the group as their primary group to another group.


According to the AIX man page:



Purpose

Removes a group.

Syntax

rmgroup Name

Description

The rmgroup command removes a group specified by the Name parameter. This command deletes all the group attributes as well. To remove a group, the group name must already exist as a string of 8 bytes or less. Users who are group members are not removed from the system.

If the group is the primary group for any user, you cannot remove it unless you redefine the user's primary group with the chuser command. The chuser command alters the /etc/passwd file. Only the root user or a user with GroupAdmin authorization can remove an administrative group or a group with administrative users as members.

You can use the Web-based System Manager Users application (wsm users fast path) to run this command. You could also use the System Management Interface Tool (SMIT) smit rmgroup fast path to run this command.
Security.

Access Control:


This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Files Accessed:

Mode
File
r
/etc/passwd
rw
/etc/group
rw
/etc/security/group

Auditing Events:

Event
Information
GROUP_Remove
group

Examples

To remove the finance group, enter:

rmgroup finance

Files

/usr/sbin/rmgroup
Contains the rmgroup command.
/etc/group
Contains the basic attributes of groups.
/etc/security/group
Contains the extended attributes of groups.

No comments:

Post a Comment