You're familiar with a few user modification commands; now, let's talk about groups. Like user administration, it's important that you know the configuration files behind the commands that modify them.
The /etc/group file contains the basics of a group. Listing provides an example of the file /etc/group.
Listing Example /etc/group file
system:!:0:root,pconsole,esaadmin staff:!:1:ipsec,esaadmin,sshd,xander bin:!:2:root,bin sys:!:3:root,bin,sys adm:!:4:bin,adm uucp:!:5:uucp,nuucp mail:!:6: security:!:7:root cron:!:8:root printq:!:9:lp audit:!:10:root ecs:!:28: nobody:!:4294967294:nobody,lpd perf:!:20: shutdown:!:21: lp:!:11:root,lp invscout:!:12:invscout snapp:!:13:snapp ipsec:!:200: pconsole:!:14:pconsole sshd:!:201:sshd
As you can see, the file is colon delimited like the /etc/passwd file, and each entry contains only four fields in the following format (with spaces added before and after the delimiter to ease reading):
Group Name : Password Flag : GID : User(s)
Here's the line-by-line breakdown:
- Group Name. The group name associated with the group.
- Password Flag. This field is not used in AIX. Instead, AIX uses the /etc/security/group file for group administrators.
- GID. The GID associated with the group.
- User(s). The list of users who are members of the group.Note: This field is comma delimited.
The /etc/security/group file is much like /etc/security/user for users: It contains extended attributes to the specified group. Table provides a couple of useful settings in the configuration file.
Table /etc/security/group parameters
|user1, user2, …||Comma-delimited list of users with administrative rights to the group.|
|TRUE | FALSE||If True, the group has administrative rights to the group.|
For more attributes, read the man page for /etc/security/group (
The file is broken down into stanzas like the other configuration files in /etc/security, with the group name as the identifier. A nice feature of this file is that it allows you to set administrator rights to a standard user for a group. The administrators of that group can then modify the group as they see fit by adding members to or removing members from the group. Listing provides an example of what an /etc/security/group looks like. In this example, the group jradmin has
adminset to False and standard users pac and xander defined as administrators of the group.
Listing Example of an /etc/security/group file
system: admin = true staff: admin = false bin: admin = true sys: admin = true jradmin: admin = false adms = pac,xander