1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
5 <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
6 <!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
7 <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
10 <refentry id='gpasswd.1'>
13 <refentrytitle>gpasswd</refentrytitle>
14 <manvolnum>1</manvolnum>
15 <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
17 <refnamediv id='name'>
18 <refname>gpasswd</refname>
20 administer the <filename>/etc/group</filename>
21 <phrase condition="gshadow">and <filename>/etc/gshadow</filename>
23 <phrase condition="no_gshadow">file</phrase>
26 <!-- body begins here -->
27 <refsynopsisdiv id='synopsis'>
29 <command>gpasswd</command>
31 <replaceable>option</replaceable>
34 <replaceable>group</replaceable>
39 <refsect1 id='description'>
40 <title>DESCRIPTION</title>
42 The <command>gpasswd</command> command is used to administer
43 <filename>/etc/group</filename><phrase condition="gshadow">,
44 and <filename>/etc/gshadow</filename></phrase>.
46 <phrase condition="gshadow">administrators,</phrase>
47 members and a password.
49 <para condition="gshadow">
50 System administrator can use the <option>-A</option> option to define
51 group administrator(s) and the <option>-M</option> option to define
52 members and has all rights of group administrators and members.
55 <command>gpasswd</command> called by
56 <phrase condition="gshadow">a group administrator</phrase>
57 <phrase condition="no_gshadow">a system administrator</phrase>
58 with a group name only prompts for the new password of the
59 <replaceable>group</replaceable>.
62 If a password is set the members can still <citerefentry>
63 <refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
64 </citerefentry> without a password, and non-members must supply the
68 <refsect2 id='notes_about_group_passwords'>
69 <title>Notes about group passwords</title>
71 Group passwords are an inherent security problem since more than one
72 person is permitted to know the password. However, groups are a
73 useful tool for permitting co-operation between different users.
79 <refsect1 id='options'>
80 <title>OPTIONS</title>
81 <para condition="gshadow">
82 Except for the <option>-A</option> and <option>-M</option> options,
83 the options cannot be combined.
85 <para condition="no_gshadow">
86 The options cannot be combined.
89 The options which apply to the <command>gpasswd</command> command are:
91 <variablelist remap='IP'>
94 <option>-a</option>, <option>--add</option> <replaceable>user</replaceable>
98 Add the <replaceable>user</replaceable> to the named
99 <replaceable>group</replaceable>.
104 <variablelist remap='IP'>
107 <option>-d</option>, <option>--delete</option> <replaceable>user</replaceable>
111 Remove the <replaceable>user</replaceable> from the named
112 <replaceable>group</replaceable>.
117 <variablelist remap='IP'>
120 <option>-r</option>, <option>--remove-password</option>
124 Remove the password from the named <replaceable>group</replaceable>.
125 Only group members will be allowed to use
126 <command>newgrp</command> to join the named
127 <replaceable>group</replaceable>.
132 <variablelist remap='IP'>
135 <option>-R</option>, <option>--restrict</option>
139 Restrict the access to the named <replaceable>group</replaceable>.
140 Only group members will be allowed to use
141 <command>newgrp</command> to join the named
142 <replaceable>group</replaceable>.
147 <variablelist remap='IP' condition="gshadow">
150 <option>-A</option>, <option>--administrators</option> <replaceable>user</replaceable>,...
154 Set the list of administrative users.
159 <variablelist remap='IP'>
162 <option>-M</option>, <option>--members</option> <replaceable>user</replaceable>,...
166 Set the list of group members.
173 <refsect1 id='caveats'>
174 <title>CAVEATS</title>
176 This tool only operates on the <filename>/etc/group</filename>
177 <phrase condition="gshadow"> and <filename>/etc/gshadow</filename>
179 <phrase condition="no_gshadow">file.</phrase>
180 Thus you cannot change any NIS or LDAP group. This must be performed
181 on the corresponding server.
185 <refsect1 id='configuration'>
186 <title>CONFIGURATION</title>
188 The following configuration variables in
189 <filename>/etc/login.defs</filename> change the behavior of this
194 &MAX_MEMBERS_PER_GROUP;
196 &SHA_CRYPT_MIN_ROUNDS; <!--This also document SHA_CRYPT_MAX_ROUNDS-->
200 <refsect1 id='files'>
204 <term><filename>/etc/group</filename></term>
206 <para>Group account information.</para>
209 <varlistentry condition="gshadow">
210 <term><filename>/etc/gshadow</filename></term>
212 <para>Secure group account information.</para>
218 <refsect1 id='see_also'>
219 <title>SEE ALSO</title>
222 <refentrytitle>newgrp</refentrytitle><manvolnum>1</manvolnum>
225 <refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum>
228 <refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
231 <refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
234 <refentrytitle>grpck</refentrytitle><manvolnum>8</manvolnum>
237 <refentrytitle>group</refentrytitle><manvolnum>5</manvolnum>
238 </citerefentry><phrase condition="gshadow">,
240 <refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
241 </citerefentry></phrase>.