groupadd - Adds a new group definition
/usr/sbin/groupadd [-g gid] [-o] [-P] [-x extended_option]
group_name
Specifies the group identifier (GID) of the new group
being added. The GID must be a non-negative decimal integer.
Allows a group identification (GID) number to be
duplicated (non-unique). This option can be used only
with the -g option. Creates a PC group only. Extended
options are of the form attribute=value. You may enter any
number of extended options (within the character limit of
the command line) by separating each option with a space.
Alternatively, they may be entered separately following
the -x switch. Note that some extended options are only
available under specific system environments.
The following sets of extended_option attributes
are available: Indicates whether the group is
local. If set to 1, the group is added to the
local database. This also sets the value of
extended options distributed and ldap to 0. Indicates
whether the group is distributed. If set to
1, the group is added to the NIS database. This
also sets the value of extended option local to 0.
You must be on the NIS master to create a NIS
group. Indicates whether the group is created on
an LDAP server. If set to 1, the group is added to
the LDAP server and also sets the value of extended
options local and distributed to 0. LDAP must be
configured, and you must be on the LDAP server or
an LDAP client with permission to modify the LDAP
database. A comma-delimited list of user's who
will be members of the UNIX group. You can specify
the user (login) name or the account UID.
The following extended_option attributes are available
for PC group administration if the Advanced
Server for UNIX (ASU) is configured and running:
Specifies a text string that provides a description
of the PC group. Specifies a comma delimited list
of PC users to be added to the current list of members
of a PC group. Note that this adds, but does
not replace members. Specifies the name of the new
group. There are restrictions, described below, on
the length and allowable characters in the group
name.
The groupadd command is part of a set of command-line
interfaces (CLI) that are used to create and administer
user groups on the system. When the Advanced Server for
UNIX (ASU) is installed and running, the groupadd command
can also be used to administer PC groups for users who are
also holders of Windows NT domain accounts. Accounts can
also be created with the /usr/bin/X11/dxaccounts graphical
user interface (GUI) or the sysman (8) Accounts Menu.
Different options are available depending on how the local
system is configured: In the default UNIX environment,
user account management is compliant with the IEEE POSIX
Standard P1387.3. The CLI is backwards-compatible, so all
existing local scripts will function. However, you should
consider testing your account management scripts before
use.
The groupadd command lets the system administrator create
new groups on the system by specifying the group name and
GID. When the GID is not specified (with the -g option),
the GID defaults to the next available (unique) number.
The -x options local, distributed, and ldap let the system
administrator specify whether the new group is local, distributed
by NIS, or an LDAP server. If these options are
not specified on the command line, the system adds the new
group to the appropriate database as specified by the system
defaults. System defaults for groups may be set with
the groupmod -D option. In the absence of any defaults,
groupadd creates a local group. Certain combinations of
these settings are incompatible and produce an error: it
is invalid to set all of these values to 0 or set more
than one of them to 1.
You must have superuser privilege to execute this command.
Distributed groups can only be added, modified, or deleted
on NIS servers.
LDAP groups can only be added, modified, or deleted on an
LDAP server or on a suitably privileged LDAP client.
You cannot specify more than 255 characters on a single
command line. However, lines can be split to an appropriate
length. If you try and enter too many new groups, the
group file may be corrupted.
Certain characters that have special meaning for the
shells are not allowed in the group name. This list
includes $@/[]:;|=,*?<>(){}"'`#, backslash (\), and white
space (space, tab, newline, form-feed, return). In addition,
the first character of the new group name cannot be
one of +-!~.
In this release the maximum length of a group name is 8
characters.
The pc_synchronize default value is not used for groupadd,
groupmod, and groupdel. UNIX and PC groups cannot be synchronized
and therefore must be created separately. Use
the command groupadd -P xdomain to create a PC group named
xdomain. Then, use the command groupadd xdomain to create
a UNIX group named xdomain.
The groupadd command exits with one of the following values:
Success. Failure. Warning.
The following example adds the group, newgroup, to the
group database with a system-provided GID:
% groupadd newgroup
The following example adds the group, newgroup, to the
group database with a GID of 451:
% groupadd -g 451 newgroup The following example adds the
group, newgroup, to the NIS master database:
% groupadd -x distributed=1
newgroup
The following example adds the PC group, projectX with
members JoeMc and HiteshC:
% groupadd -P
-x pc_group_members=JoeMc,HiteshC, \
projectX The following example adds the PC group, newgroup
and provides a description field "common project
group": % groupadd -P -x
pc_group_description="common project group" \
projectX
The groupadd command operates on files for the specific
level of system security.
Commands: groupdel(8), groupmod(8), useradd(8),
userdel(8), usermod(8)
System Administration
Security
Advanced Server for UNIX administration and configuration
documents.
groupadd(8)
[ Back ] |
