groupmod - Modifies a group definition on the system
/usr/sbin/groupmod [-ggid] [-o] [-nnewgroup] [-P] [-xextended_option]
group_name
/usr/sbin/groupmod -D [-x extended_option]
If invoked with any combination of the options below, it
sets the default values for those options. Subsequent
invocations of groupmod without the -D option use these
new defaults. Specifies a new group identification number
(GID) for the group being modified. The GID must be a
non-negative decimal integer. When the -o option is used,
the GID can be duplicated. Specifies a new name for the
group. The name has the same restrictions as described for
new group names in groupadd(8). You cannot rename a PC
group. Lets a group identification (GID) number be duplicated
(non-unique). This option can be used only with the
-g option. Modifies a PC group only. Extended_options
are of the form attribute=value. You may enter any number
of extended options (within the character limit of the
command line) by separating each option with a space.
Alternatively, they may be entered separately following
the -x switch. Note that some extended options are only
available under specific system environments.
The value of the extended attributes min_gid,
max_gid, and next_gid given below must be a nonnegative
decimal number. Note that min_gid must be
less than or equal to next_gid which in turn must
be less than or equal to max_gid. This applies to
all modifications of GID values.
The following extended_option attributes are available.
Specifies the largest numeric identifier
that may be associated with a group. This attribute
can be used only with the -D option. Specifies the
smallest numeric identifier that may be associated
with a group. This attribute can be used only with
the -D option. Specifies the next available group
identifier number (GID) in the range of min_gid to
max_gid. This attribute can be used only with the
-D option. Specifies whether duplicate GIDs are
allowed. If set to 1, duplicate GIDs are enabled.
If set to 0, duplicate GIDs are disabled. This
attribute can be used only with the -D option.
Indicates whether the group is local. If set to 1,
the group is added to the local database. This also
sets the value of extended options distributed and
ldap to 0. Indicates whether the group is distributed
by NIS. If set to 1, the group is added to
the NIS database. This also sets the value of
extended options local and ldap to 0. You must be
on the NIS master to modify a NIS group. Indicates
whether the group is created on an LDAP server. If
set to 1, the group is added to the LDAP database.
This also sets the value of extended options local
and distributed to 0. A comma-delimited list of
members of the group. The list replaces the existing
list, adding or removing members as necessary.
You can specify the user by login name or by
account UID. A comma-delimited list of members to
be added (+=) or (-=) removed from the group. The
list replaces the existing list, adding or removing
members as necessary. You can specify the user by
login name or by account UID.
The following extended_option attributes are available
for PC group administration if the Advanced
Server for UNIX (ASU)is configured and running:
Specifies a text string that provides a description
of the PC group. Specifies a comma delimited list
of PC users to be added to the current list of members
of a PC group. Note that this adds, but does
not replace members. Specifies the name of the
group to be modified. The group name must exist.
The groupmod command is part of a set of command-line
interfaces (CLI) that are used to create and administer
user groups on the system. When The Advanced Server for
UNIX (ASU) is installed and running, the groupmod command
can also be used to administer PC groups with members who
are Windows NT domain account users. Accounts can also be
modified with the /usr/bin/X11/dxaccounts graphical user
interface (GUI) or the sysman(8) Acounts menu.
Different options are available depending on how the local
system is configured: User account management is compliant
with the IEEE POSIX Standard P1387.3. The CLI is backwards-compatible,
so all legacy scripts will function.
However, you should consider testing your account management
scripts before use.
The groupmod command lets the system administrator modify
and rename groups on the system. In addition, the system
administrator can use the -D and -x options on the same
command line to change the maximum, minimum, and/or next
available group identifier numbers, as well as specify
whether the group account is local or resides in the NIS
master database. If the -x option is not specified on the
command line, the system modifies the group information in
the appropriate database as specified by the system
defaults.
The -x options local, distributed, and ldap let the system
administrator specify whether the group is local, distributed
by NIS, or on an LDAP server. If these options
are not specified on the command line, the system modifies
the group in the appropriate database as specified by the
system defaults. System defaults for groups may be set
with the groupmod-D option. In the absence of any
defaults, groupmod modifies a local group. Certain combinations
of these settings are incompatible and produce an
error: it is invalid to set all of these values to 0 or
set more than one of them to 1.
You must have superuser privilege to execute this command.
Distributed groups can only be added, modified, or deleted
on NIS servers.
LDAP groups can only be added, modified, or deleted on the
LDAP server or on a suitably privileged LDAP client.
The groupmod command exits with one of the following values:
Success. Failure. Warning.
The following example changes the GID of the group, testgrp,
to 451: % groupmod -g 451 testgrp The following example
changes the group name of the testgrp group to unxgrp:
% groupmod -n unxgrp testgrp The following example changes
the maximum group ID (max_gid) to 300 and the next available
group ID (next_gid) to 30: % groupmod -D -x
max_gid=300 -x next_gid=30
The groupmod command operates on the appropriate files for
the specific level of system security.
Commands: groupadd(8), groupdel(8), useradd(8),
userdel(8), usermod(8)
Manuals: System Administration, Security, Advanced Server
for UNIX Installation and Administration
groupmod(8)
[ Back ] |
