377 lines
12 KiB
XML
377 lines
12 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh
|
|
SPDX-FileCopyrightText: 2007 - 2011, Nicolas François
|
|
SPDX-License-Identifier: BSD-3-Clause
|
|
-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
|
|
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
|
|
<!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
|
|
<!-- SHADOW-CONFIG-HERE -->
|
|
]>
|
|
<refentry id='groupadd.8'>
|
|
<!-- $Id$ -->
|
|
<refentryinfo>
|
|
<author>
|
|
<firstname>Julianne Frances</firstname>
|
|
<surname>Haugh</surname>
|
|
<contrib>Creation, 1991</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Thomas</firstname>
|
|
<surname>Kłoczko</surname>
|
|
<email>kloczek@pld.org.pl</email>
|
|
<contrib>shadow-utils maintainer, 2000 - 2007</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Nicolas</firstname>
|
|
<surname>François</surname>
|
|
<email>nicolas.francois@centraliens.net</email>
|
|
<contrib>shadow-utils maintainer, 2007 - now</contrib>
|
|
</author>
|
|
</refentryinfo>
|
|
<refmeta>
|
|
<refentrytitle>groupadd</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
|
|
<refmiscinfo class="source">shadow-utils</refmiscinfo>
|
|
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>groupadd</refname>
|
|
<refpurpose>create a new group</refpurpose>
|
|
</refnamediv>
|
|
<!-- body begins here -->
|
|
<refsynopsisdiv id='synopsis'>
|
|
<cmdsynopsis>
|
|
<command>groupadd</command>
|
|
<arg choice='opt'>
|
|
<replaceable>OPTIONS</replaceable>
|
|
</arg>
|
|
<arg choice='plain'>
|
|
<replaceable>NEWGROUP</replaceable>
|
|
</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>The <command>groupadd</command> command creates a new group
|
|
account using the values specified on the command line plus the default
|
|
values from the system. The new group will be entered into the system
|
|
files as needed.
|
|
</para>
|
|
<para>
|
|
Groupnames may contain only lower and upper case letters, digits,
|
|
underscores, or dashes. They can end with a dollar sign.
|
|
|
|
Dashes are not allowed at the beginning of the groupname.
|
|
Fully numeric groupnames and groupnames . or .. are
|
|
also disallowed.
|
|
</para>
|
|
<para>
|
|
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='options'>
|
|
<title>OPTIONS</title>
|
|
<para>
|
|
The options which apply to the <command>groupadd</command> command
|
|
are:
|
|
</para>
|
|
<variablelist remap='IP'>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-f</option>, <option>--force</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
This option causes the command to simply exit with success
|
|
status if the specified group already exists. When used with
|
|
<option>-g</option>, and the specified GID already exists,
|
|
another (unique) GID is chosen (i.e. <option>-g</option> is
|
|
turned off).
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-g</option>, <option>--gid</option> <replaceable>GID</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>The numerical value of the group's ID. <replaceable>GID</replaceable>
|
|
must be unique, unless the <option>-o</option> option is used. The value
|
|
must be non-negative. The default is to use the smallest ID
|
|
value greater than or equal to <option>GID_MIN</option> and
|
|
greater than every other group.
|
|
</para>
|
|
<para>
|
|
See also the <option>-r</option> option and the
|
|
<option>GID_MAX</option> description.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-h</option>, <option>--help</option></term>
|
|
<listitem>
|
|
<para>Display help message and exit.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-K</option>, <option>--key</option> <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Overrides <filename>/etc/login.defs</filename> defaults
|
|
(GID_MIN, GID_MAX and others). Multiple
|
|
<option>-K</option> options can be specified.
|
|
</para>
|
|
<para>
|
|
Example: <option>-K</option> <replaceable>GID_MIN</replaceable>=<replaceable>100</replaceable>
|
|
<option>-K</option> <replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
|
|
</para>
|
|
<para>
|
|
Note: <option>-K</option> <replaceable>GID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
|
|
doesn't work yet.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-o</option>, <option>--non-unique</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
permits the creation of a group with an already used
|
|
numerical ID. As a result, for this
|
|
<replaceable>GID</replaceable>, the mapping towards group
|
|
<replaceable>NEWGROUP</replaceable> may not be unique.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-p</option>, <option>--password</option> <replaceable>PASSWORD</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
defines an initial password for the group account. PASSWORD is expected to
|
|
be encrypted, as returned by <citerefentry><refentrytitle>crypt
|
|
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
|
</para>
|
|
<para>
|
|
Without this option, the group account will be locked and
|
|
with no password defined, i.e. a single exclamation mark
|
|
in the respective field of ths system account file
|
|
<filename>/etc/group</filename> or <filename>/etc/gshadow</filename>.
|
|
</para>
|
|
<para>
|
|
<emphasis role="bold">Note:</emphasis> This option is not
|
|
recommended because the password (or encrypted password) will
|
|
be visible by users listing the processes.
|
|
</para>
|
|
<para>
|
|
You should make sure the password respects the system's
|
|
password policy.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-r</option>, <option>--system</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Create a system group.
|
|
</para>
|
|
<para>
|
|
The numeric identifiers of new system groups are chosen in
|
|
the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option>
|
|
range, defined in <filename>login.defs</filename>, instead of
|
|
<option>GID_MIN</option>-<option>GID_MAX</option>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
|
|
directory and use the configuration files from the
|
|
<replaceable>CHROOT_DIR</replaceable> directory.
|
|
Only absolute paths are supported.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-P</option>, <option>--prefix</option> <replaceable>PREFIX_DIR</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Apply changes to configuration files under the root filesystem
|
|
found under the directory <replaceable>PREFIX_DIR</replaceable>.
|
|
This option does not chroot and is intended for preparing a cross-compilation
|
|
target. Some limitations: NIS and LDAP users/groups are
|
|
not verified. PAM authentication is using the host files.
|
|
No SELINUX support.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-U</option>, <option>--users</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
A list of usernames to add as members of the group.
|
|
</para>
|
|
<para>
|
|
The default behavior (if the <option>-g</option>,
|
|
<option>-N</option>, and <option>-U</option> options are not
|
|
specified) is defined by the <option>USERGROUPS_ENAB</option>
|
|
variable in <filename>/etc/login.defs</filename>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='configuration'>
|
|
<title>CONFIGURATION</title>
|
|
<para>
|
|
The following configuration variables in
|
|
<filename>/etc/login.defs</filename> change the behavior of this
|
|
tool:
|
|
</para>
|
|
<variablelist>
|
|
&GID_MAX; <!-- documents also GID_MIN -->
|
|
&MAX_MEMBERS_PER_GROUP;
|
|
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='files'>
|
|
<title>FILES</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>/etc/group</filename></term>
|
|
<listitem>
|
|
<para>Group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry condition="gshadow">
|
|
<term><filename>/etc/gshadow</filename></term>
|
|
<listitem>
|
|
<para>Secure group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/login.defs</filename></term>
|
|
<listitem>
|
|
<para>Shadow password suite configuration.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='caveats'>
|
|
<title>CAVEATS</title>
|
|
<para>
|
|
You may not add a NIS or LDAP group. This must be performed on the
|
|
corresponding server.
|
|
</para>
|
|
<para>
|
|
If the groupname already exists in an external group database such
|
|
as NIS or LDAP, <command>groupadd</command> will deny the group
|
|
creation request.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='exit_values'>
|
|
<title>EXIT VALUES</title>
|
|
<para>
|
|
The <command>groupadd</command> command exits with the following values:
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><replaceable>0</replaceable></term>
|
|
<listitem>
|
|
<para>success</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>2</replaceable></term>
|
|
<listitem>
|
|
<para>invalid command syntax</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>3</replaceable></term>
|
|
<listitem>
|
|
<para>invalid argument to option</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>4</replaceable></term>
|
|
<listitem>
|
|
<para>GID is already used (when called without <option>-o</option>)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>9</replaceable></term>
|
|
<listitem>
|
|
<para>group name is already used</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>10</replaceable></term>
|
|
<listitem>
|
|
<para>can't update group file</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para><citerefentry>
|
|
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|