cfc981df2a
The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from Fedora [1] to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. [1] https://src.fedoraproject.org/rpms/shadow-utils/blob/rawhide/f/shadow-4.8-goodname.patch Signed-off-by: Alexander Kanavin <alex@linutronix.de>
377 lines
12 KiB
XML
377 lines
12 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh
|
|
SPDX-FileCopyrightText: 2007 - 2011, Nicolas François
|
|
SPDX-License-Identifier: BSD-3-Clause
|
|
-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
|
|
<!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
|
|
<!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
|
|
<!-- SHADOW-CONFIG-HERE -->
|
|
]>
|
|
<refentry id='groupadd.8'>
|
|
<!-- $Id$ -->
|
|
<refentryinfo>
|
|
<author>
|
|
<firstname>Julianne Frances</firstname>
|
|
<surname>Haugh</surname>
|
|
<contrib>Creation, 1991</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Thomas</firstname>
|
|
<surname>Kłoczko</surname>
|
|
<email>kloczek@pld.org.pl</email>
|
|
<contrib>shadow-utils maintainer, 2000 - 2007</contrib>
|
|
</author>
|
|
<author>
|
|
<firstname>Nicolas</firstname>
|
|
<surname>François</surname>
|
|
<email>nicolas.francois@centraliens.net</email>
|
|
<contrib>shadow-utils maintainer, 2007 - now</contrib>
|
|
</author>
|
|
</refentryinfo>
|
|
<refmeta>
|
|
<refentrytitle>groupadd</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="sectdesc">System Management Commands</refmiscinfo>
|
|
<refmiscinfo class="source">shadow-utils</refmiscinfo>
|
|
<refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>groupadd</refname>
|
|
<refpurpose>create a new group</refpurpose>
|
|
</refnamediv>
|
|
<!-- body begins here -->
|
|
<refsynopsisdiv id='synopsis'>
|
|
<cmdsynopsis>
|
|
<command>groupadd</command>
|
|
<arg choice='opt'>
|
|
<replaceable>OPTIONS</replaceable>
|
|
</arg>
|
|
<arg choice='plain'>
|
|
<replaceable>NEWGROUP</replaceable>
|
|
</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>The <command>groupadd</command> command creates a new group
|
|
account using the values specified on the command line plus the default
|
|
values from the system. The new group will be entered into the system
|
|
files as needed.
|
|
</para>
|
|
<para>
|
|
Groupnames may contain only lower and upper case letters, digits,
|
|
underscores, or dashes. They can end with a dollar sign.
|
|
|
|
Dashes are not allowed at the beginning of the groupname.
|
|
Fully numeric groupnames and groupnames . or .. are
|
|
also disallowed.
|
|
</para>
|
|
<para>
|
|
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='options'>
|
|
<title>OPTIONS</title>
|
|
<para>
|
|
The options which apply to the <command>groupadd</command> command
|
|
are:
|
|
</para>
|
|
<variablelist remap='IP'>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-f</option>, <option>--force</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
This option causes the command to simply exit with success
|
|
status if the specified group already exists. When used with
|
|
<option>-g</option>, and the specified GID already exists,
|
|
another (unique) GID is chosen (i.e. <option>-g</option> is
|
|
turned off).
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-g</option>, <option>--gid</option> <replaceable>GID</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>The numerical value of the group's ID. <replaceable>GID</replaceable>
|
|
must be unique, unless the <option>-o</option> option is used. The value
|
|
must be non-negative. The default is to use the smallest ID
|
|
value greater than or equal to <option>GID_MIN</option> and
|
|
greater than every other group.
|
|
</para>
|
|
<para>
|
|
See also the <option>-r</option> option and the
|
|
<option>GID_MAX</option> description.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><option>-h</option>, <option>--help</option></term>
|
|
<listitem>
|
|
<para>Display help message and exit.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-K</option>, <option>--key</option> <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Overrides <filename>/etc/login.defs</filename> defaults
|
|
(GID_MIN, GID_MAX and others). Multiple
|
|
<option>-K</option> options can be specified.
|
|
</para>
|
|
<para>
|
|
Example: <option>-K</option> <replaceable>GID_MIN</replaceable>=<replaceable>100</replaceable>
|
|
<option>-K</option> <replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
|
|
</para>
|
|
<para>
|
|
Note: <option>-K</option> <replaceable>GID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable>
|
|
doesn't work yet.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-o</option>, <option>--non-unique</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
permits the creation of a group with an already used
|
|
numerical ID. As a result, for this
|
|
<replaceable>GID</replaceable>, the mapping towards group
|
|
<replaceable>NEWGROUP</replaceable> may not be unique.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-p</option>, <option>--password</option> <replaceable>PASSWORD</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
defines an initial password for the group account. PASSWORD is expected to
|
|
be encrypted, as returned by <citerefentry><refentrytitle>crypt
|
|
</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
|
</para>
|
|
<para>
|
|
Without this option, the group account will be locked and
|
|
with no password defined, i.e. a single exclamation mark
|
|
in the respective field of ths system account file
|
|
<filename>/etc/group</filename> or <filename>/etc/gshadow</filename>.
|
|
</para>
|
|
<para>
|
|
<emphasis role="bold">Note:</emphasis> This option is not
|
|
recommended because the password (or encrypted password) will
|
|
be visible by users listing the processes.
|
|
</para>
|
|
<para>
|
|
You should make sure the password respects the system's
|
|
password policy.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-r</option>, <option>--system</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Create a system group.
|
|
</para>
|
|
<para>
|
|
The numeric identifiers of new system groups are chosen in
|
|
the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option>
|
|
range, defined in <filename>login.defs</filename>, instead of
|
|
<option>GID_MIN</option>-<option>GID_MAX</option>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Apply changes in the <replaceable>CHROOT_DIR</replaceable>
|
|
directory and use the configuration files from the
|
|
<replaceable>CHROOT_DIR</replaceable> directory.
|
|
Only absolute paths are supported.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-P</option>, <option>--prefix</option> <replaceable>PREFIX_DIR</replaceable>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Apply changes to configuration files under the root filesystem
|
|
found under the directory <replaceable>PREFIX_DIR</replaceable>.
|
|
This option does not chroot and is intended for preparing a cross-compilation
|
|
target. Some limitations: NIS and LDAP users/groups are
|
|
not verified. PAM authentication is using the host files.
|
|
No SELINUX support.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<option>-U</option>, <option>--users</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
A list of usernames to add as members of the group.
|
|
</para>
|
|
<para>
|
|
The default behavior (if the <option>-g</option>,
|
|
<option>-N</option>, and <option>-U</option> options are not
|
|
specified) is defined by the <option>USERGROUPS_ENAB</option>
|
|
variable in <filename>/etc/login.defs</filename>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='configuration'>
|
|
<title>CONFIGURATION</title>
|
|
<para>
|
|
The following configuration variables in
|
|
<filename>/etc/login.defs</filename> change the behavior of this
|
|
tool:
|
|
</para>
|
|
<variablelist>
|
|
&GID_MAX; <!-- documents also GID_MIN -->
|
|
&MAX_MEMBERS_PER_GROUP;
|
|
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='files'>
|
|
<title>FILES</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>/etc/group</filename></term>
|
|
<listitem>
|
|
<para>Group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry condition="gshadow">
|
|
<term><filename>/etc/gshadow</filename></term>
|
|
<listitem>
|
|
<para>Secure group account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><filename>/etc/login.defs</filename></term>
|
|
<listitem>
|
|
<para>Shadow password suite configuration.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='caveats'>
|
|
<title>CAVEATS</title>
|
|
<para>
|
|
You may not add a NIS or LDAP group. This must be performed on the
|
|
corresponding server.
|
|
</para>
|
|
<para>
|
|
If the groupname already exists in an external group database such
|
|
as NIS or LDAP, <command>groupadd</command> will deny the group
|
|
creation request.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='exit_values'>
|
|
<title>EXIT VALUES</title>
|
|
<para>
|
|
The <command>groupadd</command> command exits with the following values:
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><replaceable>0</replaceable></term>
|
|
<listitem>
|
|
<para>success</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>2</replaceable></term>
|
|
<listitem>
|
|
<para>invalid command syntax</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>3</replaceable></term>
|
|
<listitem>
|
|
<para>invalid argument to option</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>4</replaceable></term>
|
|
<listitem>
|
|
<para>GID is already used (when called without <option>-o</option>)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>9</replaceable></term>
|
|
<listitem>
|
|
<para>group name is already used</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><replaceable>10</replaceable></term>
|
|
<listitem>
|
|
<para>can't update group file</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para><citerefentry>
|
|
<refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|