/etc/security/group File

AIX Version 4 Files Reference

/etc/security/group File

Purpose

Contains extended group attributes.

Description

The /etc/security/group file contains extended group attributes. This is an ASCII file that contains a stanza for each system group. Each stanza is identified by a group name from the /etc/group file followed by a : (colon) and contains attributes in the form Attribute=Value. Each attribute pair ends with a new-line character as does each stanza. You can have multiple default stanzas in the /etc/security/group file. A default stanza applies to all of the stanzas that follow, but does not apply to the stanzas preceding it.

A stanza can have either or both of the following attributes:

adms

Defines the group administrators. Administrators are users who can perform administrative tasks for the group, such as setting the members and administrators of the group. This attribute is ignored if admin = true, since only the root user can alter a group defined as administrative. The value is a list of comma-separated user login-names. The default value is an empty string.

admin

Defines the administrative status of the group. Possible values are:

true	Defines the group as administrative. Only the root user can change the attributes of groups defined as administrative.
false	Defines a standard group. The attributes of these groups can be changed by the root user or a member of the security group. This is the default value.

dce_export

Allows the DCE registry to overwrite the local group information with the DCE group information during a DCE export operation. Possible values are:

true	Local group information will be overwritten.
false	Local group information will not be overwritten.

For a typical stanza, see the "Examples" section.

You should access the /etc/security/group file through the system commands and subroutines defined for this purpose. You can use the following commands to manage groups:

mkgroup
chgroup
chgrpmem
lsgroup
rmgroup

The mkgroup command adds new groups to the /etc/group file and the /etc/security/group file. Use this command to create an administrative group. You can also use the mkgroup to set the group administrator.

Use the chgroup command to change all the attributes. If you are an administrator of a standard group, you can change the adms attribute for that group with the chgrpmem command.

The lsgroup command displays both the adms and the admin attributes. The rmgroup command removes the entry from both the /etc/group file and the /etc/security/group file.

To write programs that affect attributes in the /etc/security/group file, use the subroutines listed in Related Information.

Security

Access Control: This file should grant read (r) access to the root user and members of the security group, and to others as permitted by the security policy for the system. Only the root user should have write (w) access.

Auditing Events:

Event	Information
S_GROUP_WRITE	file name

Examples

A typical stanza looks like the following example for the finance group:

finance:
          admin = false
          adms = cjf, scott, sah

Implementation Specifics

This file is part of Base Operating System (BOS) Runtime.

Files

/etc/security/group	Specifies the path to the file.
/etc/group	Contains the basic attributes of groups.
/etc/passwd	Contains the basic attributes of users.
/etc/security/passwd	Contains password information.
/etc/security/user	Contains the extended attributes of users.
/etc/security/environ	Contains the environment attributes of users.
/etc/security/limits	Contains the process resource limits of users.
/etc/security/audit/config	Contains audit system configuration information.
/etc/security/lastlog	Contains last login information.

Related Information

The chgroup command, chgrpmem command, lsgroup command, mkgroup command, rmgroup command, setgroups command.

The enduserdb subroutine, getgroupattr subroutine, IDtogroup subroutine, nextgroup subroutine, putgroupattr subroutine, setuserdb subroutine.

File and System Security Overview in AIX Version 4.3 System Management Guide: Operating System and Devices.