Changes attributes for groups.
chgroup [ -R load_module ] Attribute=Value ... Group
Attention: Do not use the chgroup command if you have a Network Information Service (NIS) database installed on your system, as this could cause serious system database inconsistencies.
The chgroup command changes attributes for the group specified by the Group parameter. The group name must already exist as a string of 8 bytes or less. To change an attribute, specify the attribute name and the value you want to change it to in the Attribute=Value parameter.
To change the attributes for a group that was created with an alternate Identification and Authentication (I&A) mechanism, the -R flag can be used to specify the I&A loadable module. Load modules are defined in the /usr/lib/security/methods.cfg file.
You can use the Users application in Web-based System Manager (wsm) to change user characteristics. You could also use the System Management Interface Tool (SMIT) smit chgroup fast path to run this command.
To ensure the security of group information, there are restrictions on using the chgroup command. Only the root user or users with UserAdmin authorization can use the chgroup command to change any group. These changes include:
An administrative group is a group with the admin attribute set to true. Members of the security group can change the attributes of nonadministrative groups including adding users to the list of administrators.
-R | Specifies the loadable I&A module used to change user's attributes. |
You change attributes by
specifying an Attribute=Value
parameter. If you have the proper authority you can set the following
group attributes:
The adms and admin attributes are set in the /etc/security/group file. The remaining attributes are set in the /etc/group file. If any of the attributes you specify with the chgroup command are invalid, the command makes no changes at all.
Access Control: This command should grant execute (x) access only to the root user and the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.
Mode | File |
---|---|
rw | /etc/group |
rw | /etc/security/group |
r | /etc/passwd |
Event | Information |
---|---|
GROUP_Change | group, attributes |
Changing a group's attributes may not be supported by all loadable I&A modules. If the loadable I&A module does not support changing a group's attributes, an error is reported.
chgroup users=sam,carol,frank finance
chgroup users=sam,carol adms= finance
In this example, two attribute values were changed. The name frank was omitted from the list of members, and the value for the adms attribute was left blank.
chgroup -R LDAP users=sam,frank monsters
/usr/bin/chgroup | Specifies the path to the chgroup command. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/passwd | Contains the basic attributes of users. |
The chfn command, chgrpmem command, chsh command, chuser command, lsgroup command, lsuser command, mkgroup command, mkuser command, passwd command, pwdadm command, rmgroup command, rmuser command, setgroups command, setsenv command.
For information on installing the Web-based System Manager, see Chapter 2: Installation and System Requirements in AIX 5L Version 5.1 Web-based System Manager Administration Guide.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.