<?xml version="1.0" encoding="UTF-8"?> <!-- SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh SPDX-FileCopyrightText: 2007 - 2011, Nicolas François SPDX-License-Identifier: BSD-3-Clause --> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml"> <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml"> <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml"> <!-- SHADOW-CONFIG-HERE --> ]> <refentry id='groupadd.8'> <!-- $Id$ --> <refentryinfo> <author> <firstname>Julianne Frances</firstname> <surname>Haugh</surname> <contrib>Creation, 1991</contrib> </author> <author> <firstname>Thomas</firstname> <surname>Kłoczko</surname> <email>kloczek@pld.org.pl</email> <contrib>shadow-utils maintainer, 2000 - 2007</contrib> </author> <author> <firstname>Nicolas</firstname> <surname>François</surname> <email>nicolas.francois@centraliens.net</email> <contrib>shadow-utils maintainer, 2007 - now</contrib> </author> </refentryinfo> <refmeta> <refentrytitle>groupadd</refentrytitle> <manvolnum>8</manvolnum> <refmiscinfo class="sectdesc">System Management Commands</refmiscinfo> <refmiscinfo class="source">shadow-utils</refmiscinfo> <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo> </refmeta> <refnamediv id='name'> <refname>groupadd</refname> <refpurpose>create a new group</refpurpose> </refnamediv> <!-- body begins here --> <refsynopsisdiv id='synopsis'> <cmdsynopsis> <command>groupadd</command> <arg choice='opt'> <replaceable>OPTIONS</replaceable> </arg> <arg choice='plain'> <replaceable>NEWGROUP</replaceable> </arg> </cmdsynopsis> </refsynopsisdiv> <refsect1 id='description'> <title>DESCRIPTION</title> <para>The <command>groupadd</command> command creates a new group account using the values specified on the command line plus the default values from the system. The new group will be entered into the system files as needed. </para> <para> Groupnames may contain only lower and upper case letters, digits, underscores, or dashes. They can end with a dollar sign. Dashes are not allowed at the beginning of the groupname. Fully numeric groupnames and groupnames . or .. are also disallowed. </para> <para> Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. </para> </refsect1> <refsect1 id='options'> <title>OPTIONS</title> <para> The options which apply to the <command>groupadd</command> command are: </para> <variablelist remap='IP'> <varlistentry> <term> <option>-f</option>, <option>--force</option> </term> <listitem> <para> This option causes the command to simply exit with success status if the specified group already exists. When used with <option>-g</option>, and the specified GID already exists, another (unique) GID is chosen (i.e. <option>-g</option> is turned off). </para> </listitem> </varlistentry> <varlistentry> <term> <option>-g</option>, <option>--gid</option> <replaceable>GID</replaceable> </term> <listitem> <para>The numerical value of the group's ID. <replaceable>GID</replaceable> must be unique, unless the <option>-o</option> option is used. The value must be non-negative. The default is to use the smallest ID value greater than or equal to <option>GID_MIN</option> and greater than every other group. </para> <para> See also the <option>-r</option> option and the <option>GID_MAX</option> description. </para> </listitem> </varlistentry> <varlistentry> <term><option>-h</option>, <option>--help</option></term> <listitem> <para>Display help message and exit.</para> </listitem> </varlistentry> <varlistentry> <term> <option>-K</option>, <option>--key</option> <replaceable>KEY</replaceable>=<replaceable>VALUE</replaceable> </term> <listitem> <para> Overrides <filename>/etc/login.defs</filename> defaults (GID_MIN, GID_MAX and others). Multiple <option>-K</option> options can be specified. </para> <para> Example: <option>-K</option> <replaceable>GID_MIN</replaceable>=<replaceable>100</replaceable> <option>-K</option> <replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable> </para> <para> Note: <option>-K</option> <replaceable>GID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>GID_MAX</replaceable>=<replaceable>499</replaceable> doesn't work yet. </para> </listitem> </varlistentry> <varlistentry> <term> <option>-o</option>, <option>--non-unique</option> </term> <listitem> <para> permits the creation of a group with an already used numerical ID. As a result, for this <replaceable>GID</replaceable>, the mapping towards group <replaceable>NEWGROUP</replaceable> may not be unique. </para> </listitem> </varlistentry> <varlistentry> <term> <option>-p</option>, <option>--password</option> <replaceable>PASSWORD</replaceable> </term> <listitem> <para> defines an initial password for the group account. PASSWORD is expected to be encrypted, as returned by <citerefentry><refentrytitle>crypt </refentrytitle><manvolnum>3</manvolnum></citerefentry>. </para> <para> Without this option, the group account will be locked and with no password defined, i.e. a single exclamation mark in the respective field of ths system account file <filename>/etc/group</filename> or <filename>/etc/gshadow</filename>. </para> <para> <emphasis role="bold">Note:</emphasis> This option is not recommended because the password (or encrypted password) will be visible by users listing the processes. </para> <para> You should make sure the password respects the system's password policy. </para> </listitem> </varlistentry> <varlistentry> <term> <option>-r</option>, <option>--system</option> </term> <listitem> <para> Create a system group. </para> <para> The numeric identifiers of new system groups are chosen in the <option>SYS_GID_MIN</option>-<option>SYS_GID_MAX</option> range, defined in <filename>login.defs</filename>, instead of <option>GID_MIN</option>-<option>GID_MAX</option>. </para> </listitem> </varlistentry> <varlistentry> <term> <option>-R</option>, <option>--root</option> <replaceable>CHROOT_DIR</replaceable> </term> <listitem> <para> Apply changes in the <replaceable>CHROOT_DIR</replaceable> directory and use the configuration files from the <replaceable>CHROOT_DIR</replaceable> directory. Only absolute paths are supported. </para> </listitem> </varlistentry> <varlistentry> <term> <option>-P</option>, <option>--prefix</option> <replaceable>PREFIX_DIR</replaceable> </term> <listitem> <para> Apply changes to configuration files under the root filesystem found under the directory <replaceable>PREFIX_DIR</replaceable>. This option does not chroot and is intended for preparing a cross-compilation target. Some limitations: NIS and LDAP users/groups are not verified. PAM authentication is using the host files. No SELINUX support. </para> </listitem> </varlistentry> <varlistentry> <term> <option>-U</option>, <option>--users</option> </term> <listitem> <para> A list of usernames to add as members of the group. </para> <para> The default behavior (if the <option>-g</option>, <option>-N</option>, and <option>-U</option> options are not specified) is defined by the <option>USERGROUPS_ENAB</option> variable in <filename>/etc/login.defs</filename>. </para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1 id='configuration'> <title>CONFIGURATION</title> <para> The following configuration variables in <filename>/etc/login.defs</filename> change the behavior of this tool: </para> <variablelist> &GID_MAX; <!-- documents also GID_MIN --> &MAX_MEMBERS_PER_GROUP; &SYS_GID_MAX; <!-- documents also SYS_GID_MIN --> </variablelist> </refsect1> <refsect1 id='files'> <title>FILES</title> <variablelist> <varlistentry> <term><filename>/etc/group</filename></term> <listitem> <para>Group account information.</para> </listitem> </varlistentry> <varlistentry condition="gshadow"> <term><filename>/etc/gshadow</filename></term> <listitem> <para>Secure group account information.</para> </listitem> </varlistentry> <varlistentry> <term><filename>/etc/login.defs</filename></term> <listitem> <para>Shadow password suite configuration.</para> </listitem> </varlistentry> </variablelist> </refsect1> <refsect1 id='caveats'> <title>CAVEATS</title> <para> You may not add a NIS or LDAP group. This must be performed on the corresponding server. </para> <para> If the groupname already exists in an external group database such as NIS or LDAP, <command>groupadd</command> will deny the group creation request. </para> </refsect1> <refsect1 id='exit_values'> <title>EXIT VALUES</title> <para> The <command>groupadd</command> command exits with the following values: <variablelist> <varlistentry> <term><replaceable>0</replaceable></term> <listitem> <para>success</para> </listitem> </varlistentry> <varlistentry> <term><replaceable>2</replaceable></term> <listitem> <para>invalid command syntax</para> </listitem> </varlistentry> <varlistentry> <term><replaceable>3</replaceable></term> <listitem> <para>invalid argument to option</para> </listitem> </varlistentry> <varlistentry> <term><replaceable>4</replaceable></term> <listitem> <para>GID is already used (when called without <option>-o</option>)</para> </listitem> </varlistentry> <varlistentry> <term><replaceable>9</replaceable></term> <listitem> <para>group name is already used</para> </listitem> </varlistentry> <varlistentry> <term><replaceable>10</replaceable></term> <listitem> <para>can't update group file</para> </listitem> </varlistentry> </variablelist> </para> </refsect1> <refsect1 id='see_also'> <title>SEE ALSO</title> <para><citerefentry> <refentrytitle>chfn</refentrytitle><manvolnum>1</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>chsh</refentrytitle><manvolnum>1</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>gpasswd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>groupdel</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>groupmod</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum> </citerefentry>. </para> </refsect1> </refentry>