group_override(5)group_override(5)NAMEgroup_override - The registry group override file.
SYNOPSIS
dcelocal/etc/group_override
DESCRIPTION
The dcelocal/etc/group_override administrative file lets you override
group UNIX IDs and member lists stored in the network registry data‐
base. The group_override file functions in a similar manner as the
passwd_override file that overrides principal information in the net‐
work registry database. The override takes effect when you run
passwd_export. It may also impact local security mechanisms of vendor
specific implementations.
The group_override file is stored on each machine. Any changes you make
to it are in effect for the local machine only, and have no effect on
the centralized registry. You may find group_override especially useful
for overriding the default group definitions supplied with the registry
if they do not match your local UNIX system's group definitions.
The group_override File Format
The format of group_override entries is similar to the entries in the
UNIX group file. The format is as follows:
group_name:passwd:group_uid:members
In the override entry, group_name and group_uid are keyfields. You
must enter one to identify the group to which the override applies. The
keyfield is used to perform a lookup in the override file. The lookup
is performed in order as the fields are specified in the entry: first
by group name, then by group UNIX ID. If you specify both keyfields in
an override entry, the group_name is used as the lookup key; subsequent
fields are used as overrides.
Field Descriptions
Each entry in the group_override file is described below.
A keyfield that contains the name that identifies the group to which
the override applies. The encrypted password. If you specify an over‐
ride in this field, the password you enter is in effect for this local
machine only.
You can also specify OMIT in the passwd field to disallow using the
newgrp command on the local machine to change a user's group identifi‐
cation. The use of OMIT in conjunction with an option to the
passwd_export command also prevents the inclusion of this group in the
group file created by passwd_export. (See the section entitled "Using
OMIT," later in this command reference, for details.) A group UNIX ID.
This field can function as a keyfield, when no other keyfields are
entered, or as a field containing an override, when entered in conjunc‐
tion with group_name. When used as an override, this field specifies
the ID to be used for the group on the local machine. A comma-sepa‐
rated list of members of the group. The contents of this field override
information in the registry when passwd_export creates an /etc/group
file. Note that to specify a null membership, as opposed to indicating
no override is required, use an asterisk (*) for this field.
Leaving Fields Blank
If you do not want to override an item, leave its field blank, separat‐
ing each blank field with a colon (:). Note that to override a group
with a null membership list, enter an asterisk (*) for the members
field.
Using OMIT
If you enter either the word OMIT or another invalid password string
(such as an asterisk or NO GOOD) in the passwd field, users will not be
able to issue a newgrp to this group on the local machine. If you spec‐
ify OMIT and run passwd_export with the -x option, the named group will
not appear in the /etc/group file produced by passwd_export.
You should also be aware that, if you have omitted groups from the
/etc/group file, information about those groups will not be available
to any programs that use the group file. For example, the ls -lg com‐
mand accesses the group file to obtain further information about a
group. If the group is omitted, no group entry will exist and no infor‐
mation will be available. For this reason you should use OMIT to omit
groups from the /etc/group file only if your user community is very
large and either of the following conditions occur: The group file is
taking up too much space. Group-ID-to-name mapping is too slow (during
ls -lg, for example).
EXAMPLES
To assign the group named "kmem" a group ID of 3 on the local machine,
the entry in the group_override file is as follows: kmem::3: To over‐
ride the membership list of the group named "system" so that it con‐
tains only the single member named "root," the entry is as follows:
system:::root
RELATED INFORMATION
Command: passwd_export(1m)group_override(5)