groupadd(8)groupadd(8)NAMEgroupadd - Adds a new group definition
SYNOPSIS
/usr/sbin/groupadd [-g gid] [-o] [-P] [-x extended_option] group_name
OPTIONS
Specifies the group identifier (GID) of the new group being added. The
GID must be a non-negative decimal integer. Allows a group identifica‐
tion (GID) number to be duplicated (non-unique). This option can be
used only with the -g option. Creates a PC group only. Extended
options are of the form attribute=value. You may enter any number of
extended options (within the character limit of the command line) by
separating each option with a space. Alternatively, they may be entered
separately following the -x switch. Note that some extended options are
only available under specific system environments.
The following sets of extended_option attributes are available:
Indicates whether the group is local. If set to 1, the group is
added to the local database. This also sets the value of
extended options distributed and ldap to 0. Indicates whether
the group is distributed. If set to 1, the group is added to
the NIS database. This also sets the value of extended option
local to 0. You must be on the NIS master to create a NIS group.
Indicates whether the group is created on an LDAP server. If set
to 1, the group is added to the LDAP server and also sets the
value of extended options local and distributed to 0. LDAP must
be configured, and you must be on the LDAP server or an LDAP
client with permission to modify the LDAP database. A comma-
delimited list of user's who will be members of the UNIX group.
You can specify the user (login) name or the account UID.
The following extended_option attributes are available for PC
group administration if the Advanced Server for UNIX (ASU) is
configured and running: Specifies a text string that provides a
description of the PC group. Specifies a comma delimited list
of PC users to be added to the current list of members of a PC
group. Note that this adds, but does not replace members.
Specifies the name of the new group. There are restrictions,
described below, on the length and allowable characters in the
group name.
DESCRIPTION
The groupadd command is part of a set of command-line interfaces (CLI)
that are used to create and administer user groups on the system. When
the Advanced Server for UNIX (ASU) is installed and running, the
groupadd command can also be used to administer PC groups for users who
are also holders of Windows NT domain accounts. Accounts can also be
created with the /usr/bin/X11/dxaccounts graphical user interface (GUI)
or the sysman (8) Accounts Menu.
Different options are available depending on how the local system is
configured: In the default UNIX environment, user account management is
compliant with the IEEE POSIX Standard P1387.3. The CLI is backwards-
compatible, so all existing local scripts will function. However, you
should consider testing your account management scripts before use.
The groupadd command lets the system administrator create new groups on
the system by specifying the group name and GID. When the GID is not
specified (with the -g option), the GID defaults to the next available
(unique) number.
The -x options local, distributed, and ldap let the system administra‐
tor specify whether the new group is local, distributed by NIS, or an
LDAP server. If these options are not specified on the command line,
the system adds the new group to the appropriate database as specified
by the system defaults. System defaults for groups may be set with the
groupmod -D option. In the absence of any defaults, groupadd creates a
local group. Certain combinations of these settings are incompatible
and produce an error: it is invalid to set all of these values to 0 or
set more than one of them to 1.
RESTRICTIONS
You must have superuser privilege to execute this command.
Distributed groups can only be added, modified, or deleted on NIS
servers.
LDAP groups can only be added, modified, or deleted on an LDAP server
or on a suitably privileged LDAP client.
You cannot specify more than 255 characters on a single command line.
However, lines can be split to an appropriate length. If you try and
enter too many new groups, the group file may be corrupted.
Certain characters that have special meaning for the shells are not
allowed in the group name. This list includes $@/[]:;|=,*?<>(){}"'`#,
backslash (\), and white space (space, tab, newline, form-feed,
return). In addition, the first character of the new group name cannot
be one of +-!~.
In this release the maximum length of a group name is 8 characters.
The pc_synchronize default value is not used for groupadd, groupmod,
and groupdel. UNIX and PC groups cannot be synchronized and therefore
must be created separately. Use the command groupadd-P xdomain to cre‐
ate a PC group named xdomain. Then, use the command groupadd xdomain
to create a UNIX group named xdomain.
EXIT STATUS
The groupadd command exits with one of the following values: Success.
Failure. Warning.
EXAMPLES
The following example adds the group, newgroup, to the group database
with a system-provided GID:
% groupadd newgroup
The following example adds the group, newgroup, to the group database
with a GID of 451:
% groupadd-g 451 newgroup The following example adds the group, new‐
group, to the NIS master database:
% groupadd-x distributed=1
newgroup
The following example adds the PC group, projectX with members JoeMc
and HiteshC:
% groupadd-P
-x pc_group_members=JoeMc,HiteshC, \
projectX The following example adds the PC group, newgroup and pro‐
vides a description field “common project group”: % groupadd-P -x
pc_group_description="common project group" \
projectX
FILES
The groupadd command operates on files for the specific level of system
security.
SEE ALSO
Commands: groupdel(8), groupmod(8), useradd(8), userdel(8), usermod(8)
System Administration
Security
Advanced Server for UNIX administration and configuration documents.
groupadd(8)
