groupmems

Manage members of the user's primary group

Supplementary instructions

The groupmems command allows a user to manage his/her own list of group members without requiring superuser privileges. The groupmems utility is intended for systems that have their users configured as primary groups (i.e. guests/guests) in their own name.

Only superusers who are administrators can use groupmems to change the membership of other groups.

grammar

groupmems -a user_name | -d username | [-g user group name] | -l | -p

Options

-a, --add user_name # Add user to group members list. If the /etc/gshadow file exists and the group does not have an entry in the /etc/gshadow file, a new entry will be created.

-d, --delete user_name
# Remove the user from the group membership list.
# If the /etc/gshadow file exists, the user will be removed from the group's list of members and administrators.
# If the /etc/gshadow file exists and the group does not have an entry in the /etc/gshadow file, a new entry will be created.

-g, --group group_name # The super user can specify the list of group members to be modified.
-l, --list # List group members.
-p, --purge #Purge all users from the group membership list.
# If the /etc/gshadow file exists and the group does not have an entry in the /etc/gshadow file, a new entry will be created.

Configuration

The following configuration variables in /etc/login.defs change the behavior of this tool:

MAX_MEMBERS_PER_GROUP (number)

The maximum number of members per group entry. When the maximum is reached, start a new group entry (line) in /etc/group (with the same name, the same password and the same GID).

The default value is 0, which means there is no limit to the number of members in the group.

This feature (Split Group) allows limiting the line length in group files. This helps ensure that NIS group lines do not exceed 1024 characters.

If you need to enforce such a limit, you can use 25.

Note: Not all tools support splitting groups (even in the Shadow toolkit). You should not use this variable unless you really need it.

example

The groupmems executable should be in mode 2770 as user root and group group. System administrators can add users to groups to allow or disable them from managing their own list of group members using the groupmems utility.

groupadd -r groups
chmod 2770 groupmems

chown root.groups groupmems
groupmems -g groups -a gk4

Let's create a new user and a new group and verify the results:

useradd student
passwd student
groupadd staff

Make user student a member of group people:

groupmems -g staff -a student
groupmems -g staff -l

Add user to group:

groupmems -a mike -g SUPPORT
groupmems --add mike -g SUPPORT

Delete/remove user from group:

groupmems -d mike SUPPORT -g SUPPORT
groupmems --delete mike SUPPORT -g SUPPORT

Change group name:

groupmems -g SUPPORT

Remove a user from a group:

groupmems -p -g SUPPORT
groupmems --purge -g SUPPORT

To list the members of a group:

groupmems -l -g SUPPORT
groupmems --list -g SUPPORT