gshadow manpage

Search topic Section

GSHADOW(5)		 File Formats and Conversions		    GSHADOW(5)

       gshadow - shadowed group file

       /etc/gshadow contains the shadowed information for group accounts.

       This file must not be readable by regular users if password security is
       to be maintained.

       Each line of this file contains the following colon-separated fields:

       group name
	   It must be a valid group name, which exist on the system.

       encrypted password
	   Refer to crypt(3) for details on how this string is interpreted.

	   If the password field contains some string that is not a valid
	   result of crypt(3), for instance ! or *, users will not be able to
	   use a unix password to access the group (but group members do not
	   need the password).

	   The password is used when an user who is not a member of the group
	   wants to gain the permissions of this group (see newgrp(1)).

	   This field may be empty, in which case only the group members can
	   gain the group permissions.

	   A password field which starts with a exclamation mark means that
	   the password is locked. The remaining characters on the line
	   represent the password field before the password was locked.

	   This password supersedes any password specified in /etc/group.

	   It must be a comma-separated list of user names.

	   Administrators can change the password or the members of the group.

	   Administrators also have the same permissions as the members (see

	   It must be a comma-separated list of user names.

	   Members can access the group without being prompted for a password.

	   You should use the same list of users as in /etc/group.

	   Group account information.

	   Secure group account information.

       gpasswd(5), group(5), grpck(8), grpconv(8), newgrp(1).

File Formats and Conversions	  07/24/2009			    GSHADOW(5)