KEMBAR78
Gpasswd Command | PDF | Password | Areas Of Computer Science
Scribd
Upload
105 views4 pages

Gpasswd Command

The gpasswd command is used to administer the /etc/group and /etc/gshadow files which contain group and secure group information. It allows adding or removing users from groups with options like -a and -d, and can set group administrators with -A or restrict access to a group with -R. The /etc/login.defs configuration file contains variables that control gpasswd behavior like the encryption method and number of SHA rounds.

Uploaded by

Darko
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
105 views4 pages

Gpasswd Command

The gpasswd command is used to administer the /etc/group and /etc/gshadow files which contain group and secure group information. It allows adding or removing users from groups with options like -a and -d, and can set group administrators with -A or restrict access to a group with -R. The /etc/login.defs configuration file contains variables that control gpasswd behavior like the encryption method and number of SHA rounds.

Uploaded by

Darko
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 4

Linux gpasswd command

Updated: 06/16/2017 by Computer Hope

• About gpasswd
• gpasswd syntax
• gpasswd examples
• Related commands
• Linux and Unix commands help

About gpasswd
gpasswd is used to administer /etc/group and /etc/gshadow.
/etc/group contains group information, and /etc/gshadow contains secure group information.

gpasswd syntax
gpasswd [option] group

Options
(Except for the -A and -M options, the following options cannot be combined.)

-a, --add user Add user to the named group.

-d, --delete user Remove user from the named group.


-h, --help Display help message and exit.

-Q, --root Apply changes in the CHROOT_DIR directory and use the configuration
CHROOT_DIR files from the CHROOT_DIR directory.

Remove the password from the named group. The group password will be
-r, --remove-password
empty. Only group members will be allowed to use newgrp to join the
group
named group.

Restrict the access to the named group. The group password is set to "!".
-R, --restrict group Only group members with a password will be allowed to use newgrp to join
the named group.

-A, --administrators
Set the list of administrative users.
user,...

-M, --members user,... Set the list of group members.

Configuration
The following configuration variables in /etc/login.defs change the behavior of gpasswd:

name type description


This defines the system default encryption algorithm for encrypting
passwords (if no algorithm is specified on the command line).

It can take one of these values: DES (default), MD5, SHA256,


SHA512.
ENCRYPT_METHO
string
D This parameter overrides the MD5_CRYPT_ENAB variable.

Note: This only affect the generation of group passwords. The


generation of user passwords is done by PAM and subject to the PAM
configuration. It is recommended to set this variable consistently with
the PAM configuration.

MAX_MEMBERS_ number Maximum members per group entry. When the maximum is reached, a
PER_GROUP new group entry (line) is started in /etc/group (with the same name,
same password, and same GID).

The default value is 0, meaning that there are no limits in the number
of members in a group.

This feature (split group) permits to limit the length of lines in the
group file. This is useful to make sure that lines for NIS groups are not
larger than 1024 characters.

If you need to enforce such limit, you can use 25.

Note: split groups may not be supported by all tools (even in the
Shadow toolsuite). You should not use this variable unless you really
need it.

Indicate if passwords must be encrypted using the MD5-based


algorithm. If set to yes, new passwords will be encrypted using the
MD5-based algorithm compatible with the one used by recent releases
of FreeBSD. It supports passwords of unlimited length and longer salt
strings. Set to no if you need to copy encrypted passwords to other
systems which don't understand the new algorithm. Default value is
no.

This variable is superseded by the ENCRYPT_METHOD variable or


MD5_CRYPT_ENA
boolean by any command line option used to configure the encryption
B
algorithm.

This variable is deprecated. You should use ENCRYPT_METHOD


instead.

Note: This only affects the generation of group passwords. The


generation of user passwords is done by PAM and subject to the PAM
configuration. It is recommended to set this variable consistently with
the PAM configuration.

SHA_CRYPT_MIN_ number When ENCRYPT_METHOD is set to SHA256 or SHA512, this


ROUNDS or defines the number of SHA rounds used by the encryption algorithm
SHA_CRYPT_MAX by default (when the number of rounds is not specified on the
_ROUNDS command line). With a lot of rounds, it is more difficult to brute force
the password. But note also that more CPU resources will be needed
to authenticate users.

If not specified, the libc will choose the default number of rounds
(5000).

The values must be inside the 1000—999,999,999 range.

If only one of the SHA_CRYPT_MIN_ROUNDS or


SHA_CRYPT_MAX_ROUNDS values is set, then this value will be
used.

If SHA_CRYPT_MIN_ROUNDS is greater than


SHA_CRYPT_MAX_ROUNDS, the highest value will be used.
Note: This only affects the generation of group passwords. The
generation of user passwords is done by PAM and subject to the PAM
configuration. It is recommended to set this variable consistently with
the PAM configuration.

gpasswd examples
gpasswd -a mozart musicians

Adds the user mozart to the group musicians.


gpasswd -A george mathematicians

Give user george administrative rights to the group mathematicians.


gpasswd -d hope yankees
Remove user hope from the group yankees.

You might also like