grpck

News	Programs - Staf Wagemakers	Recommended Books	Recommended Links	Unix Group Administration	Reference
Unix groups command (ksh)	passwd	Expect	Managing user accounts in Perl	Humor	Etc

The grpck command verifies the correctness of the group definitions in the user database files by checking the definitions for ALL the groups or for the groups specified by the Group parameter. If more than one group is specified, there must be a space between the groups.

grpck { -n | -p | -t | -y } { ALL | Group ... }

Note: This command writes its messages to stderr.

You must select a flag to indicate whether the system should try to fix erroneous attributes. The following attributes are checked:

Checks the uniqueness and composition of the group name. The group name must be a unique string of eight bytes or less. It cannot begin with a + (plus sign), a : (colon), a - (minus sign), or a ~ (tilde). It cannot contain a colon (:) in the string and cannot be the ALL or default keywords. No system fix is possible.
groupID. Checks the uniqueness and composition of the group ID. The ID must not be null and must consist of decimal digits only. No system fix is possible.
users. Checks the existence of the users listed in the group database files. If you indicate that the system should fix errors, it will delete all the users that are not found in the user database files.
adms. Checks the existence of the users listed as group administrators in the group database files. If you indicate that the system should fix errors, it will delete all the administrators that are not found in the user database files.
admin. Checks for a valid admin attribute for each group in the /etc/security/group file. No system fix is available.

Generally, the sysck command calls the grpck command as part of the verification of a trusted-system installation. In addition, the root user or a member of the security group can enter the command.

The grpck command checks to see if the database management security files (/etc/passwd.nm.idx, /etc/passwd.id.idx, /etc/security/passwd.idx, and /etc/security/lastlog.idx) files are up-to-date or newer than the corresponding system security files. Please note, it is alright for the /etc/security/lastlog.idx to be not newer than /etc/security/lastlog. If the database management security files are out-of-date, a warning message appears indicating that the root user should run the mkpasswd command.

Flags

-n	Reports errors but does not fix them.
-p	Fixes errors but does not report them.
-t	Reports errors and asks if they should be fixed.
-y	Fixes errors and reports them.

Security

Access Control: This command should grant execute (x) access to the root user and members of the security group. The command should be setuid to the root user and have the trusted computing base attribute.

Files Accessed:

Mode	File
r	/etc/passwd
r	/etc/security/user
rw	/etc/security/group
rw	/etc/group

Auditing Events:

Event	Information
GROUP_User	user, groups, attribute \| error, status
GROUP_Adms	user, groups, attribute \| error, status

Examples

To verify that all the group members and administrators exist in the user database, and have any errors reported (but not fixed), enter:
grpck -n ALL
To verify that all the group members and administrators exist in the user database and to have errors fixed, but not reported, enter:
grpck -p ALL
To verify the uniqueness of the group name and group ID defined for the install group, enter:
grpck -n install

OR

grpck -t install

OR

grpck -y install

The grpck command does not correct the group names and IDs. Therefore, the -n, -t and -y flags report problems with group names and group IDs, but do not correct them.

Files

/usr/sbin/grpck	Contains the grpck command.
/etc/passwd	Contains the basic attributes of users.
/etc/security/user	Contains the extended attributes of users.
/etc/group	Contains the basic attributes of groups.
/etc/security/group	Contains the extended attributes of groups.

Related Information

The pwdck command, sysck command, usrck command.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in AIX 5L Version 5.3 Security Guide.

System V grpck command

Syntax

/usr/sysv/bin/grpck

Description

The /usr/sysv/bin/grpck command verifies the correctness of the group definitions in the user database files by checking the definitions for ALL the groups.This /usr/sysv/bin/grpck command is a System V version of the existing grpck command in /usr/sbin/.This command calls the /usr/sbin/grpck command with -n and ALL options.

Exit Status

0: Successful completion.
>0: An error occurred.

Examples

To verify that all the group members and administrators exist in the user database, and have any errors reported (but not fixed), enter:
```
/usr/sysv/bin/grpck
```

Files

/usr/sysv/bin/grpck: Contains the System V version of the grpck command.

Related Information

The /usr/sbin/grpck command.

Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with.
We do not warrant the correctness of the information provided or its fitness for any purpose
In no way this site is associated with or endorse cybersquatters using the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with bad faith intent to profit from the goodwill belonging to someone else.

Last modified: November 13, 2009