chgrpmem Command

Purpose

Changes the administrators or members of a group.

Syntax

chgrpmem [-R load_module] [ { -a | -m } { + | - | = } User ... ] Group

Description

The chgrpmem command changes the administrators or members of the group specified by the Group parameter. Use this command to add, delete, or set a group's members or administrators list. You cannot remove users from their primary group. A user's primary group is maintained in the /etc/passwd file. If you specify only a group with the chgrpmem command, the command lists the group's members and administrators.

To change the administrators or members of a group that were created with an alternate Identification and Authentication (I&A) mechanism, the -R flag can be used to specify the I&A loadable module. Load modules are defined in the /usr/lib/security/methods.cfg file.

To add, delete, or set a user as a group administrator, specify the -a flag. Otherwise, to add, delete, or set a user as a group member, specify the -m flag. You must specify one of these flags and an operator to change a user's group membership. The operators do the following:

Item Description
+ Adds the specified user.
- Deletes the specified user.
= Sets the list of administrators or members to the specified user.

You can specify more than one User parameter at a time. To do this, specify a comma-separated list of user names.

See the chgroup command for a list of restrictions that apply to changing group information.

Flags

Item Description
-a Changes a group's administrators list.
-m Changes the group's members list.
-R Specifies the loadable I&A module used to change the administrators or members of a group.

Exit Status

This command returns the following exit values:
Item Description
0 The command runs successfully and all requested changes are made.
>0 An error occurred. The printed error message gives further details about the type of failure.

Security

Access Control

All users should have execute (x) access to this command because the command itself enforces the access rights. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the security group with the setgid (SGID) bit set.

Files Accessed

Item Description
Mode File
x /usr/bin/chgroup
r /etc/passwd
r /etc/group
rw /etc/security/group

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To remove jones as an administrator of the f612 group, enter:

    chgrpmem  -a - jones f612

  2. To add members davis and edwards to group f612, enter:

    chgrpmem  -m + davis,edwards f612

  3. To list members and administrators of group staff, enter: 
    chgrpmem staff
  4. To list members of the LDAP I&A loadable module group monsters, enter: 
    chgrpmem -R LDAP monsters

Files

Item Description
/usr/bin/chgrpmem Specifies the path to the chgrpmem command.
/etc/passwd Contains the basic attributes of users.
/etc/group Contains the basic attributes of groups.
/etc/security/group Contains the extended attributes of groups.