GPASSWD(1) User Commands GPASSWD(1)


gpasswd - administer /etc/group and /etc/gshadow


gpasswd [option] group


The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password.

System administrators can use the -A option to define group administrator(s) and the -M option to define members. They have all rights of group administrators and members.

gpasswd called by a group administrator with a group name only prompts for the new password of the group.

If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password.


Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users.


Except for the -A and -M options, the options cannot be combined.

The options which apply to the gpasswd command are:

-a, --add user

Add the user to the named group.

-d, --delete user

Remove the user from the named group.

-h, --help


-Q, --root CHROOT_DIR

Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. Only absolute paths are supported.

-r, --remove-password

Remove the password from the named group. The group password will be empty. Only group members will be allowed to use newgrp to join the named group.

-R, --restrict

Restrict the access to the named group. The group password is set to "!". Only group members with a password will be allowed to use newgrp to join the named group.

-A, --administrators user,...


-M, --members user,...


This tool only operates on the /etc/group and /etc/gshadow files. Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server.


The following configuration variables in /etc/login.defs change the behavior of this tool:







newgrp(1), groupadd(8), groupdel(8), groupmod(8), grpck(8), group(5), gshadow(5).

2023-09-24 shadow-utils 4.14.0