GPASSWD(1) User Commands GPASSWD(1) gpasswd - administer /etc/group and /etc/gshadow gpasswd [option] group The gpasswd command is used to administer /etc/group, and /etc/gshadow. Every group can have administrators, members and a password. System administrators can use the -A option to define group administrator(s) and the -M option to define members. They have all rights of group administrators and members. gpasswd called by a group administrator with a group name only prompts for the new password of the group. If a password is set the members can still use newgrp(1) without a password, and non-members must supply the password. Group passwords are an inherent security problem since more than one person is permitted to know the password. However, groups are a useful tool for permitting co-operation between different users. Except for the -A and -M options, the options cannot be combined. The options which apply to the gpasswd command are: -a, --add user Add the user to the named group. -d, --delete user Remove the user from the named group. -h, --help -Q, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. Only absolute paths are supported. -r, --remove-password Remove the password from the named group. The group password will be empty. Only group members will be allowed to use newgrp to join the named group. -R, --restrict Restrict the access to the named group. The group password is set to "!". Only group members with a password will be allowed to use newgrp to join the named group. -A, --administrators user,... -M, --members user,... CAVEATS This tool only operates on the /etc/group and /etc/gshadow files. Thus you cannot change any NIS or LDAP group. This must be performed on the corresponding server. The following configuration variables in /etc/login.defs change the behavior of this tool: /etc/group /etc/gshadow newgrp(1), groupadd(8), groupdel(8), groupmod(8), grpck(8), group(5), gshadow(5). shadow-utils 4.15.1 2024-04-01 GPASSWD(1)