grpck command in Linux System verifies the integrity of the groups information. It checks that all entries in /etc/group and /etc/gshadow have the proper format and contain valid data. The user is prompted to delete entries which are in incorrect formatted or which have uncorrectable errors.
grpck [options] [group [gshadow]]
Description: Checks are made to verify that each entry has:
- The correct number of fields
- A unique and valid group name
- A valid group identifier (/etc/group only)
- A valid list of members and administrators
- A corresponding entry in the etc/gshadow(respectively for the gshadow checks)
The checks for the correct number of fields and a unique group name are fatal. If an entry has the wrong number of fields, the user will be prompted to delete the entire line. The commands which operate on the /etc/group and /etc/gshadow files are not able to alter corrupted or duplicated entries. grpck should be used in those circumstances to remove the offending entries.
Configuration: The following configuration variables in /etc/login.defs change the behavior of this tool:
- Maximum members per group entry. When the maximum is reached, a new group entry (line) is started in /etc/group (with the same name, same password, and same GID).
- The default value is 0, meaning that there are no limits on the number of members in a group.
- This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters.
Exit Values: The grpck command exits with the following values:
- 0 – success
- 1 – invalid command syntax
- 2 – one or more bad group entries
- 3 – can’t open group files
- 4 – can’t lock group files
- 5 – can’t update group files
grpck command without any Option: It will give two message immediately
- Permission Denied.
- Cannot lock /etc/group; try again later.
We can’t use grpck command directly. Only the Administrator or root user can use this commands.
Different options with the grpck Command:
We can us grpck command when we are Administrator or root user. Use command give below to enter in root or administrator mode.
Now we will create Users and will apply grpck command to see how it will work. We can Create Group and User suing this command.
addgroup group_name adduser user_name -G group_name
addgroup: Use to create Group.
adduser: Use to create User.
We can create as many users we want instantly, Here I’m creating 100 users just by one command:
for i in `seq 1 100`; do echo adduser -G group1 "user$i"|| break ;done
User and Group Configuration Files: We are seeing some unknown things from starting like – /etc/passwd, /etc/shadow etc. Let’s see what are these unknown symbols signifies.
- These are configuration files which come into play after a user created.
etc/passwd: When a new user is added, the information is stored as a single, colon-separated line in /etc/passwd. Here is an example of an entry in this file:
# tail -1 /etc/passwd
- etc/shadow: With shadow passwords, a new entry is automatically added to /etc/shadow when a new user is created. This file can be viewed only by root. Here is an example of an entry in this file:
# tail -1 /etc/shadow
- etc/gshadow: Hashed group passwords are stored in this file. However, group passwords are rarely used. Here is an example of an entry in this file:
# tail -1 /etc/gshadow
- etc/group: Because Oracle Linux uses a UPG scheme, a new entry is automatically created in /etc/group when a new user is added. The group name is the same as the username. Here is an example of an entry in this file:
# tail -1 /etc/group
Now we successfully stored user in-group and know about all configuration Files .
1. -r –read-only Execute the grpck command in read-only mode. This causes all questions regarding changes to be answered no without user intervention.
grpck -r /etc/passwd
2. -s –sort Sort entries in /etc/group /etc/gshadow by GID(Group ID).
grpck -s /etc/group