Bootstrap FreeKB - Linux Commands - gpasswd (change group password)
Linux Commands - gpasswd (change group password)
Updated:   |  Linux Commands articles

Secure group with an encrypted password

The gpasswd command without any options will start an interactive prompt to add or change a groups password. Adding or changing a group password using the groupadd or groupmod commands will create an unencrypted, cleartext password. Adding or changing a group password using the gpasswd command will create an encrypted password.

For example, to add or change the password for group1.

[root@server1 ~]# gpasswd group1
Changing the password for group group1
New Password: 
Re-enter new password:

 

The /etc/gshadow file will display the new, encrypted password.

[root@server1 ~]# cat /etc/gshadow
group1:$6$ubMs6/4RaKZ/r1$nx5pSdEbcKMAylN0q/txGd3J1nkRqQw.VO82SWTtfpZX5OvQWCsShZgNryl7WQ5YCCVLhEulsrDK2tLI6kDdP1::

 

Remove group password

The -r or --remove-password option can be used to remove a groups password. For example, to update group1 to not have a password.

[root@server1 ~]# gpasswd -r group1

 

The second file of the /etc/gshadow file will no longer contain a password.

[root@server1 ~]# cat /etc/gshadow
group1:::

 

Restrict access to a group

The -R or --restrict option can be used to restrict access to a group. It is important to recognize that this will remove the group password.

[root@server1 ~]# gpasswd -R group1

 

Once a group has been restircted, the second file of the /etc/gshadow file will contain an exclamation point.

[root@server1 ~]# cat /etc/gshadow
group1:!::

 

Add members to a group

The -a or --add option can be used to add members to a group. For example, to add john.doe to group1.

[root@server1 ~]# gpasswd -a john.doe group1

 

john.doe is now a member of group1.

[root@server1 ~]# cat /etc/group
group1:x:1001:john.doe

 

Once the group has been restricted, only users that have a password will be permitted access to join the group when using the newgrp command.

 

Remove members from a group

The -d or --delete option can be used to remove members from a group. For example, to remove john.doe from group1.

[root@server1 ~]# gpasswd -d john.doe group1

 

john.doe is no longer a member of group1.

[root@server1 ~]# cat /etc/group
group1:x:1001:

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 605d23 in the box below so that we can be sure you are a human.