grpck

grpck [-q] [-r] [-s] [-h] [-V] [groupfile [gshadowfile]]

-q, --quiet
    Suppress non-error messages; only reports issues

-r, --read-only
    Exit on read errors without modifying files

-s, --sort
    Sort group entries by ascending GID

-h, --help
    Display usage summary and exit

-V, --version
    Output version information and exit

groupfile [gshadowfile]
    Optional paths to check; defaults to /etc/group and /etc/gshadow

The grpck command is a utility for checking the integrity and consistency of the system's group database files, primarily /etc/group and /etc/gshadow. It performs a series of validation checks to ensure data integrity, such as verifying no duplicate group names or GIDs, ensuring all referenced users exist, checking for valid syntax, and confirming shadow entries match group file entries.

By default, grpck reads these files (or user-specified ones), reports any inconsistencies or errors, and interactively prompts for corrections unless run in quiet mode. It can repair issues like orphaned shadow entries or sort entries by GID. This tool is essential for system administrators to maintain secure and functional group management, preventing issues from manual edits or corruption.

Typically invoked as root via sudo, it helps before or after bulk group modifications. Errors are flagged clearly, with options for non-interactive use in scripts. Successful runs exit with code 0; syntax errors yield 1, system errors 2.

Must run as root; interactive prompts for changes unless -q; backups recommended before repairs; not for NIS/LDAP groups.

0: success
1: syntax/integrity errors found
2: system error (e.g., permissions)

/etc/group: ASCII group definitions
/etc/gshadow: Shadow group passwords

Part of shadow-utils suite; developed by Julianne Frances Haugh in 1990s for Linux shadow password support; evolved with utils-common package.

pwck(8), vigr(8), vipw(8), groupadd(8), groupdel(8)