grpunconv

grpunconv

The grpunconv command converts standard group files (/etc/group) to shadow group files (/etc/gshadow).

It essentially moves group password information from the world-readable /etc/group file to the more secure, root-readable /etc/gshadow file. This enhances system security by preventing unauthorized users from viewing group passwords (usually indicated by an 'x' in the /etc/group file).

After running grpunconv, only root can access the group password information. The /etc/group file will now contain 'x' where group passwords used to be. If an /etc/gshadow file already exists, grpunconv will merge the group information from /etc/group into it, creating new entries if necessary. Note: if using grpconv after grpunconv, group passwords are reset.

grpunconv should be used with caution. It's crucial to back up your /etc/group and /etc/gshadow files before running this command. Ensure you understand the implications of moving group passwords to the /etc/gshadow file. Running grpconv after grpunconv will reset group passwords.

grpunconv operates on the following files:
/etc/group - The standard group file.
/etc/gshadow - The shadow group file.

The grpunconv command was created to improve system security by hiding group password information from unauthorized users. Before the introduction of shadow group files, group passwords were stored in the /etc/group file, which was world-readable. This made it vulnerable to attack. The grpunconv utility, along with other shadow password utilities, was developed to address this vulnerability. It has become a standard tool in most Linux distributions.

grpconv(8), pwconv(8), pwunconv(8)