update-passwd

update-passwd

The update-passwd command updates the group's password file (/etc/gshadow) by synchronizing it with the data in /etc/group. It's primarily used to add shadow group support to existing systems or when group information is manually modified and the shadow file needs reconciliation.

The utility checks for inconsistencies between the group file and the shadow group file. Incompatibilities mainly refer to missing shadow group entries or differences in group member lists. update-passwd attempts to create missing entries, keeping the shadow group information up-to-date. If a group exists in /etc/group but not in /etc/gshadow, update-passwd adds it to /etc/gshadow. This ensures that groups have properly shadowed passwords and administrative information when shadow password support is enabled.

Caution: Use with care as incorrect usage can damage group password configuration.

update-passwd should be executed with caution, preferably by root or a user with appropriate privileges to modify system files.
Backups of /etc/gshadow and /etc/group are strongly recommended before use, as errors may lead to system instability or account lockout.

The update-passwd command returns 0 on success and a non-zero value on error. Error messages are typically output to stderr.

Due to its ability to modify critical system files, update-passwd should only be accessible to trusted administrators. Proper file permissions should be maintained on /etc/gshadow and /etc/group.

The update-passwd command was created to help manage the transition to shadow group passwords and maintain consistency between the standard group file and its shadow counterpart. Its purpose is to ease the introduction of shadowed group management on systems that were not initially set up with it.

grpck(8), groupadd(8), groupdel(8), groupmod(8), gpasswd(1), shadowconfig(8)