System
grpck
Verify the integrity of group and shadow password files.
Additional Notes
grpck checks the consistency and correctness of the /etc/group and /etc/gshadow files. It verifies that each entry has the correct number of fields, that group names are valid, that GIDs are in the proper range, and that the shadow group file entries correspond correctly to group file entries.
If problems are found, grpck prompts for a repair action. It can delete duplicate entries, fix field counts, and correct GID mismatches. Running grpck regularly or after manual edits to group files helps prevent authentication and permission issues.
Syntax
grpck [options] [group-file [shadow-file]]
Parameters
group-file: Alternate group file to check (default:/etc/group).shadow-file: Alternate shadow group file to check (default:/etc/gshadow).
Common Options
-r: Run in read-only mode. Check but do not repair any problems.-s: Sort entries by GID.-R root-dir: Operate in the specified chroot directory.-h: Display help.
Examples
sudo grpck
Check and interactively repair /etc/group and /etc/gshadow.
sudo grpck -r
Check the group files in read-only mode without making changes.
sudo grpck -r /etc/group /etc/gshadow
Check specific group and shadow group files.
sudo grpck -s
Check and sort the group file by GID.
Practical Notes
- Run
grpckafter manually editing/etc/groupor/etc/gshadowto catch syntax errors. - The read-only mode (
-r) is useful for auditing without making changes. grpckonly checks the group files, not the user files. Usepwckfor user and user shadow file verification.- If the shadow group file is missing or corrupt,
grpckcan recreate it from/etc/group. - Always back up
/etc/groupand/etc/gshadowbefore runninggrpckin repair mode.