Only the superuser, as administrator, can use groupmems to alter the memberships of other groups.
The options which apply to the groupmems command are:
-a, --add user_name
If the /etc/gshadow file exist, and the group has no entry in the /etc/gshadow file, a new entry will be created.
-d, --delete user_name
If the /etc/gshadow file exist, the user will be removed from the list of members and administrators of the group.
If the /etc/gshadow file exist, and the group has no entry in the /etc/gshadow file, a new entry will be created.
-g, --group group_name
-l, --list
-p, --purge
If the /etc/gshadow file exist, and the group has no entry in the /etc/gshadow file, a new entry will be created.
The groupmems executable should be in mode 2770 as user root and in group groups. The system administrator can add users to group groups to allow or disallow them using the groupmems utility to manage their own group membership list.
$ groupadd -r groups $ chmod 2770 groupmems $ chown root.groups groupmems $ groupmems -g groups -a gk4
The following configuration variables in /etc/login.defs change the behavior of this tool:
MAX_MEMBERS_PER_GROUP (number)
The default value is 0, meaning that there are no limits in the number of members in a group.
This feature (split group) permits to limit the length of lines in the group file. This is useful to make sure that lines for NIS groups are not larger than 1024 characters.
If you need to enforce such limit, you can use 25.
Note: split groups may not be supported by all tools (even in the Shadow toolsuite). You should not use this variable unless you really need it.
/etc/group
/etc/gshadow
chfn(1), chsh(1), passwd(1), groupadd(8), groupdel(8), useradd(8), userdel(8), usermod(8).