diff options
Diffstat (limited to 'docs/GROUP_RECORD.md')
-rw-r--r-- | docs/GROUP_RECORD.md | 61 |
1 files changed, 29 insertions, 32 deletions
diff --git a/docs/GROUP_RECORD.md b/docs/GROUP_RECORD.md index f463b0a..c055e49 100644 --- a/docs/GROUP_RECORD.md +++ b/docs/GROUP_RECORD.md @@ -8,23 +8,23 @@ SPDX-License-Identifier: LGPL-2.1-or-later # JSON Group Records Long story short: JSON Group Records are to `struct group` what -[JSON User Records](USER_RECORD) are to `struct passwd`. +[JSON User Records](/USER_RECORD) are to `struct passwd`. -Conceptually, much of what applies to JSON user records also applies to JSON -group records. They also consist of seven sections, with similar properties and +Conceptually, much of what applies to JSON user records also applies to JSON group records. +They also consist of seven sections, with similar properties and they carry some identical (or at least very similar) fields. ## Fields in the `regular` section -`groupName` → A string with the UNIX group name. Matches the `gr_name` field of -UNIX/glibc NSS `struct group`, or the shadow structure `struct sgrp`'s -`sg_namp` field. +`groupName` → A string with the UNIX group name. +Matches the `gr_name` field of UNIX/glibc NSS `struct group`, +or the shadow structure `struct sgrp`'s `sg_namp` field. -`realm` → The "realm" the group belongs to, conceptually identical to the same -field of user records. A string in DNS domain name syntax. +`realm` → The "realm" the group belongs to, conceptually identical to the same field of user records. +A string in DNS domain name syntax. -`description` → A descriptive string for the group. This is similar to the -`realName` field of user records, and accepts arbitrary strings, as long as +`description` → A descriptive string for the group. +This is similar to the `realName` field of user records, and accepts arbitrary strings, as long as they follow the same GECOS syntax requirements as `realName`. `disposition` → The disposition of the group, conceptually identical to the @@ -33,39 +33,36 @@ same field of user records. A string. `service` → A string, an identifier for the service managing this group record (this field is typically in reverse domain name syntax.) -`lastChangeUSec` → An unsigned 64-bit integer, a timestamp (in µs since the UNIX -epoch 1970) of the last time the group record has been modified. (Covers only -the `regular`, `perMachine` and `privileged` sections). +`lastChangeUSec` → An unsigned 64-bit integer, a timestamp +(in µs since the UNIX epoch 1970) of the last time the group record has been modified. +(Covers only the `regular`, `perMachine` and `privileged` sections). -`gid` → An unsigned integer in the range 0…4294967295: the numeric UNIX group -ID (GID) to use for the group. This corresponds to the `gr_gid` field of -`struct group`. +`gid` → An unsigned integer in the range 0…4294967295: the numeric UNIX group ID (GID) to use for the group. +This corresponds to the `gr_gid` field of `struct group`. -`members` → An array of strings, listing user names that are members of this -group. Note that JSON user records also contain a `memberOf` field, or in other +`members` → An array of strings, listing user names that are members of this group. +Note that JSON user records also contain a `memberOf` field, or in other words a group membership can either be denoted in the JSON user record or in -the JSON group record, or in both. The list of memberships should be determined -as the combination of both lists (plus optionally others). If a user is listed -as member of a group and doesn't exist it should be ignored. This field -corresponds to the `gr_mem` field of `struct group` and the `sg_mem` field of -`struct sgrp`. +the JSON group record, or in both. -`administrators` → Similarly, an array of strings, listing user names that -shall be considered "administrators" of this group. This field corresponds to -the `sg_adm` field of `struct sgrp`. +The list of memberships should be determined as the combination of both lists (plus optionally others). +If a user is listed as member of a group and doesn't exist it should be ignored. +This field corresponds to the `gr_mem` field of `struct group` and the `sg_mem` field of `struct sgrp`. + +`administrators` → Similarly, an array of strings, listing user names that shall be considered "administrators" of this group. +This field corresponds to the `sg_adm` field of `struct sgrp`. `privileged`/`perMachine`/`binding`/`status`/`signature`/`secret` → The -objects/arrays for the other six group record sections. These are organized the -same way as for the JSON user records, and have the same semantics. +objects/arrays for the other six group record sections. +These are organized the same way as for the JSON user records, and have the same semantics. ## Fields in the `privileged` section The following fields are defined: -`hashedPassword` → An array of strings with UNIX hashed passwords; see the -matching field for user records for details. This field corresponds to the -`sg_passwd` field of `struct sgrp` (and `gr_passwd` of `struct group` in a -way). +`hashedPassword` → An array of strings with UNIX hashed passwords; +see the matching field for user records for details. +This field corresponds to the `sg_passwd` field of `struct sgrp` (and `gr_passwd` of `struct group` in a way). ## Fields in the `perMachine` section |