mkgroup — Write /etc/group-like output to stdout


mkgroup [ -l | -L [MACHINE] ] [-d [DOMAIN]] [-c] [-S CHAR] [-o OFFSET] [-g GROUPNAME] [-b] [-U GROUPLIST]

mkgroup -h | -V


   -l,--local [machine]    Print local group accounts of \"machine\",
                           from local machine if no machine specified.
                           Automatically adding machine prefix for local
                           machine depends on settings in /etc/nsswitch.conf.
   -L,--Local [machine]    Ditto, but generate groupname with machine prefix.
   -d,--domain [domain]    Print domain groups,
                           from current domain if no domain specified.
   -c,--current            Print current group.
   -S,--separator char     For -L use character char as domain\\group
                           separator in groupname instead of default '+'.
   -o,--id-offset offset   Change the default offset (0x10000) added to gids
   -g,--group groupname    Only return information for the specified group.
                           One of -l, -d must be specified, too.
   -b,--no-builtin         Don't print BUILTIN groups.
   -U,--unix grouplist     Print UNIX groups when using -l on a UNIX Samba
                           server.  Grouplist is a comma-separated list of
                           groupnames or gid ranges (root,-25,50-100).
                           Enumerating large ranges can take a long time!
   -h,--help               Print this message.
   -v,--version            Print version information and exit.

Default is to print local groups on stand-alone machines, plus domain
groups on domain controllers and domain member machines.


Don't use this command to generate a local /etc/group file, unless you really need one. See the Cygwin User's Guide for more information.

The mkgroup program can be used to create a local /etc/group file. Cygwin doesn't need this file, because it reads group information from the Windows account databases, but you can add an /etc/group file for instance, if your machine is often disconnected from its domain controller.

Note that this information is static, in contrast to the information automatically gathered by Cygwin from the Windows account databases. If you change the group information on your system, you'll need to regenerate the group file for it to have the new information.

By default, the information generated by mkgroup is equivalent to the information generated by Cygwin itself. The -d and -l/-L options allow you to specify where the information comes from, some domain, or the local SAM of a machine. Note that you can only enumerate accounts from trusted domains. Any non-trusted domain will be ignored. Access-restrictions of your current account apply. The -l/-L when used with a machine name, tries to contact that machine to enumerate local groups of other machines, typically outside of domains. This scenario cannot be covered by Cygwin's account automatism. If you want to use the -L option, but you don't like the default domain/group separator from /etc/nsswitch.conf, you can specify another separator using the -S option, for instance:

Example 3.8. Setting up group entry for current user with different domain/group separator

$ mkgroup -L server1 -S= > /etc/group

For very simple needs, an entry for the current user's group can be created by using the option -c.

The -o option allows for (unlikely) special cases with multiple machines where the GIDs might match otherwise. The -g option only prints the information for one group. The -U option allows you to enumerate the standard UNIX groups on a Samba machine. It's used together with -l samba-server or -L samba-server. The normal UNIX groups are usually not enumerated, but they can show up as a group in ls -l output.