AIX provides an elegant command to change user group membership: chgrpmem.
As an example we use the users user01, user02, …, and the group mygroup:
$ lsgroup mygroup mygroup id=225 admin=false users= registry=files $
The group mygroup currently has no members (users=””).
To add the two local users user01 and user02 to the group mygroup, the “-m” (member) option must be used. Then follows a plus sign “+” for add and a comma-separated list of user names. The last argument is the group:
# chgrpmem -m + user01,user02 mygroup # # lsgroup mygroup mygroup id=225 admin=false users=user01,user02 registry=files #
Using the equal sign “=” instead of the plus sign “+” overwrites the current list of users with the given list of user names:
# chgrpmem -m = user03,user04,user05 mygroup # # lsgroup mygroup mygroup id=225 admin=false users=user03,user04,user05 registry=files #
Removing users is done by using a minus sign “–” e.g. removing user04:
# chgrpmem -m - user04 mygroup # # lsgroup mygroup mygroup id=225 admin=false users=user03,user05 registry=files #
However, removing a user from the member list of a group does not always have to be successful! We create the user user06 with primary group mygroup:
# mkuser pgrp=mygroup user06 # # lsgroup mygroup mygroup id=225 admin=false users=user03,user05,user06 registry=files #
The output of lsgroup shows that the user06 is also a member of the group mygroup. However, membership cannot be revoked in this case:
# chgrpmem -m - user06 mygroup Cannot drop "user06" from primary group "mygroup". #
A user must always have a primary group! The chgrpmem command can only be used to manage users’ additional memberships. The primary group can only be changed with the chuser command.
Note: The chgrpmem command and the “-a” option can also be used to change the administrators of a group. However, this is rarely used in practice and is therefore not addressed here.