Add a short section that describes what groups are in a little more

detail and shows how to use pw(8) to maintain them.

en_US.ISO8859-1/books/handbook/users/chapter.sgml

@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/users/chapter.sgml,v 1.7 2001/04/18 19:19:20 dd Exp $
+     $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/users/chapter.sgml,v 1.8 2001/04/20 16:07:49 dannyboy Exp $
 -->
 
 <chapter id="users">
@@ -285,9 +285,11 @@ Removing files belonging to jru from /var/tmp/vi.recover: done.
       <title>pw</title>
 
       <para><application>pw</application> is a command line utility to
-	create, remove, modify, and display users and groups, and
-	functions as an editor of the system user and group
-	files.</para>
+	create, remove, modify, and display users and groups, and functions
+	as an editor of the system user and group files.  This section
+	describes its use for users; the <link
+	linkend="users-groups">Groups</link> section below describes its
+	use for groups.</para>
 
       <para>It is designed to be useful both as a directly executed
 	command and for use from shell scripts.</para>
@@ -620,6 +622,80 @@ passwd: done</screen>
       discussed in the <link linkend="l10n">localization</link>
       chapter.</para>
   </sect1>
+
+  <sect1 id="users-groups">
+    <title>Groups</title>
+
+    <para>A group is simply a list of users.  Groups are identified by
+      their group name and gid (group ID).  In FreeBSD (and most other Unix
+      systems), the two factors the kernel uses to decide whether a process
+      is allowed to do something is its user ID and list of groups it
+      belongs to.  Unlike a user ID, a process has a list of groups
+      associated with it.  You may hear some things refer to the "group ID"
+      of a user or process; most of the time, this just means the first
+      group in the list.</para>
+
+    <para>The group name to group ID map is in
+      <filename>/etc/group</filename>.  This is a plain text file with four
+      colon-delimited fields.  The first fields is the group name, the
+      second is the encrypted password, the third the group ID, and the
+      fourth the comma-delimited list of members.  It can safely be edited
+      by hand (assuming, of course, that you don't make any syntax
+      errors!).  For a more complete description of the syntax, see the
+      &man.group.5; manual page.</para>
+
+    <para>If you don't want to edit <filename>/etc/group</filename>
+      manually, you can use the &man.pw.8; command to add and edit groups.
+      For example, to add a group called <groupname>teamtwo</groupname> and
+      then confirm that it exists you can use:</para>
+
+    <example>
+      <title>Adding a group using &man.pw.8;</title>
+
+      <screen>&prompt.root; <userinput><command>pw</command> groupadd <groupname>teamtwo</groupname></userinput>
+&prompt.root; <userinput><command>pw</command> groupshow <groupname>teamtwo</groupname></userinput>
+teamtwo:*:1100:</screen>
+    </example>
+
+    <para>The number <literal>1100</literal> above is the group ID of the
+      group <groupname>teamtwo</groupname>.  Right now,
+      <groupname>teamtwo</groupname> has no members, and is thus rather
+      useless.  Let's change that by inviting <username>jru</username> to
+      the <groupname>teamtwo</groupname> group.</para>
+
+    <example>
+      <title>Adding somebody to a group using &man.pw.8;</title>
+
+      <screen>&prompt.root; <userinput><command>pw</command> groupmod <groupname>teamtwo</groupname> <option>-M</option> <username>jru</username></userinput>
+&prompt.root; <userinput><command>pw</command> groupshow <groupname>teamtwo</groupname></userinput>
+teamtwo:*:1100:jru</screen>
+    </example>
+
+    <para>The argument to the <option>-M</option> is a comma-delimited list
+      of users who are members of the group.  If you've read the preceeding
+      sections, you'll know that the password file also contains a group
+      for each user; the group in the password file is automatically added
+      to the group list by the system and will not (should not) appear in
+      the list of members when using &man.pw.8; to query group membership.
+      If you wish to find out what groups a user is part of, you can use
+      the &man.id.1; program as so:</para>
+
+    <example>
+      <title>Using &man.id.1; to determine group membership</title>
+
+      <screen>&prompt.user; <userinput><command>id</command> <username>jru</username></userinput>
+uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamteo)</screen>
+    </example>
+
+    <para>As you can see, <username>jru</username> is a member of the
+      groups <groupname>jru</groupname> and
+      <groupname>teamtwo</groupname>.</para>
+
+    <para>For more information about &man.pw.8;, see its manual page, and
+      for more information on the format of
+      <filename>/etc/group</filename>, consult the &man.group.5; manual
+      page.</para>
+  </sect1>
 </chapter>
 
 <!-- 

en_US.ISO_8859-1/books/handbook/users/chapter.sgml

@@ -1,7 +1,7 @@
 <!--
      The FreeBSD Documentation Project
 
-     $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/users/chapter.sgml,v 1.7 2001/04/18 19:19:20 dd Exp $
+     $FreeBSD: doc/en_US.ISO_8859-1/books/handbook/users/chapter.sgml,v 1.8 2001/04/20 16:07:49 dannyboy Exp $
 -->
 
 <chapter id="users">
@@ -285,9 +285,11 @@ Removing files belonging to jru from /var/tmp/vi.recover: done.
       <title>pw</title>
 
       <para><application>pw</application> is a command line utility to
-	create, remove, modify, and display users and groups, and
-	functions as an editor of the system user and group
-	files.</para>
+	create, remove, modify, and display users and groups, and functions
+	as an editor of the system user and group files.  This section
+	describes its use for users; the <link
+	linkend="users-groups">Groups</link> section below describes its
+	use for groups.</para>
 
       <para>It is designed to be useful both as a directly executed
 	command and for use from shell scripts.</para>
@@ -620,6 +622,80 @@ passwd: done</screen>
       discussed in the <link linkend="l10n">localization</link>
       chapter.</para>
   </sect1>
+
+  <sect1 id="users-groups">
+    <title>Groups</title>
+
+    <para>A group is simply a list of users.  Groups are identified by
+      their group name and gid (group ID).  In FreeBSD (and most other Unix
+      systems), the two factors the kernel uses to decide whether a process
+      is allowed to do something is its user ID and list of groups it
+      belongs to.  Unlike a user ID, a process has a list of groups
+      associated with it.  You may hear some things refer to the "group ID"
+      of a user or process; most of the time, this just means the first
+      group in the list.</para>
+
+    <para>The group name to group ID map is in
+      <filename>/etc/group</filename>.  This is a plain text file with four
+      colon-delimited fields.  The first fields is the group name, the
+      second is the encrypted password, the third the group ID, and the
+      fourth the comma-delimited list of members.  It can safely be edited
+      by hand (assuming, of course, that you don't make any syntax
+      errors!).  For a more complete description of the syntax, see the
+      &man.group.5; manual page.</para>
+
+    <para>If you don't want to edit <filename>/etc/group</filename>
+      manually, you can use the &man.pw.8; command to add and edit groups.
+      For example, to add a group called <groupname>teamtwo</groupname> and
+      then confirm that it exists you can use:</para>
+
+    <example>
+      <title>Adding a group using &man.pw.8;</title>
+
+      <screen>&prompt.root; <userinput><command>pw</command> groupadd <groupname>teamtwo</groupname></userinput>
+&prompt.root; <userinput><command>pw</command> groupshow <groupname>teamtwo</groupname></userinput>
+teamtwo:*:1100:</screen>
+    </example>
+
+    <para>The number <literal>1100</literal> above is the group ID of the
+      group <groupname>teamtwo</groupname>.  Right now,
+      <groupname>teamtwo</groupname> has no members, and is thus rather
+      useless.  Let's change that by inviting <username>jru</username> to
+      the <groupname>teamtwo</groupname> group.</para>
+
+    <example>
+      <title>Adding somebody to a group using &man.pw.8;</title>
+
+      <screen>&prompt.root; <userinput><command>pw</command> groupmod <groupname>teamtwo</groupname> <option>-M</option> <username>jru</username></userinput>
+&prompt.root; <userinput><command>pw</command> groupshow <groupname>teamtwo</groupname></userinput>
+teamtwo:*:1100:jru</screen>
+    </example>
+
+    <para>The argument to the <option>-M</option> is a comma-delimited list
+      of users who are members of the group.  If you've read the preceeding
+      sections, you'll know that the password file also contains a group
+      for each user; the group in the password file is automatically added
+      to the group list by the system and will not (should not) appear in
+      the list of members when using &man.pw.8; to query group membership.
+      If you wish to find out what groups a user is part of, you can use
+      the &man.id.1; program as so:</para>
+
+    <example>
+      <title>Using &man.id.1; to determine group membership</title>
+
+      <screen>&prompt.user; <userinput><command>id</command> <username>jru</username></userinput>
+uid=1001(jru) gid=1001(jru) groups=1001(jru), 1100(teamteo)</screen>
+    </example>
+
+    <para>As you can see, <username>jru</username> is a member of the
+      groups <groupname>jru</groupname> and
+      <groupname>teamtwo</groupname>.</para>
+
+    <para>For more information about &man.pw.8;, see its manual page, and
+      for more information on the format of
+      <filename>/etc/group</filename>, consult the &man.group.5; manual
+      page.</para>
+  </sect1>
 </chapter>
 
 <!--