Specify NSS Group Overrides

Specify the group override entries you want to use in place of the entries in the local /etc/group file. You can use these settings to provide fine-grain control of the groups that can use the computer and to override the group ID for specific group accounts.

This group policy modifies the nss.group.override setting in the agent configuration file.

This group policy allows define filters to control the groups that can access a local computer. You can also use the override controls to modify the information for specific fields in each group entry on the local computer. For example, you can override the group ID or member list for a specific group on the local computer without modifying the group entry itself.

The syntax for overriding group entries is similar to the syntax used for overriding NIS. You use + and – entries to allow or deny access for specific groups on the local computer. Additional fields correspond to the standard /etc/group fields separated by colons (:).

If you don’t specify override information for a field, the information from the local /etc/group file is used. You cannot specify override information for the password hash field, however. Any changes to this field in the override file are ignored and do not affect Delinea user passwords.

If you select Enabled for the Specify NSS group overrides group policy, you can type a comma-separated list of the override entries you want inserted into the override file, group.ovr, using the following format for each entry:

+zone_group_name:group_name:group_password:group_id:member_list

-zone_group_name:group_name:group_password:group_id:member_list

For example, you can specify entries similar to the following:

+users::::

+admins::::jdoe,bsmith,frank

+ftpusers:ftp::300:

-webusers

+::::

For more information about overriding group entries, see the sample group override file /etc/centrifydc/group.ovr.