This built-in function ensures that only one group has a group ID (GID) of 0. It passes if only one group has a GID of 0 and fails otherwise.

A GID of “0” means that the users who are members of this group are also members root’s primary group. This grants them root privileges on any files with root group permissions.

If you want to define a group of administrators, create an “admin” group instead.



name: "group_zero_gid"

description: "This check makes sure that only ONE group has a gid of 0."