This built-in function ensures that each group ID (GID) listed in /etc/passwd exists in /etc/group. It succeeds if each GID is properly defined and fails otherwise.

Every time a group ID is defined in /etc/passwd, it should immediately be listed in /etc/group. Otherwise, the system is in an inconsistent state and problems may arise.

Consider the following scenario: a user (“bob”) has a UID of 1000 and GID of 4000. The GID is not defined in /etc/group, which means that the primary group of the user does not grant him any privileges today. A few months later, the system administrator edits /etc/group and adds the group “admin” and selects the “unused” GID #4000 to identify it. Now, user “bob” by default belongs to the “admin” group even though this was not intended.

Edit /etc/group to add the missing GIDs.



name: "passwd_invalid_gid"

description: "This check makes sure that every GID defined in /etc/passwd exists in /etc/group."