TOC & Recently Viewed

Recently Viewed Topics


This built-in function ensures that each group ID (GID) listed in /etc/passwd exists in /etc/group. It succeeds if each GID is properly defined and fails otherwise.

Every time a group ID is defined in /etc/passwd, it should immediately be listed in /etc/group. Otherwise, the system is in an inconsistent state and problems may arise.

Consider the following scenario: a user (“bob”) has a UID of 1000 and GID of 4000. The GID is not defined in /etc/group, which means that the primary group of the user does not grant him any privileges today. A few months later, the system administrator edits /etc/group and adds the group “admin” and selects the “unused” GID #4000 to identify it. Now, user “bob” by default belongs to the “admin” group even though this was not intended.

Edit /etc/group to add the missing GIDs.



name: "passwd_invalid_gid"

description: "This check makes sure that every GID defined in /etc/passwd exists in /etc/group."


Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.