While I was chatting (well, rapid-fire emailing) with a friend who works as a system administrator, he dropped a bit of Linux trivia on me: It’s not just /etc/group which has user lists, the /etc/gshadow file also has user lists — more than /etc/group does, even! After the crypted password is a list of group administrators, then a list of shadow members. The former have the ability to change the group’s password as well as its membership using the gpasswd command. The latter can make the group be their primary group by calling newgrp without needing a password. (See man gshadow.)