<def-group>
  <definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
    {{{ oval_metadata("This test makes sure that " + FILEPATH + " is group owned by " + FILEGID + ".") }}}
    <criteria>
      <criterion comment="Check file group ownership of {{{ FILEPATH }}}" test_ref="test_file_groupowner{{{ FILEID }}}" />
    </criteria>
  </definition>
  {{%- if MISSING_FILE_PASS -%}}
    {{# Any number of files can exist, from zero to any #}}
    {{% set FILE_EXISTENCE = "any_exist" %}}
  {{%- else -%}}
    {{# All defined files must exist. When using regex, at least one file must match #}}
    {{% set FILE_EXISTENCE = "all_exist" %}}
  {{%- endif -%}}
  <unix:file_test check="all" check_existence="{{{ FILE_EXISTENCE }}}" comment="Testing group ownership of {{{ FILEPATH }}}" id="test_file_groupowner{{{ FILEID }}}" version="1">
    <unix:object object_ref="object_file_groupowner{{{ FILEID }}}" />
    <unix:state state_ref="state_file_groupowner{{{ FILEID }}}_gid_{{{ FILEGID }}}" />
  </unix:file_test>
  <unix:file_state id="state_file_groupowner{{{ FILEID }}}_gid_{{{ FILEGID }}}" version="1">
    <unix:group_id datatype="int">{{{ FILEGID }}}</unix:group_id>
  </unix:file_state>
  <unix:file_object comment="{{{ FILEPATH }}}" id="object_file_groupowner{{{ FILEID }}}" version="1">
    {{%- if IS_DIRECTORY -%}}
      <unix:path>{{{ FILEPATH }}}</unix:path>
      {{%- if FILE_REGEX -%}}
        <unix:filename operation="pattern match">{{{ FILE_REGEX }}}</unix:filename>
      {{%- else -%}}
        <unix:filename xsi:nil="true" />
      {{%- endif -%}}
    {{%- else -%}}
      <unix:filepath>{{{ FILEPATH }}}</unix:filepath>
    {{%- endif -%}}
  </unix:file_object>
</def-group>
