When I run getent group, I notice that some groups have *, some have ! and some have x after the group name. In fact, there are some groups which have the same name, the only difference is that one has x and the other has ! and an extra user.
What is the difference among these 3 flags?
The getent group command is showing /etc/group, possibly augmented with other sources of information (such as winbind), and shows data in the same format as /etc/group.
According to the manual, the second field is the encrypted password for using the given group. Some values are special:
! indicates that the group password would be found in the shadow file /etc/gshadow (not user-readable as /etc/group is). See the Shadow Password How-To for discussion.
x can have the same meaning — shadow password (see Debian manual, and this page which includes a discussion of Solaris).
* may be used as a placeholder if no password was specified (see FreeBSD manual page for group), as an alternative to leaving the field blank (see Linux manual page).
According to In /etc/group what is the meaning of the second field?, the distinction between these characters is arbitrary: they were chosen to
