Who, and with Whom?

Charly's Column – User Groups

Article from Issue 248/2021
Author(s):

This time Charly investigates the three most frequently asked questions about user groups.

Most people know that every user on a Linux system is also a member of at least one user group. Today we want to look into the three most frequently asked questions about groups: Which groups exist, how many members does a group have and who are those members, and to what groups does a specific user belong?

First off, let's find out which groups exist on our system. There are several ways to do this. One of them is to use the groups command without further parameters; another one is provided by compgen -g. The getent group (Listing 1, line 1) and cat /etc/group commands also return the same result, with some additional information, including the group password. There is usually an x here, which means that /etc/gshadow takes care of that. This is followed by the numeric group ID and a comma-separated list of members.

Listing 1

Users and Groups

01 $ getent group
02 root:x:0:
03 daemon:x:1:
04 sys:x:3:
05 admin:x:4:syslog,charly
06 [...]
07 $ sudo apt install libuser
08 $ sudo libuser-lid -g adm
09   syslog(uid=104)
10   charly(uid=1000)
11 $ groups charly
12 charly : charly adm cdrom sudo dip plugdev lxd lpadmin sambashare
13 $ id charly
14 uid=1000(charly) gid=1000(charly) groups=1000(charly),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare)
15 $ grep charly /etc/group | awk -F: '{ print $1 }'
16 adm
17 cdrom
18 sudo
19 dip
20 plugdev
21 lxd
22 charly
23 lpadmin
24 sambashare
25 $ grep charly /etc/group | cut -f1 -d:
26 [...]

The next thing is to find out which members belong to a group. In principle, we have already done this, because the getent group and cat /etc/group commands provide this information as well.

Often, however, you need the information to process it in a program. It would be good if you didn't have to disassemble the strings using awk or cut. A list with one username per line would be far easier to handle. To generate such a list, I first install the libuser package (line 7). Now I have the libuser-lid command at my disposal, but I have to call it with sudo (line 8). The numerical user ID also appears in the output of the command. If desired, this can be disabled with the -n parameter.

Finally, the whole thing in reverse gear: Now I want to know the groups to which a certain user belongs, for example charly. This can be done quickly and easily with the groups charly command (line 11). If you need more information, the id charly command (line 13) will provide it. This output also shows the numerical IDs.

Here, too, a list would be the object of desire, with one group name per line. I don't know of a native command for this, but awk helps reliably (line 15) and returns the desired listing. If the awk syntax seems too unwieldy, just use cut instead (line 25) for identical results. Many roads lead to Rome here.

The Author

Charly Kühnast manages Unix systems in a data center in the Lower Rhine region of Germany. His responsibilities include ensuring the security and availability of firewalls and the DMZ.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    Leafnode is a Usenet server for small sites where just a few users need access to a large number of groups. The Leafnode server is designed to recover from errors autonomously and needs very little attention.

  • Charly’s Column: Cluster SSH

    Charly doesn’t relish the idea of searching through the logfiles of a dozen proxy servers when page requests fail. Now that he has deployed Cluster SSH, he can pull the strings on many machines at the same time.

  • Charly's Column: Terminator

    Friends are all about friendship – names and appearances typically don’t play any role at all. Sys admin Charly’s friend the Terminator is a convincing example.

  • Charly’s Column: w3af

    After toiling away to create a small but exclusive website, Charly wanted to run a security scanner against it to check for vulnerabilities. The choice of tools is enormous, but Charly chose w3af.

  • Charly's Column: Nmon

    Nmon monitors system information. You can use the Nmon’s capture mode to output data to a file, then extract the values you need with a script.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News