FAQ
I have several shell scripts to manage user accounts on a server. I've
been using a file with the usernames of peoples accounts that any script
needs to process. I had a thought that I can and should be setting up
groups and adding user accounts to those groups so I don't have to
maintain a set of files with the user accounts.

So essentially, I am looking for a (simple) shell command to run from a
bash script that will allow me to list user accounts that belong to a
particular group. Any help is appreciated.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: talberts.vcf
Type: text/x-vcard
Size: 337 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20080923/3c1c7252/talberts.vcf

Search Discussions

  • Barry Brimer at Sep 23, 2008 at 11:03 pm

    Quoting Tim Alberts <talberts@msiscales.com>:

    I have several shell scripts to manage user accounts on a server. I've
    been using a file with the usernames of peoples accounts that any script
    needs to process. I had a thought that I can and should be setting up
    groups and adding user accounts to those groups so I don't have to
    maintain a set of files with the user accounts.

    So essentially, I am looking for a (simple) shell command to run from a
    bash script that will allow me to list user accounts that belong to a
    particular group. Any help is appreciated.
    With spaces separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'

    With commas separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
  • Tim Alberts at Sep 23, 2008 at 11:11 pm

    Barry Brimer wrote:
    With spaces separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'

    With commas separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
    I'm sorry, I didn't specify, I'm using LDAP for user/group management.
    Ideally a command like 'groups' would be nice, except it would be the
    inverse, it would print the users in a group, not the groups a user
    belongs to.

    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: talberts.vcf
    Type: text/x-vcard
    Size: 337 bytes
    Desc: not available
    Url : http://lists.centos.org/pipermail/centos/attachments/20080923/56d19211/talberts.vcf
  • Bob Beers at Sep 23, 2008 at 11:20 pm

    On Tue, Sep 23, 2008 at 7:11 PM, Tim Alberts wrote:
    Barry Brimer wrote:
    With spaces separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/
    /g'

    With commas separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
    I'm sorry, I didn't specify, I'm using LDAP for user/group management.
    Ideally a command like 'groups' would be nice, except it would be the
    inverse, it would print the users in a group, not the groups a user belongs
    to.
    I guess ...

    ldapsearch ... "(group=xyz)" ...

    HTH,
    -Bob
  • Barry Brimer at Sep 23, 2008 at 11:26 pm

    Quoting Tim Alberts <talberts@msiscales.com>:

    Barry Brimer wrote:
    With spaces separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'
    With commas separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
    I'm sorry, I didn't specify, I'm using LDAP for user/group management.
    Ideally a command like 'groups' would be nice, except it would be the
    inverse, it would print the users in a group, not the groups a user
    belongs to.
    With commas separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'

    With spaces separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/
    /g'
  • Bob Beers at Sep 23, 2008 at 11:46 pm

    On Tue, Sep 23, 2008 at 7:26 PM, Barry Brimer wrote:
    Quoting Tim Alberts <talberts@msiscales.com>:
    Barry Brimer wrote:
    With spaces separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'
    With commas separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
    I'm sorry, I didn't specify, I'm using LDAP for user/group management.
    Ideally a command like 'groups' would be nice, except it would be the
    inverse, it would print the users in a group, not the groups a user
    belongs to.
    With commas separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'

    With spaces separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/
    /g'

    ok, Barry wins. :)

    But, I don't think you need the egrep ...

    getent group groupname | ...

    works ok for me.

    -Bob
  • Tim Alberts at Sep 23, 2008 at 11:51 pm

    Bob Beers wrote:
    On Tue, Sep 23, 2008 at 7:26 PM, Barry Brimer wrote:

    With commas separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'

    With spaces separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/
    /g'

    ok, Barry wins. :)

    But, I don't think you need the egrep ...

    getent group groupname | ...

    works ok for me.

    -Bob
    Excellent, 'getent group...' should do perfectly. Thanks Barry and Bob.

    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: talberts.vcf
    Type: text/x-vcard
    Size: 337 bytes
    Desc: not available
    Url : http://lists.centos.org/pipermail/centos/attachments/20080923/d0c17202/talberts.vcf
  • Barry Brimer at Sep 24, 2008 at 1:43 am

    On Tue, 23 Sep 2008, Bob Beers wrote:
    On Tue, Sep 23, 2008 at 7:26 PM, Barry Brimer wrote:
    Quoting Tim Alberts <talberts@msiscales.com>:
    Barry Brimer wrote:
    With spaces separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'
    With commas separating groups:

    egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
    I'm sorry, I didn't specify, I'm using LDAP for user/group management.
    Ideally a command like 'groups' would be nice, except it would be the
    inverse, it would print the users in a group, not the groups a user
    belongs to.
    With commas separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'

    With spaces separating groups:

    getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/
    /g'

    ok, Barry wins. :)

    But, I don't think you need the egrep ...

    getent group groupname | ...

    works ok for me.
    The egrep is using a leading anchor (^) to make sure the grep matches the
    beginning of the line. If not, and the group pattern matched as one of
    the users it would print those lines too .. which is probably undesirable.

    Barry
  • Mark Hull-Richter at Sep 24, 2008 at 4:52 am

    On Tue, Sep 23, 2008 at 6:43 PM, Barry Brimer wrote:
    The egrep is using a leading anchor (^) to make sure the grep matches the
    beginning of the line. If not, and the group pattern matched as one of the
    users it would print those lines too .. which is probably undesirable.
    Grep understands the '^', so egrep is not needed. Typically, you only
    need egrep for patterns that involve alternative re's, like looking
    for one of "abc|def|ghi" which grep does not recognize.

    Also, it might be helpful to trim your replies so we don't need to
    wade through the whole thread to see your reply.

    mhr
  • Bob Beers at Sep 23, 2008 at 11:09 pm

    On Tue, Sep 23, 2008 at 1:31 PM, Tim Alberts wrote:
    So essentially, I am looking for a (simple) shell command to run from a bash
    script that will allow me to list user accounts that belong to a particular
    group. Any help is appreciated.
    grep <group_name>: /etc/group | cut -d: -f4

    will give a comma separated list, provided <group_name> is a valid group name.

    HTH,
    -Bob
  • Ian Blackwell at Sep 23, 2008 at 11:37 pm

    Bob Beers wrote:
    grep <group_name>: /etc/group | cut -d: -f4

    will give a comma separated list, provided <group_name> is a valid group name.
    There is one problem with this approach, which is the assumption that
    all users' primary group is the same as their login id - which I agree
    is typically the RHEL way, but it doesn't have to be the case. If
    however you have users with their primary group set to something other
    than the login id - e.g. "admin" or "marketing" - then you need to look
    in the /etc/passwd file as well because these users don't appear in the
    comma separated list outlined above. To check the /etc/passwd file, you
    have to determine the group id value, and then scan the /etc/passwd file
    looking for that value in column 4. This will give you a list of users
    whose primary group is the group value you're interested in.

    Cheers,

    Ian
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: smime.p7s
    Type: application/x-pkcs7-signature
    Size: 3617 bytes
    Desc: S/MIME Cryptographic Signature
    Url : http://lists.centos.org/pipermail/centos/attachments/20080924/e0f247d4/smime.bin
  • Bob Beers at Sep 24, 2008 at 12:54 pm
    Part 1:
    On Tue, Sep 23, 2008 at 7:37 PM, Ian Blackwell wrote:
    Bob Beers wrote:
    grep <group_name>: /etc/group | cut -d: -f4

    will give a comma separated list, provided <group_name> is a valid group name.
    There is one problem with this approach, which is the assumption that
    all users' primary group is the same as their login id - which I agree
    is typically the RHEL way, but it doesn't have to be the case. If
    however you have users with their primary group set to something other
    than the login id - e.g. "admin" or "marketing" - then you need to look
    in the /etc/passwd file as well because these users don't appear in the
    comma separated list outlined above. To check the /etc/passwd file, you
    have to determine the group id value, and then scan the /etc/passwd file
    looking for that value in column 4. This will give you a list of users
    whose primary group is the group value you're interested in.
    You have a valid point, but the OP's question was:

    "I am looking for a (simple) shell command to run from a bash script
    that will allow me to list user accounts that belong to a particular
    group."


    Part 2:
    On Tue, Sep 23, 2008 at 6:43 PM, Barry Brimer wrote:

    The egrep is using a leading anchor (^) to make sure the grep matches the
    beginning of the line. If not, and the group pattern matched as one of the
    users it would print those lines too .. which is probably undesirable.
    My instinct is that by specifying the groupname as an argument as in:
    'getent group groupname',
    ( rather than asking for all groups with 'getent group', and then
    (e)grep'ing, )
    that the result would not match for users in the groups list.
    But I may be wrong. I have not looked at the source code.
    But I tested on my system and I did not see the behavior you
    warn of. If I am correct about the getent program, then there
    is also the added benefit of avoiding the pipe.

    :-)

    -Bob
  • Ian Blackwell at Sep 24, 2008 at 11:19 pm

    Bob Beers wrote:
    Part 1:


    You have a valid point, but the OP's question was:

    "I am looking for a (simple) shell command to run from a bash script
    that will allow me to list user accounts that belong to a particular
    group."
    In all likelihood the system follows the default approach of setting the
    primary group to be the user's personal ground. If that is the case
    then you're correct in providing a simple solution as requested. I just
    wanted to make Tim aware that if his user's have primary groups other
    than their personal groups - e.g. "admin" or "marketing" - then there
    isn't a simple answer (not that the answer is all that hard).

    Here's a script I knocked up to do it - although there can be
    duplication and output formatting isn't perfect:-

    #!/bin/bash
    #set -x
    # $1 is the group to test
    if [ "$1" = "" ]; then
    echo "Which group?"
    exit 1
    fi
    groupid=$(getent group $1 | cut -d: -f3)
    grouplst=$(getent group $1 | cut -d: -f4)
    for User in $(cat /etc/passwd | cut -f1 -d:)
    do
    if [ $(id -g $User) = $groupid ]; then
    grouplst="$(echo $grouplst),$User"
    fi
    done
    echo "Members of group $1 are: $grouplst"
    exit 0

    Regards,

    Ian
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: smime.p7s
    Type: application/x-pkcs7-signature
    Size: 3617 bytes
    Desc: S/MIME Cryptographic Signature
    Url : http://lists.centos.org/pipermail/centos/attachments/20080925/33030434/smime.bin

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedSep 23, '08 at 5:31p
activeSep 24, '08 at 11:19p
posts13
users5
websitecentos.org
irc#centos

People

Translate

site design / logo © 2021 Grokbase