I have several shell scripts to manage user accounts on a server. I've been using a file with the usernames of peoples accounts that any script needs to process. I had a thought that I can and should be setting up groups and adding user accounts to those groups so I don't have to maintain a set of files with the user accounts.
So essentially, I am looking for a (simple) shell command to run from a bash script that will allow me to list user accounts that belong to a particular group. Any help is appreciated.
Quoting Tim Alberts talberts@msiscales.com:
I have several shell scripts to manage user accounts on a server. I've been using a file with the usernames of peoples accounts that any script needs to process. I had a thought that I can and should be setting up groups and adding user accounts to those groups so I don't have to maintain a set of files with the user accounts.
So essentially, I am looking for a (simple) shell command to run from a bash script that will allow me to list user accounts that belong to a particular group. Any help is appreciated.
With spaces separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'
With commas separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
Barry Brimer wrote:
With spaces separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'
With commas separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
I'm sorry, I didn't specify, I'm using LDAP for user/group management. Ideally a command like 'groups' would be nice, except it would be the inverse, it would print the users in a group, not the groups a user belongs to.
On Tue, Sep 23, 2008 at 7:11 PM, Tim Alberts talberts@msiscales.com wrote:
Barry Brimer wrote:
With spaces separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/ /g'
With commas separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
I'm sorry, I didn't specify, I'm using LDAP for user/group management. Ideally a command like 'groups' would be nice, except it would be the inverse, it would print the users in a group, not the groups a user belongs to.
I guess ...
ldapsearch ... "(group=xyz)" ...
HTH, -Bob
Quoting Tim Alberts talberts@msiscales.com:
Barry Brimer wrote:
With spaces separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/
/g'
With commas separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
I'm sorry, I didn't specify, I'm using LDAP for user/group management. Ideally a command like 'groups' would be nice, except it would be the inverse, it would print the users in a group, not the groups a user belongs to.
With commas separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'
With spaces separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/ /g'
On Tue, Sep 23, 2008 at 7:26 PM, Barry Brimer lists@brimer.org wrote:
Quoting Tim Alberts talberts@msiscales.com:
Barry Brimer wrote:
With spaces separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/
/g'
With commas separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
I'm sorry, I didn't specify, I'm using LDAP for user/group management. Ideally a command like 'groups' would be nice, except it would be the inverse, it would print the users in a group, not the groups a user belongs to.
With commas separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'
With spaces separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/ /g'
ok, Barry wins. :)
But, I don't think you need the egrep ...
getent group groupname | ...
works ok for me.
-Bob
Bob Beers wrote:
On Tue, Sep 23, 2008 at 7:26 PM, Barry Brimer lists@brimer.org wrote:
With commas separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'
With spaces separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/ /g'
ok, Barry wins. :)
But, I don't think you need the egrep ...
getent group groupname | ...
works ok for me.
-Bob
Excellent, 'getent group...' should do perfectly. Thanks Barry and Bob.
On Tue, 23 Sep 2008, Bob Beers wrote:
On Tue, Sep 23, 2008 at 7:26 PM, Barry Brimer lists@brimer.org wrote:
Quoting Tim Alberts talberts@msiscales.com:
Barry Brimer wrote:
With spaces separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }' | sed -e 's/,/
/g'
With commas separating groups:
egrep -e '^groupname:' /etc/group | awk -F : '{ print $4 }'
I'm sorry, I didn't specify, I'm using LDAP for user/group management. Ideally a command like 'groups' would be nice, except it would be the inverse, it would print the users in a group, not the groups a user belongs to.
With commas separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}'
With spaces separating groups:
getent group | egrep -i '^groupname:' | awk -F : '{ print $4}' | sed -e 's/,/ /g'
ok, Barry wins. :)
But, I don't think you need the egrep ...
getent group groupname | ...
works ok for me.
The egrep is using a leading anchor (^) to make sure the grep matches the beginning of the line. If not, and the group pattern matched as one of the users it would print those lines too .. which is probably undesirable.
Barry
On Tue, Sep 23, 2008 at 6:43 PM, Barry Brimer lists@brimer.org wrote:
The egrep is using a leading anchor (^) to make sure the grep matches the beginning of the line. If not, and the group pattern matched as one of the users it would print those lines too .. which is probably undesirable.
Grep understands the '^', so egrep is not needed. Typically, you only need egrep for patterns that involve alternative re's, like looking for one of "abc|def|ghi" which grep does not recognize.
Also, it might be helpful to trim your replies so we don't need to wade through the whole thread to see your reply.
mhr
On Tue, Sep 23, 2008 at 1:31 PM, Tim Alberts talberts@msiscales.com wrote:
So essentially, I am looking for a (simple) shell command to run from a bash script that will allow me to list user accounts that belong to a particular group. Any help is appreciated.
grep <group_name>: /etc/group | cut -d: -f4
will give a comma separated list, provided <group_name> is a valid group name.
HTH, -Bob
Bob Beers wrote:
grep <group_name>: /etc/group | cut -d: -f4
will give a comma separated list, provided <group_name> is a valid group name.
There is one problem with this approach, which is the assumption that all users' primary group is the same as their login id - which I agree is typically the RHEL way, but it doesn't have to be the case. If however you have users with their primary group set to something other than the login id - e.g. "admin" or "marketing" - then you need to look in the /etc/passwd file as well because these users don't appear in the comma separated list outlined above. To check the /etc/passwd file, you have to determine the group id value, and then scan the /etc/passwd file looking for that value in column 4. This will give you a list of users whose primary group is the group value you're interested in.
Cheers,
Ian
Part 1:
On Tue, Sep 23, 2008 at 7:37 PM, Ian Blackwell ian@ikel.id.au wrote:
Bob Beers wrote:
grep <group_name>: /etc/group | cut -d: -f4
will give a comma separated list, provided <group_name> is a valid group name.
There is one problem with this approach, which is the assumption that all users' primary group is the same as their login id - which I agree is typically the RHEL way, but it doesn't have to be the case. If however you have users with their primary group set to something other than the login id - e.g. "admin" or "marketing" - then you need to look in the /etc/passwd file as well because these users don't appear in the comma separated list outlined above. To check the /etc/passwd file, you have to determine the group id value, and then scan the /etc/passwd file looking for that value in column 4. This will give you a list of users whose primary group is the group value you're interested in.
You have a valid point, but the OP's question was:
"I am looking for a (simple) shell command to run from a bash script that will allow me to list user accounts that belong to a particular group."
Part 2:
On Tue, Sep 23, 2008 at 6:43 PM, Barry Brimer lists@brimer.org wrote:
The egrep is using a leading anchor (^) to make sure the grep matches the beginning of the line. If not, and the group pattern matched as one of the users it would print those lines too .. which is probably undesirable.
My instinct is that by specifying the groupname as an argument as in: 'getent group groupname', ( rather than asking for all groups with 'getent group', and then (e)grep'ing, ) that the result would not match for users in the groups list. But I may be wrong. I have not looked at the source code. But I tested on my system and I did not see the behavior you warn of. If I am correct about the getent program, then there is also the added benefit of avoiding the pipe.
:-)
-Bob
Bob Beers wrote:
Part 1:
You have a valid point, but the OP's question was:
"I am looking for a (simple) shell command to run from a bash script that will allow me to list user accounts that belong to a particular group."
In all likelihood the system follows the default approach of setting the primary group to be the user's personal ground. If that is the case then you're correct in providing a simple solution as requested. I just wanted to make Tim aware that if his user's have primary groups other than their personal groups - e.g. "admin" or "marketing" - then there isn't a simple answer (not that the answer is all that hard).
Here's a script I knocked up to do it - although there can be duplication and output formatting isn't perfect:-
#!/bin/bash #set -x # $1 is the group to test if [ "$1" = "" ]; then echo "Which group?" exit 1 fi groupid=$(getent group $1 | cut -d: -f3) grouplst=$(getent group $1 | cut -d: -f4) for User in $(cat /etc/passwd | cut -f1 -d:) do if [ $(id -g $User) = $groupid ]; then grouplst="$(echo $grouplst),$User" fi done echo "Members of group $1 are: $grouplst" exit 0
Regards,
Ian
-
Barry Brimer -
Bob Beers -
Ian Blackwell -
MHR -
Tim Alberts