Finding Your Groups

group greg lobinski
flickr / Greg Lobinski (Creative Commons BY or BY-SA)

Finding Your Groups

On Unix systems, groups are defined in two ways -- by the numeric GID field that exists for every account and through the use of the /etc/group file that allows us sysadmins to give names to groups like "admins" and "managers" and, optionally, provide a list of usernames as members. Groups aren't required to have names. The GIDs in your /etc/passwd file define a group if more than one account is assigned the same GID. They won' have names unless the group number and name are linked in the /etc/group file. Still, a system is generally easier to manage if groups of users are organized into groups. Those groups can be used to access particular files or commands or to assign privileges in your sudoers files.

Linux systems generally have a groups command that will allow you to list the groups that you or some other user are members of. If you are a sysadmin and a member of the security group, you might see something like this when you run the command.

$ groups
admins   secteam

You can list the groups that another user is a member of by adding their username as an argument to the groups command.

$ groups kevinc
kevinc : progmgrs
$ groups root
root : root bin daemon sys adm disk wheel

The id command will give very similar output, though I generally use groups because it's easier to remember.

$ id -Gn root
root bin daemon sys adm disk wheel

Listing all members of a group can be little trickier. Members might be included in the group because it's their primary group, specified in the /etc/passwd file. Or they might be members because they've been added to the group definition in the /etc/group file.

$ grep maryk /etc/passwd
maryk:x:2011:200:Mary K:/home/maryk:/bin/bash
$ grep maryk /etc/group

In this case, maryk would be members or both the secteam and the progmgrs groups.

If you want to be able to list group members using the group name or the group number, you can use a script like the one shown below. It evaluates the argument provided and looks through the /etc/group and the /etc/passwd files for matching entries. Of course, if you're using Solaris, you need to determine whether the system you're working on configures groups through local files or a service such as NIS/NIS+; in this case, you'd need to use ypcat or niscat commands to get the information you need.


# get group if no argument provided
if [ $# == 0 ]; then
    echo -n "group name or number> "
    read group

# regular expression for numbers

# get info from the /etc/group file
# =================================
# check if response is a string
if ! [[ $group =~ $re ]] ; then		# group name
    grp=`grep "^$group:" /etc/group`	# make sure it exists
    if [ $? != 0 ]; then                # not found
        echo No such group: $group
        exit 1
    else                                # found group number and members in /etc/group
        gnumber=`echo "$grp" | awk -F: '{print $3}'`
        members=`echo "$grp" | awk -F: '{print $NF}'`
        if [ "$members" != "" ]; then
            echo $members | tr "," "\n"	# list members in /etc/group
else    # response is numeric
    members=`grep ":x:$group:" /etc/group | awk -F: '{print $NF}'`
    if [ $? == 0 ]; then
        if [ "$members" != "" ]; then
            echo $members | tr "," "\n"

# get info from the /etc/passwd file
# ==================================
while read line
    gid=`echo $line | awk -F: '{print $4}'`
    if [ $gid == $gnumber ]; then
        echo $line | awk -F: '{print $1}'
done < /etc/passwd

Linux systems will generally put each user into his/her own individual group unless you specify otherwise in your useradd command. In this case, the significant group information is set up in the /etc/group file.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.