How to List All Users In a Group on Linux

Configurare noua (How To)

Situatie

Files and directories on Linux have a set of permissions for the owner, another set for the group the file is allocated to, and permissions for everyone who isn’t in one of the previous two categories. Each set of permissions defines whether the members of that category can read, write, or execute the file. In the case of a directory, the execute action equates to being able to cd into the directory.

The default group for a file or directory is the default group of the owner. That’s usually the person who created it. The group permissions are used to allow a collection of users to have controlled access to the files and directories of the other members of that group.

Solutie

The “/etc/group” file contains a colon “:” delimited list of groups and group members. Each line has four fields.

  • Name: The unique name of the group.
  • Password: Not used. This will always hold “x.”
  • Group ID: The unique group identifier.
  • Users: A comma-delimited list of the members of the group. The list is usually empty for system and daemon accounts.

To dump the contents of the file to the terminal window, you can use cat, but it’s more convenient to be able to scroll through the contents of the file with less.

less /etc/group

Using cat to see the contents of the /etc/group file

Most of the entries at the top of the list have no members, although the “adm” group has two, and the “cdrom” group has one.

The first part of the /etc/groups file in the less file viewer

If we want to discover the groups a specific user is in, we can use grep to search for entries with their user account name. This isn’t our task at hand. We want to see everyone who is a member of a group, not the groups that one person belongs to. But it is instructive for us to take a look.

grep "dave" /etc/group

The list of groups that user dave is a member of

The entries that contain the string “dave” are listed for us. And tucked away amongst them is a sign that things might not be as simple as we thought.

When a user is added to Linux, the default action is to place them in a group with the same name as their user account. This is their primary group. Any other groups they are added to are known as secondary groups.

The problem is that users are not listed as members of their primary groups. That’s why the group “dave” is not showing any members, although the user “dave” is a member of that group.

Of course, system administrators can change the primary group of any user to that of any other group. That means a user can be a member of any group but they won’t be listed as such in the “/etc/group” file. That’s one issue.

The second issue is that the “/etc/group” file isn’t a single source of truth. Modern Linux installations may well store user and group information in more places than “/etc/passwd” and “/etc/group”, especially in corporate situations where services like Lightweight Directory Access Protocol are deployed. By only looking in one place, you might not be seeing the big picture.

In our test scenario, we created four groups for a development department. They are:

  • resteam: The research team.
  • devteam: The development team.
  • pvqteam: The product verification and quality team.
  • docteam: The documentation team.

We added people to these teams. Some people are in more than one team. If we open the “/etc/group” file in less and scroll to the bottom of the file, we’ll see the new groups and group members. At least, as many members as the “/etc/group” file knows about.

The bottom of the /etc/group file in the less file viewer

If we want to extract a single group, we can search using grep. The caret “^” represents the start of a line.

grep "^devteam" /etc/group

Using grep to extract the members for a single group

This extracts the “devteam” entry from the file and lists all the group members. Or does it?

The getent Command

The getent command checks multiple databases for user group information, not just “/etc/group.” We’ll use getent to show us the user groups.

getent group

Using getent to list all defined groups

Using getent with the group option produces—on this test machine—the same results as using the “/etc/group” file. That’s because we’re not using LDAP or any other centralized naming service. So there are no other sources for getent to refer to.

The output from getent group showing the groups and members

It’s no surprise then, that the results tally with those from the “/etc/group” file. Perhaps what we’re seeing really is the reality of the situation. Maybe everything is straightforward and—on this computer—what you see is what you get? Let’s reserve judgment on that.

The getent command can look at a single group for us. We’ll look at the “devteam” group.

getent group devteam

Using getent group to extract the details of a single group

We get exactly the same results as before. There is a way to dig deeper though.

The lid Command

The lid command is part of the libuser collection of tools. It was already installed on our Fedora 36 test computer but had to be installed on the Ubuntu 22.04 and Manjaro 21 ones.

Also, the command is called lid on Fedora and Manjaro, but on Ubuntu, you need to use libuser-lid.

To install the command on Ubuntu, type:

sudo apt install libuser

Installing libuser on Ubuntu

On Manjaro, libuser is installed from the AUR, so you’ll need to use your favorite AUR helper. We used yay.

yay libuser

Installing libuser on Manjaro

You can use libuser-lid to display group information about groups or users. To show the groups an individual is in, pass their user account name on the command line. On Fedora and Manjaro remember to use lid instead of libuser-lid.

sudo libuser-lib dave

Using libuser-lid to show the groups that user dave is a member of

To see the members of a group, use the -g (group) option along with the name of the group.

sudo libuser-lid -g devteam

using libuser-lid to list the members of the devteam group

Lo and behold, a user called “francis” has appeared as a member of the list. This is the first time we’ve seen him. He isn’t listed in “/etc/group” and getent didn’t discover him either.

Let’s look at a few users with the groups command.

groups abigail
groups hayden
groups francis

Using the groups command on a selection of users

  • User “abigail” is in a group called “abigail” and two other groups, “resteam” and “devteam.”
  • User “hayden” is in a group called “hayden” and two other groups, “pvqteam” and “docteam.”
  • User “francis” is in a single group, the “devteam” group. It’s notable that they are not in a group named “francis.”

We know that every user must be a member of a primary group and that by default the primary group has a GID and name that match the user’s UID and account name. It would appear there’s something different about the user “francis.”

Let’s use the id command and see what the UID and GIDs tell us.

id abigail
id francis

Using the id command on the users abigail and francis

User “abigail” has a UID of 1002, and a GID of 1002. They are in three groups, one of which is called “abigail.” It has a GID of 1002. This is their default primary group.

User “francis” has a GID of 1019, which matches the GID of the “devteam” group. This user has either been assigned a new primary group, or the “devteam” group was set as their primary group when this user was added to the system.

Whichever one it was, only libuser-lid detected them and reported their presence in the “devteam” group.

Tip solutie

Permanent

Voteaza

(8 din 15 persoane apreciaza acest articol)

Despre Autor

Leave A Comment?