Users and groups are two important elements in Linux security management. In this quick tutorial, we’re going to look at how to list all groups on the current system.
Additionally, we’ll address how to get all groups a specific user belongs to as well.
2. Reading the /etc/group File
In Linux, all groups are defined in the file /etc/group. Moreover, it stores each group entry in the format:
First, let’s take a look at an example of /etc/group:
$ cat /etc/group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin adm:x:4:root,daemon tty:x:5: disk:x:6:root lp:x:7:cups,daemon,kent mem:x:8: ...
The /etc/group file is a plain text file. Therefore, we can read the file and use our Linux command-line fu to extract the data we want, such as the group name:
$ cut -d: -f1 /etc/group root bin daemon sys adm tty disk lp mem ...
In the example above, we’ve used the cut command to extract the group name only. Thus, the output contains all group names on the system, one group per line.
3. Using the getent Command
The /etc/group file defines all groups on the local system.
However, if we’re working on a networked system, the system reads local groups from the /etc/group file, and it can read groups from networked services as well, such as LDAP.
We can use the getent command to read the group database to get all groups:
$ getent group root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin adm:x:4:root,daemon tty:x:5: disk:x:6:root lp:x:7:cups,daemon,kent mem:x:8: ...
As the output shows, each group’s format has the same format as the /etc/group file.
If we want to obtain the group names only, the same cut trick can help us here as well:
$ getent group | cut -d: -f1 root bin daemon sys adm tty disk lp mem ...
4. Getting Groups of a Specific User
We’ve learned how to get all groups defined on a system. Sometimes, in more common cases, we want to know which groups a specific user belongs to.
In this section, we’re going to show two ways to get this information. Both are pretty straightforward.
If we don’t give it any arguments, the groups command will list all groups of the current user:
kent$ groups lp wheel dbus network video audio optical storage input users vboxusers docker kent
However, if we like, we can pass a username to the command, and it’ll report only the groups that the given user belongs to:
kent$ groups root root bin daemon sys adm disk wheel log
Alternatively, we can use the id command to do it, too.
The id command is a handy utility to report user information, such as the username, the real name, and groups.
Since the id command is a member of the Coreutils, it has been installed on all Linux distros by default.
We can combine the -G and -n options to make the id command print all group names of a given user.
Similar to the groups command, if we don’t tell id a username, it’ll print group names of the current user:
kent$ id -Gn kent lp wheel dbus network video audio optical storage input users vboxusers docker
However, when we pass a username to the command, it’ll naturally output the group names of the given user:
kent$ id -Gn root root bin daemon sys adm disk wheel log
In this quick article, we’ve first learned two approaches to get all groups defined on the system:
- Parsing the /etc/group file
- Using the getent command
Later, we’ve also addressed two straightforward commands – id and groups – to get a specific user’s group names through examples.