1. Overview
Users and groups are two important elements in Linux security management. In this quick tutorial, we’re going to look at how to list all groups on the current system.
Additionally, we’ll address how to get all groups a specific user belongs to as well.
2. Reading the /etc/group File
In Linux, all groups are defined in the file /etc/group. Moreover, it stores each group entry in the format:
group_name:password(encrypted):GID:user_listFirst, let’s take a look at an example of /etc/group:
$ cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:cups,daemon,kent
mem:x:8:
...The /etc/group file is a plain text file. Therefore, we can read the file and use our Linux command-line fu to extract the data we want, such as the group name:
$ cut -d: -f1 /etc/group
root
bin
daemon
sys
adm
tty
disk
lp
mem
...
In the example above, we’ve used the cut command to extract the group name only. Thus, the output contains all group names on the system, one group per line.
3. Using the getent Command
The /etc/group file defines all groups on the local system.
However, if we’re working on a networked system, the system reads local groups from the /etc/group file, and it can read groups from networked services as well, such as LDAP.
We can use the getent command to read the group database to get all groups:
$ getent group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin
adm:x:4:root,daemon
tty:x:5:
disk:x:6:root
lp:x:7:cups,daemon,kent
mem:x:8:
...As the output shows, each group’s format has the same format as the /etc/group file.
If we want to obtain the group names only, the same cut trick can help us here as well:
$ getent group | cut -d: -f1
root
bin
daemon
sys
adm
tty
disk
lp
mem
...4. Getting Groups of a Specific User
We’ve learned how to get all groups defined on a system. Sometimes, in more common cases, we want to know which groups a specific user belongs to.
In this section, we’re going to show two ways to get this information. Both are pretty straightforward.
The first way to reach our goal is to use the groups command. This command is shipped with the shadow-utils package. Therefore, it’s available on all Linux distros by default.
If we don’t give it any arguments, the groups command will list all groups of the current user:
kent$ groups
lp wheel dbus network video audio optical storage input users vboxusers docker kentHowever, if we like, we can pass a username to the command, and it’ll report only the groups that the given user belongs to:
kent$ groups root
root bin daemon sys adm disk wheel logAlternatively, we can use the id command to do it, too.
The id command is a handy utility to report user information, such as the username, the real name, and groups.
Since the id command is a member of the Coreutils, it has been installed on all Linux distros by default.
We can combine the -G and -n options to make the id command print all group names of a given user.
Similar to the groups command, if we don’t tell id a username, it’ll print group names of the current user:
kent$ id -Gn
kent lp wheel dbus network video audio optical storage input users vboxusers dockerHowever, when we pass a username to the command, it’ll naturally output the group names of the given user:
kent$ id -Gn root
root bin daemon sys adm disk wheel log5. Conclusion
In this quick article, we’ve first learned two approaches to get all groups defined on the system:
- Parsing the /etc/group file
- Using the getent command
Later, we’ve also addressed two straightforward commands – id and groups – to get a specific user’s group names through examples.