bergman on 12 Nov 2011 19:57:35 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Finding a /etc/group entry containing a user list 

In the message dated: Sat, 12 Nov 2011 18:41:29 EST,
The pithy ruminations from Fred Stluka on 
<Re: [PLUG] Finding a /etc/group entry containing a user list> were:
=> JP,
=> 
=> > Of course, the flip side is that other users in group15 will have
=> > perms they don't need.  I don't really care too much for this
=> > purpose, but usually that would matter.  So maybe this question is
=> > less useful than I thought at first and yet-another-group really
=> > is the best answer.

Not always. Don't forget that users were limited to being in 16 groups, and
many programs, paricularly NFS, use structure with that limit.[1]. The
various tools (usermod, getent, etc.) will allow you to 'add' a user to more
groups and will report that the user is in those groups...but things that
depend on that group membership won't always work.


	[1] http://blogs.oracle.com/peteh/date/20050614

	(get past the icky 'oracle.com' URL that used to read
	'sun.com', and realize that much of that--notably the NFS stuff--does
	apply to Linux)

[SNIP!]

=> 
=> --Fred
=> 
=> On 11/12/11 2:38 PM, JP Vossen wrote:
=> > On 11/12/2011 02:30 PM, David Coulson wrote:
=> >> Just run 'id' against each username and parse out the output. Remember
=> >> /etc/group is typically just for supplemental groups - The user's
=> >> primary group is usually only in /etc/passwd.


Hmmm....

I wouldn't 'parse /etc/group' directly, as group info could be stored in
other places (NIS tables, LDAP, etc). It's safer to use "getent" (which
will use the data sources & precedence defined in /etc/nsswitch.conf)
to retrieve group information.

=> t 
=> > helps me; it seems like I'd still need to parse stuff into some kind of data structure so I ca
=> n 
=> > get my answer.
=> >
=> > Maybe I need an example.
=> >
=> > If I have user01 to user10 (decimal, not binary :), and group01 to group40, I want to know tha
=> t, 
=> > say, group15 contains 8 out of 10 of my users, so if I can add user09 and user10 to group15, 
=> > everyone will have the right perms once I chgrp the dir tree.

You could probably do something vaguely like this pseudo-code:

    ##############################################################################
    # Given a list of users as arguments, compute
    # the score for each group that has any of those
    # users as a member, and print the group[s] with the
    # highest score
    #####
    foreach user $ARGV[0]
    {
    	foreach group `getent group | grep $user`
    	$SCORE{$group}++;
    }
    
    foreach group ( keys($SCORE) )
    {
    	if ( $SCORE{$group} = $highscore )
    	{
    		# this group has the same score as the 
    		# current high score
    		$highgroups="$highgroups $group"
    	}
    	
    	if ( $SCORE{$group} > $highscore )
    	{
    		# we have a new high score
    		$highgroups="$group"
    		$highscore=$SCORE{$group}
    	}
    }
    printf "The group[s] \"$highgroups\" have the largest number ($highscore) of members of the specified users"
    ####################################################


Mark
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug