id like command to See group information - linux

Before adding any group by using groupadd command. I want to see the group is exists or not. Thats why i want to know is there any command like id command to see group information in Linux?
I am able to see the group information in /etc/group or giving command
$ getent group groupname
But I am finding such easy command like id to see group exists or not.

Related

ldapsearch for Active Directory search

I have lot of ad groups which start with ad-grp-<something>-something.
I want to run the ldapsearch command to pull the members of the group all I need is the member id, not the full name.
ldapsearch -xLLL -b "DC=myteam,DC=com" -D user#myteam -h my-host.myteam.com
-w Abcd123 "(&(objectClass=group) "(&(memberOf=CN=ad-grp-*,OU=PermissionGroups,OU=Groups,DC=myteam,DC=com))"
With this I get the full name of the member but I am looking to get the member id of that user.
Can you help me?
Or share if there is any other easy way?
You cannot use wildcards on any attributes that have a distinguishedName in the value, like memberOf. So you will have to first search for the groups: (&(objectClass=group)(cn=ad-grp-*))
If you're sure the membership list of each group is less than 1500, then you can use the member attribute from the search. But if some of those groups have more than 1500 members, it gets more complicated to find them all (it only gives you 1500 at a time).
If some of them might be large groups, then you can take the full distinguishedName for each of the groups (from the search results) and construct a new query to find the members of each one. Something like this:
(&(objectCategory=person)(objectClass=user)(|(memberOf=CN=ad-grp-1,OU=PermissionGroups,OU=Groups,DC=myteam,DC=com)(memberOf=CN=ad-grp-2,OU=PermissionGroups,OU=Groups,DC=myteam,DC=com)))
That shows only two groups (ad-grp-1 and ad-grp-2). Add all of them to the query.

How to know the effective group of a specified user without using su

Sometimes I want to know the effective group of a specified user by using su and groups. Using su is cumbersome. So is there a way to do that without using su?
Would id do what you want?
$ id userx
uid=10987(user) gid=1234(somegroup) groups=1234(somegroup),2345(othergroup)
or
$ id userx -Gn
somegroup othergroup
(I'm a bit confused by the phrase "effective group": processes have effective and real UIDs and GIDs, they are related to setuid/setgid executables. I haven't heard the phrase being used for users before, but apparently the man page for id talks about "effective group" re. -g. I suppose it means the primary GID.)

Where & How is user group information stored in Ubuntu?

Mirror Question: https://unix.stackexchange.com/questions/217300/where-how-is-user-group-information-stored-in-ubuntu. (I'll remove one of them after I got the answer)
Two places possible: /etc/group and /etc/passwd.
If I use command: adduser [username] [groupname], then the user would be added to the group, and the file /etc/group would then be updated.
However, the file /etc/passwd is not updated. if I check which group I belongs to, via groups command, I can only see groups stated in passwd file.. therefore, the user is not added to the group base on this result.
I'm confused.
What's the meaning of storying group info into /etc/passwd, and /etc/group respectively?
Why adduser only update the group file?
How to add group to the passwd file via command?
Why does groups return group info from passwd file, but not group file?
Thanks.
In these traditional text files (there are other ways, e.g. LDAP), your primary group goes to /etc/passwd (it's e.g. used for permissions of files you create), all additional groups go to /etc/group.
see 1.
That's impossible, but you can change a primary group with usermod -g
That's a misinterpretation, groups shows all groups. But a new group is only picked up when you start a new session (new login). You can use the newgrp command, that starts a session with the given group name as your primary group (you must be member of this group) -- as a side effect, it will consult the user database and update your groups list.

Linux command 'getent group' not returning users for some groups?

I am using getent group command to get the groups along with there usernames in linux. But it is not showing any usernames for some groups which i know exist.
i need this info is there any other way around?
Picking up 1st two results :--
root:x:0:
bin:x:1:bin,daemon
as you can see there are no users for group root and 2 users in bin group. I know that the root group contains a user root but its now showing it here.
What you are missing is that each user has a primary group, which is stored in /etc/passwd (usually in field 4), and may have one or more supplementary groups. Only the supplementary group associations are in /etc/group, and as a result, are the only ones that getent group will show. In order to get the entire list of groups for a particular user, you can use id -a <user>, but you'll have to iterate that over the list of users to get your full information dump...
Can you please run:
getent group|diff /etc/group -
and show us the difference in its output,
Since I have run this and I see no difference their both exactly the same
getent will only return the master group name and not the sub groups a user belongs to:
getent group adm
adm:x:4:me,logcheck
To get any instances of adm within getent try:
getent group|grep adm

How to change user affilations to group in Linux

I have several users say: A,B,C,D, etc. and 2 group: master, slave.
Each user belongs to only one of these groups (exclusively).
How can I programmatically change this belonging?
For example: user A belongs to group "master"
How to remove it from group "master" and add it to group "slave"?
From the man page of usermod:
-G, --groups group,...
With this option a list of supplementary groups can be specified, which the user should become a member of. Each group is separated from the next one only by a comma, without whitespace. The user is removed from all other groups not specified.
-R, --remove-from-group group,...
With this option a list of groups can be specified, from which the user should be removed. Each group is separated from the next one only by a comma, without whitespace.
If for some reason this isn't pre-installed on your system it is a command from the pwdutils package.

Resources