List All Groups in Linux | Baeldung on Linux
Mục Lục
1. Overview
Users and groups are two important elements in Linux security management. In this quick tutorial, we’re going to look at how to list all groups on the current system.
Additionally, we’ll address how to get all groups a specific user belongs to as well.
2. Reading the /etc/group File
In Linux, all groups are defined in the file /etc/group. Moreover, it stores each group entry in the format:
group_name:password(encrypted):GID:user_listFirst, let’s take a look at an example of /etc/group:
$ cat /etc/grouproot:x:0:rootbin:x:1:root,bin,daemondaemon:x:2:root,bin,daemonsys:x:3:root,binadm:x:4:root,daemontty:x:5:disk:x:6:rootlp:x:7:cups,daemon,kentmem:x:8:...The /etc/group file is a plain text file. Therefore, we can read the file and use our Linux command-line fu to extract the data we want, such as the group name:
$ cut -d: -f1 /etc/grouprootbindaemonsysadmttydisklpmem...In the example above, we’ve used the cut command to extract the group name only. Thus, the output contains all group names on the system, one group per line.
3. Using the getent Command
The /etc/group file defines all groups on the local system.
However, if we’re working on a networked system, the system reads local groups from the /etc/group file, and it can read groups from networked services as well, such as LDAP.
We can use the getent command to read the group database to get all groups:
$ getent grouproot:x:0:rootbin:x:1:root,bin,daemondaemon:x:2:root,bin,daemonsys:x:3:root,binadm:x:4:root,daemontty:x:5:disk:x:6:rootlp:x:7:cups,daemon,kentmem:x:8:...As the output shows, each group’s format has the same format as the /etc/group file.
If we want to obtain the group names only, the same cut trick can help us here as well:
$ getent group | cut -d: -f1rootbindaemonsysadmttydisklpmem...4. Getting Groups of a Specific User
We’ve learned how to get all groups defined on a system. Sometimes, in more common cases, we want to know which groups a specific user belongs to.
In this section, we’re going to show two ways to get this information. Both are pretty straightforward.
The first way to reach our goal is to use the groups command. This command is shipped with the shadow-utils package. Therefore, it’s available on all Linux distros by default.
If we don’t give it any arguments, the groups command will list all groups of the current user:
kent$ groupslp wheel dbus network video audio optical storage input users vboxusers docker kentHowever, if we like, we can pass a username to the command, and it’ll report only the groups that the given user belongs to:
kent$ groups rootroot bin daemon sys adm disk wheel logAlternatively, we can use the id command to do it, too.
The id command is a handy utility to report user information, such as the username, the real name, and groups.
Since the id command is a member of the Coreutils, it has been installed on all Linux distros by default.
We can combine the -G and -n options to make the id command print all group names of a given user.
Similar to the groups command, if we don’t tell id a username, it’ll print group names of the current user:
kent$ id -Gnkent lp wheel dbus network video audio optical storage input users vboxusers dockerHowever, when we pass a username to the command, it’ll naturally output the group names of the given user:
kent$ id -Gn rootroot bin daemon sys adm disk wheel log5. Conclusion
In this quick article, we’ve first learned two approaches to get all groups defined on the system:
- Parsing the /etc/group file
- Using the getent command
Later, we’ve also addressed two straightforward commands – id and groups – to get a specific user’s group names through examples.
