{"id":3788,"date":"2019-07-05T08:53:28","date_gmt":"2019-07-05T13:53:28","guid":{"rendered":"https:\/\/dev.iachieved.it\/iachievedit\/?p=3788"},"modified":"2019-07-05T08:53:28","modified_gmt":"2019-07-05T13:53:28","slug":"a-script-for-testing-membership-in-a-unix-group","status":"publish","type":"post","link":"https:\/\/dev.iachieved.it\/iachievedit\/a-script-for-testing-membership-in-a-unix-group\/","title":{"rendered":"A Script for Testing Membership in a Unix Group"},"content":{"rendered":"

Sometimes you just need a boolean test for a given question. In this post we’ll look at answering the question, “Is this user in a given group?” Seems simple enough.<\/p>\n

It’s easy to see what groups a user is a member of in a shell:<\/p>\n

[code lang=text]
\n% id
\nalice@iachieved.it@darthvader:~$ id
\nuid=1068601116(alice@iachieved.it) gid=1068601115(iachievedit@iachieved.it) groups=1068601115(iachievedit@iachieved.it),1068600513(domain users@iachieved.it),1068601109(linux ssh@iachieved.it),1068601118(application deployment@iachieved.it)
\n[\/code]<\/p>\n

Note that Alice is an Active Directory domain user. We want to test whether or not she is a member of the application deployment@iachieved.it<\/code> group. We can see this with our eyes in the terminal, but a little scripting is in order. We’ll skip error checking for this first example.<\/p>\n

uig.sh<\/code>:<\/p>\n

#!\/bin\/bash\n\nUSER=$1\nGROUP=$2\n\n# getent returns all of the members of a given group, see\n# https:\/\/en.wikipedia.org\/wiki\/Getent for examples\n\nuig=`getent group \"$2\" | awk '{split($0,a,\":\"); print a[4];}'`\n\n# IFS (internal field separator) is a gem I frequently forget about\n\nIFS=\",\" read -r -a array <<< $uig\n\n# Print each entry of our array (members of the group) and then \n# grep to find if $USER is there\n\nif printf '%s\\n' ${array[@]} | grep -qP \"^${USER}$\"; then\n  echo \"User $USER IS in group $GROUP\"\n  exit 0\nfi\necho \"User $USER IS NOT in group $GROUP\"\nexit -1\n<\/pre>\n
Let's take it out for a spin.<\/p>\n
[code lang=text]
\nalice@iachieved.it@darthvader:~$ .\/uig.sh `whoami` "linux administrators@iachieved.it"
\nUser alice@iachieved.it IS NOT in group linux administrators@iachieved.it
\n[\/code]<\/p>\n
Now let's test whether or not Alice is in the application deployment@iachieved.it<\/code> group:<\/p>\n
[code lang=text]
\nalice@iachieved.it@darthvader:~$ .\/uig.sh `whoami` "application deployment@iachieved.it"
\nUser alice@iachieved.it IS in group application deployment@iachieved.it
\n[\/code]<\/p>\n
Terrific.  This will come in handy in the next blog post.<\/p>\n
Let's clean this up into a function that can be sourced in a script or shell:<\/p>\n
#!\/bin\/bash\n\nfunction uig () {\n\n  if [ $# -ne 2 ]; then return -1; fi\n\n  USER=$1\n  GROUP=$2\n\n  _uig=`getent group \"$2\" | awk '{split($0,a,\":\"); print a[4];}'`\n\n  IFS=\",\" read -r -a array <<< $_uig\n\n  if printf '%s\\n' ${array[@]} | grep -qP \"^${USER}$\"; then\n      return 0\n  fi\n  return -1\n\n}<\/pre>\n
[code lang=text]
\nalice@iachieved.it@darthvader:~$ uig `whoami` "linux ssh@iachieved.it"
\nalice@iachieved.it@darthvader:~$ echo $?
\n0
\n[\/code]<\/p>\n
Or, the invocation we're most likely to use:<\/p>\n
uig `whoami` \"linux ssh@iachieved.it\"\nif [ \"$?\" == 0 ]; then\n  echo \"In the group\";\nelse\n  echo \"Not in the group\";\nfi\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Sometimes you just need a boolean test for a given question. In this post we’ll look at answering the question, “Is this user in a given group?” Seems simple enough. It’s easy to see what groups a user is a member of in a shell: [code lang=text] % id alice@iachieved.it@darthvader:~$ id uid=1068601116(alice@iachieved.it) gid=1068601115(iachievedit@iachieved.it) groups=1068601115(iachievedit@iachieved.it),1068600513(domain users@iachieved.it),1068601109(linux […]<\/p>\n","protected":false},"author":1,"featured_media":3318,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[],"class_list":["post-3788","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/3788"}],"collection":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/comments?post=3788"}],"version-history":[{"count":9,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/3788\/revisions"}],"predecessor-version":[{"id":3797,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/posts\/3788\/revisions\/3797"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/media\/3318"}],"wp:attachment":[{"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/media?parent=3788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/categories?post=3788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.iachieved.it\/iachievedit\/wp-json\/wp\/v2\/tags?post=3788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}