1

With

getent group xyz

I get a list of users who are members of xyz with xyz either as a primary group or as secondary group.

How do I get a list of just those users who have xyz as their primary group?

My users are in LDAP, so I am not looking for solutions which involve parsing /etc/group.

loris
  • 195
  • 1
  • 11
  • If you run `getent passwd`, do you get the full list of users including all LDAP users? If so, you can use solutions that work by parsing `/etc/passwd`. Note that primary group membership is not defined in `/etc/group`. – muru Aug 02 '22 at 08:05
  • ```getent passwd``` does indeed give me all the LDAP users, so I could parse the output. You're also right about ```/etc/group``` – loris Aug 02 '22 at 08:35

1 Answers1

4

I don’t think you can do any better than retrieving each member user’s information:

groupinfo="$(getent group xyz)"
groupinfo="${groupinfo#*:*:}"
gid="${groupinfo%%:*}"
members="${groupinfo##*:}"
(IFS=,; set -f; for member in $members; do
 getent passwd $member | grep -E "([^:]+:){3}$gid:"
 done)

If your LDAP server allows you to enumerate all users with getent passwd, you could parse that instead after determining the gid:

groupinfo="$(getent group xyz)"
groupinfo="${groupinfo#*:*:}"
gid="${groupinfo%%:*}"
getent passwd | grep -E "([^:]+:){3}$gid:"
Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164