grp – Unix Group Database¶
| Purpose: | Read group data from Unix group database. |
|---|---|
| Available In: | 1.4 and later |
The grp module can be used to read information about Unix groups from the group database (usually /etc/group). The read-only interface returns tuple-like objects with named attributes for the standard fields of a group record.
| Index | Attribute | Meaning |
|---|---|---|
| 0 | gr_name | Name |
| 1 | gr_passwd | Password, if any (encrypted) |
| 2 | gr_gid | Numerical id (integer) |
| 3 | gr_mem | Names of group members |
The name and password values are both strings, the GID is an integer, and the members are reported as a list of strings.
Querying All Groups¶
Suppose you need to print a report of all of the “real” groups on a system, including their members (for our purposes, “real” is defined as having a name not starting with “_“). To load the entire password database, you would use getgrall(). The return value is a list with an undefined order, so you probably want to sort it before printing the report.
import grp
import operator
# Load all of the user data, sorted by username
all_groups = grp.getgrall()
interesting_groups = sorted((g
for g in all_groups
if not g.gr_name.startswith('_')),
key=operator.attrgetter('gr_name'))
# Find the longest length for the name
name_length = max(len(g.gr_name) for g in interesting_groups) + 1
# Print report headers
fmt = '%-*s %4s %10s %s'
print fmt % (name_length, 'Name',
'GID',
'Password',
'Members')
print '-' * name_length, '----', '-' * 10, '-' * 30
# Print the data
for g in interesting_groups:
print fmt % (name_length, g.gr_name,
g.gr_gid,
g.gr_passwd,
', '.join(g.gr_mem))
$ python grp_getgrall.py
Name GID Password Members
---------------------------------------- ---- ---------- ------------------------------
accessibility 90 *
accessibility 90 *
admin 80 * root, dhellmann
admin 80 * root
authedusers 50 *
authedusers 50 *
bin 7 *
bin 7 *
certusers 29 * root, _jabber, _postfix, _cyrus, _calendar, _dovecot
certusers 29 * root, _jabber, _postfix, _cyrus, _calendar, _dovecot
com.apple.access_screensharing 401 dhellmann
com.apple.access_screensharing-disabled 101 dhellmann
com.apple.access_ssh 102 dhellmann
consoleusers 53 *
consoleusers 53 *
daemon 1 * root
daemon 1 * root
dhellmann 501
dialer 68 *
dialer 68 *
everyone 12 *
everyone 12 *
group 16 *
group 16 *
interactusers 51 *
interactusers 51 *
kmem 2 * root
kmem 2 * root
localaccounts 61 *
localaccounts 61 *
mail 6 * _teamsserver
mail 6 * _teamsserver
netaccounts 62 *
netaccounts 62 *
netusers 52 *
netusers 52 *
network 69 *
network 69 *
nobody 4294967294 *
nobody 4294967294 *
nogroup 4294967295 *
nogroup 4294967295 *
operator 5 * root
operator 5 * root
owner 10 *
owner 10 *
procmod 9 * root
procmod 9 * root
procview 8 * root
procview 8 * root
racemi 500 dhellmann
smmsp 103 *
staff 20 * root
staff 20 * root
sys 3 * root
sys 3 * root
tty 4 * root
tty 4 * root
utmp 45 *
utmp 45 *
wheel 0 * root
wheel 0 * root
Group Memberships for a User¶
Another common task might be to print a list of all the groups for a given user:
import grp
username = 'dhellmann'
groups = [g.gr_name for g in grp.getgrall() if username in g.gr_mem]
print username, 'belongs to:', ', '.join(groups)
$ python grp_groups_for_user.py
dhellmann belongs to: _lpadmin, admin, com.apple.access_screensharing-disabled, com.apple.access_screensharing, com.apple.access_ssh, racemi
Finding a Group By Name¶
As with pwd, it is also possible to query for information about a specific group, either by name or numeric id.
import grp
name = 'admin'
info = grp.getgrnam(name)
print 'Name :', info.gr_name
print 'GID :', info.gr_gid
print 'Password:', info.gr_passwd
print 'Members :', ', '.join(info.gr_mem)
$ python grp_getgrnam.py
Name : admin
GID : 80
Password: *
Members : root, dhellmann
Finding a Group by ID¶
To identify the group running the current process, combine getgrgid() with os.getgid().
import grp
import os
gid = os.getgid()
group_info = grp.getgrgid(gid)
print 'Currently running with GID=%s name=%s' % (gid, group_info.gr_name)
$ python grp_getgrgid_process.py
Currently running with GID=501 name=dhellmann
And to get the group name based on the permissions on a file, look up the group returned by os.stat().
import grp
import os
import sys
filename = 'grp_getgrgid_fileowner.py'
stat_info = os.stat(filename)
owner = grp.getgrgid(stat_info.st_gid).gr_name
print '%s is owned by %s (%s)' % (filename, owner, stat_info.st_gid)
$ python grp_getgrgid_fileowner.py
grp_getgrgid_fileowner.py is owned by dhellmann (501)
