I need to capture a user's group memberships for further processing in a 
Perl script. The user's username is passed to the script via the command 
line and captured with ARGV. From there, I want to determine the group 
memberships (much like executing `groups` from the command line) and run 
those through a loop for processing.

I seem to be having a problem locating a function that will do this. 
I've looked at several and tried a couple, but either I'm doing 
something wrong or I'm using the wrong functions. All of the ones I've 
tried are part of getgr*.

I'm very new to Perl so maybe I'm just looking for the wrong terms or 
something. I've googled and searched perldoc.perl.org.

Can anyone offer any suggestions or point me in the right direction?

Thanks, in advance, for your help!

~ Tom

On Mon, Dec 18, 2006 at 04:50:57PM -0700, Tom Smith wrote:
> I need to capture a user's group memberships for further processing in a 
> Perl script. The user's username is passed to the script via the command 
> line and captured with ARGV. From there, I want to determine the group 
> memberships (much like executing `groups` from the command line) and run 
> those through a loop for processing.
> 
> I seem to be having a problem locating a function that will do this. 
> I've looked at several and tried a couple, but either I'm doing 
> something wrong or I'm using the wrong functions. All of the ones I've 
> tried are part of getgr*.
> 
> I'm very new to Perl so maybe I'm just looking for the wrong terms or 
> something. I've googled and searched perldoc.perl.org.
> 
> Can anyone offer any suggestions or point me in the right direction?
> 
> Thanks, in advance, for your help!

A simple solution that comes immediately to mind is to iteratively check
for the user's name in lines of the /etc/group file, and grab the first
field (before the first colon) of each line that matches.  This'll give
you a list of groups.  There are likely other, more elegant solutions to
the problem, but that's the first that springs to mind.

It'd require some regex use for matching, and either a regex or split()
to separate the first field.  It should be extremely simple to write
with only basic understanding of the language and very simple
understanding of Perl regex syntax, but I'm not providing code so that I
don't just do your work for you.  Let us know if you have any problems
with the concepts.

relevant perldocs:
  perldoc perlre
  perldoc -f split
  perldoc perlintro

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"The measure on a man's real character is what he would do
if he knew he would never be found out." - Thomas McCauley

Tom Smith wrote:
> I need to capture a user's group memberships for further processing in a
> Perl script. The user's username is passed to the script via the command
> line and captured with ARGV. From there, I want to determine the group
> memberships (much like executing `groups` from the command line) and run
> those through a loop for processing.
> 
> I seem to be having a problem locating a function that will do this.
> I've looked at several and tried a couple, but either I'm doing
> something wrong or I'm using the wrong functions. All of the ones I've
> tried are part of getgr*.
> 
> I'm very new to Perl so maybe I'm just looking for the wrong terms or
> something. I've googled and searched perldoc.perl.org.
> 
> Can anyone offer any suggestions or point me in the right direction?

Something like this should get you started:

my %user;

# get the group name from /etc/passwd
while ( my @pw = getpwent ) {
    push @{ $user{ $pw[ 0 ] } }, scalar getgrgid $pw[ 3 ];
    }

# get other group names from /etc/group
while ( my @gr = getgrent ) {
    push @{ $user{ $_ } }, $gr[ 0 ] for split q/ /, $gr[ 3 ];
    }

my $name = shift;  # get the name from the command line

if ( exists $user{ $name } && @{ $user{ $name } } ) {
    print "$name is a member of the groups: @{$user{$name}}.\n";
    }




John
-- 
Perl isn't a toolbox, but a small machine shop where you can special-order
certain sorts of tools at low cost and in short order.       -- Larry Wall

--------------050500080701010909040900
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Chad Perrin wrote:
> On Mon, Dec 18, 2006 at 04:50:57PM -0700, Tom Smith wrote:
>   
>> I need to capture a user's group memberships for further processing in a 
>> Perl script. The user's username is passed to the script via the command 
>> line and captured with ARGV. From there, I want to determine the group 
>> memberships (much like executing `groups` from the command line) and run 
>> those through a loop for processing.
>>
>> I seem to be having a problem locating a function that will do this. 
>> I've looked at several and tried a couple, but either I'm doing 
>> something wrong or I'm using the wrong functions. All of the ones I've 
>> tried are part of getgr*.
>>
>> I'm very new to Perl so maybe I'm just looking for the wrong terms or 
>> something. I've googled and searched perldoc.perl.org.
>>
>> Can anyone offer any suggestions or point me in the right direction?
>>
>> Thanks, in advance, for your help!
>>     
>
> A simple solution that comes immediately to mind is to iteratively check
> for the user's name in lines of the /etc/group file, and grab the first
> field (before the first colon) of each line that matches.  This'll give
> you a list of groups.  There are likely other, more elegant solutions to
> the problem, but that's the first that springs to mind.
>
> It'd require some regex use for matching, and either a regex or split()
> to separate the first field.  It should be extremely simple to write
> with only basic understanding of the language and very simple
> understanding of Perl regex syntax, but I'm not providing code so that I
> don't just do your work for you.  Let us know if you have any problems
> with the concepts.
>
> relevant perldocs:
>   perldoc perlre
>   perldoc -f split
>   perldoc perlintro
>   

Thank Chad (and John) for your input on this. I thought I'd post the 
portion of the script that I was trying to work out to see if there's 
room for improvement. This should work on any *nix system. The format of 
the command is simple: `test.pl username`, where username is a real 
username on the system in question. Here's the script:

test.pl:
#!/usr/bin/env perl

use strict;
use warnings;

# Determine which Linux groups the user belongs to.
open(FILE,'</etc/group') or die "Can't open /etc/group.";

my @memberof;
while ($_ = <FILE>) {
        if($_ =~ /$ARGV[0]/) {
                my @groups = split(/:/,$_);
                push(@memberof,$groups[0]);
        }
}

close FILE;

print "\n@memberof\n\n";


So is there a better way to do this, or perhaps a cleaner way?


Thanks again for your help!

~ Tom

--------------050500080701010909040900--

On Wed, Dec 20, 2006 at 03:14:18PM -0700, Tom Smith wrote:
> 
> Thank Chad (and John) for your input on this. I thought I'd post the 
> portion of the script that I was trying to work out to see if there's 
> room for improvement. This should work on any *nix system. The format of 
> the command is simple: `test.pl username`, where username is a real 
> username on the system in question. Here's the script:

You're welcome.


> 
> test.pl:
> #!/usr/bin/env perl
> 
> use strict;
> use warnings;
> 
> # Determine which Linux groups the user belongs to.
> open(FILE,'</etc/group') or die "Can't open /etc/group.";

You probably want to use the $! variable to provide more information
when your script dies on an error.  Thus, the above code might be
modified to look like this:

  open(FILE, '</etc/group') or die "Can't open /etc/group: $!";


> 
> my @memberof;
> while ($_ = <FILE>) {
>        if($_ =~ /$ARGV[0]/) {
>                my @groups = split(/:/,$_);
>                push(@memberof,$groups[0]);
>        }
> }
> 
> close FILE;
> 
> print "\n@memberof\n\n";
> 
> 
> So is there a better way to do this, or perhaps a cleaner way?

The way you did it seems to work just fine.  There are other ways to do
it, of course (TIMTOWTDI and all that), but which you choose might
depend more on context than one being necessarily better than others.
If for some reason a functional approach (no side-effects) is desirable,
for instance, you might iterate through the file's contents inside a
subroutine, and use perhaps a foreach loop to push() return values into
the array when you call the subroutine.  Depending on what else your
program is going to do, this might yield greater reusability of code,
but if that's not a concern for this script it really doesn't matter.
For something as quick as looking up a single user's group memberships,
resource footprint and processor time aren't really a concern.

I guess this is a long-winded way of saying "It depends, but what you
did looks okay to me."


-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"It's just incredible that a trillion-synapse computer could actually
spend Saturday afternoon watching a football game." - Marvin Minsky

On 12/20/2006 04:14 PM, Tom Smith wrote:
> [...]
> So is there a better way to do this, or perhaps a cleaner way?
> 
> 
> Thanks again for your help!
> 
> ~ Tom
> 

use strict;
use warnings;
$_ = `id $ARGV[0]`;
s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";

Tom Smith wrote:
> 
> Thank Chad (and John) for your input on this. I thought I'd post the
> portion of the script that I was trying to work out to see if there's
> room for improvement. This should work on any *nix system. The format of
> the command is simple: `test.pl username`, where username is a real
> username on the system in question. Here's the script:
> 
> test.pl:
> #!/usr/bin/env perl
> 
> use strict;
> use warnings;
> 
> # Determine which Linux groups the user belongs to.
> open(FILE,'</etc/group') or die "Can't open /etc/group.";
>  
> my @memberof;
> while ($_ = <FILE>) {
>        if($_ =~ /$ARGV[0]/) {

Say that you have two users 'ron' and 'ronald'.  If $ARGV[0] contains 'ron'
then this will get you the group names for *both* 'ron' *and* 'ronald' (and
any other group names where the string 'ron' is found.)


>                my @groups = split(/:/,$_);
>                push(@memberof,$groups[0]);
>        }
> }
> 
> close FILE;
> 
> print "\n@memberof\n\n";
> 
> 
> So is there a better way to do this, or perhaps a cleaner way?

Since you are only reading from /etc/group you are not picking up the primary
group stored in /etc/passwd.



John
-- 
Perl isn't a toolbox, but a small machine shop where you can special-order
certain sorts of tools at low cost and in short order.       -- Larry Wall

Mumia W. wrote:
> On 12/20/2006 04:14 PM, Tom Smith wrote:
>> [...]
>> So is there a better way to do this, or perhaps a cleaner way?
>>
>>
>> Thanks again for your help!
>>
>> ~ Tom
>>
>
> use strict;
> use warnings;
> $_ = `id $ARGV[0]`;
> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";

I'm not trying to be argumentative or say that this is "wrong"... But 
does anyone else agree with this? If so, why is this way better than the 
pure Perl way?

Mumia W. wrote:
> On 12/20/2006 04:14 PM, Tom Smith wrote:
>> [...]
>> So is there a better way to do this, or perhaps a cleaner way?
> 
> use strict;
> use warnings;
> $_ = `id $ARGV[0]`;
> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";

print $1 if `groups $ARGV[0] 2>/dev/null` =~ /$ARGV[0]\s*:\s*(.+)/;



John
-- 
Perl isn't a toolbox, but a small machine shop where you can special-order
certain sorts of tools at low cost and in short order.       -- Larry Wall

On 12/21/2006 12:42 AM, Tom Smith wrote:
> Mumia W. wrote:
>>
>> use strict;
>> use warnings;
>> $_ = `id $ARGV[0]`;
>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
> 
> I'm not trying to be argumentative or say that this is "wrong"... But 
> does anyone else agree with this? If so, why is this way better than the 
> pure Perl way?
> 

I should have put a smiley in my post :-)

Tom Smith schreef:
> Mumia W.:

>> use strict;
>> use warnings;
>> $_ = `id $ARGV[0]`;
>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
>
> I'm not trying to be argumentative or say that this is "wrong"... But
> does anyone else agree with this? If so, why is this way better than
> the pure Perl way?

TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id"
approach will work, and the "/etc/group" one won't.

-- 
Affijn, Ruud

"Gewoon is een tijger."

On Thu, Dec 21, 2006 at 09:24:51AM +0100, Dr.Ruud wrote:
> Tom Smith schreef:
> > Mumia W.:
> 
> >> use strict;
> >> use warnings;
> >> $_ = `id $ARGV[0]`;
> >> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
> >
> > I'm not trying to be argumentative or say that this is "wrong"... But
> > does anyone else agree with this? If so, why is this way better than
> > the pure Perl way?
> 
> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id"
> approach will work, and the "/etc/group" one won't.

I don't think that has anything to do with it being FreeBSD.  I'm typing
this from a FreeBSD machine, and it works just fine.

Of course, if you're going to call out of the Perl script to the id
utility, you may as well skip the Perl script entirely and just enter
this at the shell prompt:

  id -Gn username

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"The ability to quote is a serviceable
substitute for wit." - W. Somerset Maugham

On Wed, Dec 20, 2006 at 10:47:25PM -0800, John W. Krahn wrote:
> Mumia W. wrote:
> > On 12/20/2006 04:14 PM, Tom Smith wrote:
> >> [...]
> >> So is there a better way to do this, or perhaps a cleaner way?
> > 
> > use strict;
> > use warnings;
> > $_ = `id $ARGV[0]`;
> > s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
> 
> print $1 if `groups $ARGV[0] 2>/dev/null` =~ /$ARGV[0]\s*:\s*(.+)/;

According to the manpage for groups on FreeBSD Release 6.1, it's
deprecated in favor of the id utility -- and with the -Gn switches, it
works identically to the groups command.  Just thought I'd mention.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"The ability to quote is a serviceable
substitute for wit." - W. Somerset Maugham

On Wed, Dec 20, 2006 at 05:28:46PM -0800, John W. Krahn wrote:
> Tom Smith wrote:
> > 
> > Thank Chad (and John) for your input on this. I thought I'd post the
> > portion of the script that I was trying to work out to see if there's
> > room for improvement. This should work on any *nix system. The format of
> > the command is simple: `test.pl username`, where username is a real
> > username on the system in question. Here's the script:
> > 
> > test.pl:
> > #!/usr/bin/env perl
> > 
> > use strict;
> > use warnings;
> > 
> > # Determine which Linux groups the user belongs to.
> > open(FILE,'</etc/group') or die "Can't open /etc/group.";
> >  
> > my @memberof;
> > while ($_ = <FILE>) {
> >        if($_ =~ /$ARGV[0]/) {
> 
> Say that you have two users 'ron' and 'ronald'.  If $ARGV[0] contains 'ron'
> then this will get you the group names for *both* 'ron' *and* 'ronald' (and
> any other group names where the string 'ron' is found.)

Good point.  I'm surprised I missed that.  Let this be a lesson to Tom
and others who may follow: testing your code is important.  To solve the
problem, you may want to ensure that your $ARGV[0] is anchored to the
beginning of the string and immediately followed by a colon when doing
your regex matching.


> 
> 
> >                my @groups = split(/:/,$_);
> >                push(@memberof,$groups[0]);
> >        }
> > }
> > 
> > close FILE;
> > 
> > print "\n@memberof\n\n";
> > 
> > 
> > So is there a better way to do this, or perhaps a cleaner way?
> 
> Since you are only reading from /etc/group you are not picking up the primary
> group stored in /etc/passwd.

Singling out the primary group wasn't a requirement for the Perl script,
as far as I recall.  If I'm mistaken, then yeah, you might want to check
/etc/passwd for the primary group.  If not, you'll get the primary group
along with the rest of them from /etc/group (but it won't be identified
as any different from the rest of them).

At least, that's how it works here.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"The first rule of magic is simple. Don't waste your time waving your
hands and hopping when a rock or a club will do." - McCloctnick the Lucid

On Thu, Dec 21, 2006 at 01:48:38AM -0600, Mumia W. wrote:
> On 12/21/2006 12:42 AM, Tom Smith wrote:
> >Mumia W. wrote:
> >>
> >>use strict;
> >>use warnings;
> >>$_ = `id $ARGV[0]`;
> >>s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
> >
> >I'm not trying to be argumentative or say that this is "wrong"... But 
> >does anyone else agree with this? If so, why is this way better than the 
> >pure Perl way?
> >
> 
> I should have put a smiley in my post :-)

Whew.  I was considering mentioning that appeared rather more obfuscated
than Tom's example.  Clever, though.

Of course, in both cases, I might mention that you can eliminate a \n in
a printed string by using the -l option in the shebang line.  For your
example, though, I guess the \n just adds to the "snoopy swearing"
appearance that seems to be your aim.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
unix virus: If you're using a unixlike OS, please forward
this to 20 others and erase your system partition.

Chad Perrin schreef:
> Dr.Ruud:

>> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id"
>> approach will work, and the "/etc/group" one won't.
>
> I don't think that has anything to do with it being FreeBSD.

That was and is also what I don't think. I only mentioned it because OP
mentioned "This should work on any *nix system".


> I'm typing this from a FreeBSD machine, and it works just fine.

So some security layer is not implemented at your end. I don't know
which is implemented here, there are several ways to do something
similar.


> Of course, if you're going to call out of the Perl script to the id
> utility, you may as well skip the Perl script entirely and just enter
> this at the shell prompt:
>
>   id -Gn username

That depends on what OP needs to do with the result. It could be part of
a larger Perl script that is doing other stuff as well.

-- 
Affijn, Ruud

"Gewoon is een tijger."

Chad Perrin wrote:
> On Wed, Dec 20, 2006 at 05:28:46PM -0800, John W. Krahn wrote:
>> 
>> Since you are only reading from /etc/group you are not picking up the primary
>> group stored in /etc/passwd.
> 
> Singling out the primary group wasn't a requirement for the Perl script,
> as far as I recall.  If I'm mistaken, then yeah, you might want to check
> /etc/passwd for the primary group.  If not, you'll get the primary group
> along with the rest of them from /etc/group (but it won't be identified
> as any different from the rest of them).
> 
> At least, that's how it works here.

According to the FreeBSD group(5) man page[1]:

<QUOTE>
                   A user is automatically in a group if that group was speci-
     fied in their /etc/passwd entry and does not need to be added to that
     group in the group file.
</QUOTE>

And on my current system (SuSE 9.3) that is the case as well, which is why I
said that you have to get the primary group from the /etc/passwd file.



[1]
http://www.freebsd.org/cgi/man.cgi?query=group&apropos=0&sektion=5&manpath=FreeBSD+7-current&format=html

John
-- 
Perl isn't a toolbox, but a small machine shop where you can special-order
certain sorts of tools at low cost and in short order.       -- Larry Wall

On 12/21/2006 02:59 AM, Chad Perrin wrote:
> On Wed, Dec 20, 2006 at 10:47:25PM -0800, John W. Krahn wrote:
>> Mumia W. wrote:
>>> On 12/20/2006 04:14 PM, Tom Smith wrote:
>>>> [...]
>>>> So is there a better way to do this, or perhaps a cleaner way?
>>> use strict;
>>> use warnings;
>>> $_ = `id $ARGV[0]`;
>>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
>> print $1 if `groups $ARGV[0] 2>/dev/null` =~ /$ARGV[0]\s*:\s*(.+)/;
> 
> According to the manpage for groups on FreeBSD Release 6.1, it's
> deprecated in favor of the id utility -- and with the -Gn switches, it
> works identically to the groups command.  Just thought I'd mention.
> 

I wish I'd looked at the man-page for "id." Oh well, here's another way 
to do it within Perl:

use strict;
use warnings;

my @groups;
push @groups, (getpwnam $ARGV[0])[3];

while (my @gr = getgrent) {
     push @groups, $gr[2] if ($gr[3] =~ /\b\Q$ARGV[0]\E\b/);
}

@groups = map scalar getgrgid($_), @groups;
print "@groups\n";

__END__

Let's hope that's platform-independent enough :-)

Mumia W. wrote:
> On 12/21/2006 12:42 AM, Tom Smith wrote:
>> Mumia W. wrote:
>>>
>>> use strict;
>>> use warnings;
>>> $_ = `id $ARGV[0]`;
>>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
>>
>> I'm not trying to be argumentative or say that this is "wrong"... But 
>> does anyone else agree with this? If so, why is this way better than 
>> the pure Perl way?
>>
>
> I should have put a smiley in my post :-)
:-)

Dr.Ruud wrote:
> Chad Perrin schreef:
>   
>> Dr.Ruud:
>>     
>
>   
>>> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id"
>>> approach will work, and the "/etc/group" one won't.
>>>       
>> I don't think that has anything to do with it being FreeBSD.
>>     
>
> That was and is also what I don't think. I only mentioned it because OP
> mentioned "This should work on any *nix system".
>   

Yeah, that's very strange. I figured every *nix system would have an 
accessible /etc/group file--else, how's one to know which groups they're 
a member of when they log in?

>   
>> Of course, if you're going to call out of the Perl script to the id
>> utility, you may as well skip the Perl script entirely and just enter
>> this at the shell prompt:
>>
>>   id -Gn username
>>     
>
> That depends on what OP needs to do with the result. It could be part of
> a larger Perl script that is doing other stuff as well.
>
>   

Yeah, it is part of a larger script. It's running on a Linux server and 
manipulating some Samba stuff for the Win32 clients.

I try to avoid calling console commands because there tends to be 
differences in some of the CLI utilities between distributions--that was 
actually one of the first things I had considered doing, except with the 
`groups` command.

Chad Perrin wrote:
> On Thu, Dec 21, 2006 at 01:48:38AM -0600, Mumia W. wrote:
>   
>> On 12/21/2006 12:42 AM, Tom Smith wrote:
>>     
>>> Mumia W. wrote:
>>>       
>>>> use strict;
>>>> use warnings;
>>>> $_ = `id $ARGV[0]`;
>>>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
>>>>         
>>> I'm not trying to be argumentative or say that this is "wrong"... But 
>>> does anyone else agree with this? If so, why is this way better than the 
>>> pure Perl way?
>>>
>>>       
>> I should have put a smiley in my post :-)
>>     
>
> Whew.  I was considering mentioning that appeared rather more obfuscated
> than Tom's example.  Clever, though.
>   

Yeah, the smiley may have clarified the intentions a little... My first 
reaction when I saw the code was one of great surprise--I just wasn't 
seeing how that would be easier to understand or the "cleaner" way to 
achieve what I wanted. But now I get it. :-)

Tom Smith wrote:
> Dr.Ruud wrote:
>> Chad Perrin schreef:
>>  
>>> Dr.Ruud:
>>>     
>>
>>  
>>>> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id"
>>>> approach will work, and the "/etc/group" one won't.
>>>>       
>>> I don't think that has anything to do with it being FreeBSD.
>>>     
>>
>> That was and is also what I don't think. I only mentioned it because OP
>> mentioned "This should work on any *nix system".
>>   
>
> Yeah, that's very strange. I figured every *nix system would have an 
> accessible /etc/group file--else, how's one to know which groups 
> they're a member of when they log in?

And it's probably important to note that the script is intended to run 
as root so that it can access a secured portion of the server that users 
are unable to. (Sorry, I didn't think to add that earlier.)

On 12/21/2006 09:05 AM, Tom Smith wrote:
> 
> I try to avoid calling console commands because there tends to be 
> differences in some of the CLI utilities between distributions--that was 
> actually one of the first things I had considered doing, except with the 
> `groups` command.
> 
> 

You could limit or control the problems created by using console 
commands by putting all of the console commands into a single module, e.g.

----in file Myapp/Commands.pm-----
package Myapp::Commands;
$cmd{groups} = 'id -Gn ';
$cmd{users} = 'users ';
$cmd{who} = 'who ';


----in scripts that need to use those commands---
use MyApp::Commands;
my $groups = `$Myapp::Commands::cmd{groups} $ARGV[0]`;
my @groups = $groups =~ /(\w+)/g;

-----end----

That's similar to what Configure does when a GNU program is being 
complied--except that Gmake does not support packages :-)

On Thu, Dec 21, 2006 at 11:23:15AM +0100, Dr.Ruud wrote:
> Chad Perrin schreef:
> > Dr.Ruud:
> 
> >> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id"
> >> approach will work, and the "/etc/group" one won't.
> >
> > I don't think that has anything to do with it being FreeBSD.
> 
> That was and is also what I don't think. I only mentioned it because OP
> mentioned "This should work on any *nix system".

Ahh, got it.  I guess I misunderstood what you intended to say, then.


> 
> > I'm typing this from a FreeBSD machine, and it works just fine.
> 
> So some security layer is not implemented at your end. I don't know
> which is implemented here, there are several ways to do something
> similar.

At a wild guess, I'd say it might be a chroot "jail".

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Ben Franklin: "As we enjoy great Advantages from the Inventions of
others we should be glad of an Opportunity to serve others by any
Invention of ours, and this we should do freely and generously."

On Thu, Dec 21, 2006 at 08:08:07AM -0700, Tom Smith wrote:
> 
> Yeah, the smiley may have clarified the intentions a little...

.. . . or it may have just looked like part of the Perl code.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
print substr("Just another Perl hacker", 0, -2);

On Thu, Dec 21, 2006 at 03:06:38AM -0800, John W. Krahn wrote:
> Chad Perrin wrote:
> > On Wed, Dec 20, 2006 at 05:28:46PM -0800, John W. Krahn wrote:
> >> 
> >> Since you are only reading from /etc/group you are not picking up the primary
> >> group stored in /etc/passwd.
> > 
> > Singling out the primary group wasn't a requirement for the Perl script,
> > as far as I recall.  If I'm mistaken, then yeah, you might want to check
> > /etc/passwd for the primary group.  If not, you'll get the primary group
> > along with the rest of them from /etc/group (but it won't be identified
> > as any different from the rest of them).
> > 
> > At least, that's how it works here.
> 
> According to the FreeBSD group(5) man page[1]:
> 
> <QUOTE>
>                    A user is automatically in a group if that group was speci-
>      fied in their /etc/passwd entry and does not need to be added to that
>      group in the group file.
> </QUOTE>
> 
> And on my current system (SuSE 9.3) that is the case as well, which is why I
> said that you have to get the primary group from the /etc/passwd file.

Interesting.  On this FreeBSD machine, all primary groups for user
accounts are listed in the group file, along with any other group
memberships.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."

On Thu, Dec 21, 2006 at 08:05:05AM -0700, Tom Smith wrote:
> Dr.Ruud wrote:
> >Chad Perrin schreef:
> >  
> >>Of course, if you're going to call out of the Perl script to the id
> >>utility, you may as well skip the Perl script entirely and just enter
> >>this at the shell prompt:
> >>
> >>  id -Gn username
> >
> >That depends on what OP needs to do with the result. It could be part of
> >a larger Perl script that is doing other stuff as well.
> 
> Yeah, it is part of a larger script. It's running on a Linux server and 
> manipulating some Samba stuff for the Win32 clients.
> 
> I try to avoid calling console commands because there tends to be 
> differences in some of the CLI utilities between distributions--that was 
> actually one of the first things I had considered doing, except with the 
> `groups` command.

That's why I said you may as well either just use the id utility from
the shell if you're not going to grab group memberships in an
idiomatically Perlish way -- the Perl code is likely to be more
portable.  Of course, specifying the path to the group file, as I
originally suggested, might not be the most portable way to do that (in
retrospect).

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
"It's just incredible that a trillion-synapse computer could actually
spend Saturday afternoon watching a football game." - Marvin Minsky

--------------050508080803030006090102
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit



Chad Perrin wrote:
> On Thu, Dec 21, 2006 at 08:05:05AM -0700, Tom Smith wrote:
>   
>> Dr.Ruud wrote:
>>     
>>> Chad Perrin schreef:
>>>  
>>>       
>>>> Of course, if you're going to call out of the Perl script to the id
>>>> utility, you may as well skip the Perl script entirely and just enter
>>>> this at the shell prompt:
>>>>
>>>>  id -Gn username
>>>>         
>>> That depends on what OP needs to do with the result. It could be part of
>>> a larger Perl script that is doing other stuff as well.
>>>       
>> Yeah, it is part of a larger script. It's running on a Linux server and 
>> manipulating some Samba stuff for the Win32 clients.
>>
>> I try to avoid calling console commands because there tends to be 
>> differences in some of the CLI utilities between distributions--that was 
>> actually one of the first things I had considered doing, except with the 
>> `groups` command.
>>     
>
> That's why I said you may as well either just use the id utility from
> the shell if you're not going to grab group memberships in an
> idiomatically Perlish way -- the Perl code is likely to be more
> portable.  Of course, specifying the path to the group file, as I
> originally suggested, might not be the most portable way to do that (in
> retrospect).
>   

That's interesting... But I couldn't determine another (perhaps better) 
way of doing it.

I tried the getgr* and getpw* functions, but they were too 
specific--that is, one has to specify which user or group they want 
information about. And the user information won't tell me such things as 
which groups the user belongs to... And I can't get information about a 
group unless I know the group name ahead of time... And so on. This is 
why I decided on the method I did. (Perhaps I wasn't doing something 
correctly with those functions?)

In either case, the interesting point about your comment is that every 
*nix system I've ever touched (Linux (includes Redhat, Debian, Ubuntu, 
Mandrake, and Gentoo), FreeBSD, Solaris, and AIX) have all had their 
group file located at /etc/group. Do you have a specific example or 
reason of why someone might want to change this location?

--------------050508080803030006090102--

Chad Perrin schreef:
> Ruud:

>> So some security layer is not implemented at your end. I don't know
>> which is implemented here, there are several ways to do something
>> similar.
>
> At a wild guess, I'd say it might be a chroot "jail".

I just asked them, and the shell runs in a (modified) yp (nis). So
"shadow password maps". See ypserv(8).

-- 
Affijn, Ruud

"Gewoon is een tijger."