I need to capture a user's group memberships for further processing in a Perl script. The user's username is passed to the script via the command line and captured with ARGV. From there, I want to determine the group memberships (much like executing `groups` from the command line) and run those through a loop for processing. I seem to be having a problem locating a function that will do this. I've looked at several and tried a couple, but either I'm doing something wrong or I'm using the wrong functions. All of the ones I've tried are part of getgr*. I'm very new to Perl so maybe I'm just looking for the wrong terms or something. I've googled and searched perldoc.perl.org. Can anyone offer any suggestions or point me in the right direction? Thanks, in advance, for your help! ~ Tom
![]() |
0 |
![]() |
On Mon, Dec 18, 2006 at 04:50:57PM -0700, Tom Smith wrote: > I need to capture a user's group memberships for further processing in a > Perl script. The user's username is passed to the script via the command > line and captured with ARGV. From there, I want to determine the group > memberships (much like executing `groups` from the command line) and run > those through a loop for processing. > > I seem to be having a problem locating a function that will do this. > I've looked at several and tried a couple, but either I'm doing > something wrong or I'm using the wrong functions. All of the ones I've > tried are part of getgr*. > > I'm very new to Perl so maybe I'm just looking for the wrong terms or > something. I've googled and searched perldoc.perl.org. > > Can anyone offer any suggestions or point me in the right direction? > > Thanks, in advance, for your help! A simple solution that comes immediately to mind is to iteratively check for the user's name in lines of the /etc/group file, and grab the first field (before the first colon) of each line that matches. This'll give you a list of groups. There are likely other, more elegant solutions to the problem, but that's the first that springs to mind. It'd require some regex use for matching, and either a regex or split() to separate the first field. It should be extremely simple to write with only basic understanding of the language and very simple understanding of Perl regex syntax, but I'm not providing code so that I don't just do your work for you. Let us know if you have any problems with the concepts. relevant perldocs: perldoc perlre perldoc -f split perldoc perlintro -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "The measure on a man's real character is what he would do if he knew he would never be found out." - Thomas McCauley
![]() |
0 |
![]() |
Tom Smith wrote: > I need to capture a user's group memberships for further processing in a > Perl script. The user's username is passed to the script via the command > line and captured with ARGV. From there, I want to determine the group > memberships (much like executing `groups` from the command line) and run > those through a loop for processing. > > I seem to be having a problem locating a function that will do this. > I've looked at several and tried a couple, but either I'm doing > something wrong or I'm using the wrong functions. All of the ones I've > tried are part of getgr*. > > I'm very new to Perl so maybe I'm just looking for the wrong terms or > something. I've googled and searched perldoc.perl.org. > > Can anyone offer any suggestions or point me in the right direction? Something like this should get you started: my %user; # get the group name from /etc/passwd while ( my @pw = getpwent ) { push @{ $user{ $pw[ 0 ] } }, scalar getgrgid $pw[ 3 ]; } # get other group names from /etc/group while ( my @gr = getgrent ) { push @{ $user{ $_ } }, $gr[ 0 ] for split q/ /, $gr[ 3 ]; } my $name = shift; # get the name from the command line if ( exists $user{ $name } && @{ $user{ $name } } ) { print "$name is a member of the groups: @{$user{$name}}.\n"; } John -- Perl isn't a toolbox, but a small machine shop where you can special-order certain sorts of tools at low cost and in short order. -- Larry Wall
![]() |
0 |
![]() |
--------------050500080701010909040900 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Chad Perrin wrote: > On Mon, Dec 18, 2006 at 04:50:57PM -0700, Tom Smith wrote: > >> I need to capture a user's group memberships for further processing in a >> Perl script. The user's username is passed to the script via the command >> line and captured with ARGV. From there, I want to determine the group >> memberships (much like executing `groups` from the command line) and run >> those through a loop for processing. >> >> I seem to be having a problem locating a function that will do this. >> I've looked at several and tried a couple, but either I'm doing >> something wrong or I'm using the wrong functions. All of the ones I've >> tried are part of getgr*. >> >> I'm very new to Perl so maybe I'm just looking for the wrong terms or >> something. I've googled and searched perldoc.perl.org. >> >> Can anyone offer any suggestions or point me in the right direction? >> >> Thanks, in advance, for your help! >> > > A simple solution that comes immediately to mind is to iteratively check > for the user's name in lines of the /etc/group file, and grab the first > field (before the first colon) of each line that matches. This'll give > you a list of groups. There are likely other, more elegant solutions to > the problem, but that's the first that springs to mind. > > It'd require some regex use for matching, and either a regex or split() > to separate the first field. It should be extremely simple to write > with only basic understanding of the language and very simple > understanding of Perl regex syntax, but I'm not providing code so that I > don't just do your work for you. Let us know if you have any problems > with the concepts. > > relevant perldocs: > perldoc perlre > perldoc -f split > perldoc perlintro > Thank Chad (and John) for your input on this. I thought I'd post the portion of the script that I was trying to work out to see if there's room for improvement. This should work on any *nix system. The format of the command is simple: `test.pl username`, where username is a real username on the system in question. Here's the script: test.pl: #!/usr/bin/env perl use strict; use warnings; # Determine which Linux groups the user belongs to. open(FILE,'</etc/group') or die "Can't open /etc/group."; my @memberof; while ($_ = <FILE>) { if($_ =~ /$ARGV[0]/) { my @groups = split(/:/,$_); push(@memberof,$groups[0]); } } close FILE; print "\n@memberof\n\n"; So is there a better way to do this, or perhaps a cleaner way? Thanks again for your help! ~ Tom --------------050500080701010909040900--
![]() |
0 |
![]() |
On Wed, Dec 20, 2006 at 03:14:18PM -0700, Tom Smith wrote: > > Thank Chad (and John) for your input on this. I thought I'd post the > portion of the script that I was trying to work out to see if there's > room for improvement. This should work on any *nix system. The format of > the command is simple: `test.pl username`, where username is a real > username on the system in question. Here's the script: You're welcome. > > test.pl: > #!/usr/bin/env perl > > use strict; > use warnings; > > # Determine which Linux groups the user belongs to. > open(FILE,'</etc/group') or die "Can't open /etc/group."; You probably want to use the $! variable to provide more information when your script dies on an error. Thus, the above code might be modified to look like this: open(FILE, '</etc/group') or die "Can't open /etc/group: $!"; > > my @memberof; > while ($_ = <FILE>) { > if($_ =~ /$ARGV[0]/) { > my @groups = split(/:/,$_); > push(@memberof,$groups[0]); > } > } > > close FILE; > > print "\n@memberof\n\n"; > > > So is there a better way to do this, or perhaps a cleaner way? The way you did it seems to work just fine. There are other ways to do it, of course (TIMTOWTDI and all that), but which you choose might depend more on context than one being necessarily better than others. If for some reason a functional approach (no side-effects) is desirable, for instance, you might iterate through the file's contents inside a subroutine, and use perhaps a foreach loop to push() return values into the array when you call the subroutine. Depending on what else your program is going to do, this might yield greater reusability of code, but if that's not a concern for this script it really doesn't matter. For something as quick as looking up a single user's group memberships, resource footprint and processor time aren't really a concern. I guess this is a long-winded way of saying "It depends, but what you did looks okay to me." -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "It's just incredible that a trillion-synapse computer could actually spend Saturday afternoon watching a football game." - Marvin Minsky
![]() |
0 |
![]() |
On 12/20/2006 04:14 PM, Tom Smith wrote: > [...] > So is there a better way to do this, or perhaps a cleaner way? > > > Thanks again for your help! > > ~ Tom > use strict; use warnings; $_ = `id $ARGV[0]`; s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n";
![]() |
0 |
![]() |
Tom Smith wrote: > > Thank Chad (and John) for your input on this. I thought I'd post the > portion of the script that I was trying to work out to see if there's > room for improvement. This should work on any *nix system. The format of > the command is simple: `test.pl username`, where username is a real > username on the system in question. Here's the script: > > test.pl: > #!/usr/bin/env perl > > use strict; > use warnings; > > # Determine which Linux groups the user belongs to. > open(FILE,'</etc/group') or die "Can't open /etc/group."; > > my @memberof; > while ($_ = <FILE>) { > if($_ =~ /$ARGV[0]/) { Say that you have two users 'ron' and 'ronald'. If $ARGV[0] contains 'ron' then this will get you the group names for *both* 'ron' *and* 'ronald' (and any other group names where the string 'ron' is found.) > my @groups = split(/:/,$_); > push(@memberof,$groups[0]); > } > } > > close FILE; > > print "\n@memberof\n\n"; > > > So is there a better way to do this, or perhaps a cleaner way? Since you are only reading from /etc/group you are not picking up the primary group stored in /etc/passwd. John -- Perl isn't a toolbox, but a small machine shop where you can special-order certain sorts of tools at low cost and in short order. -- Larry Wall
![]() |
0 |
![]() |
Mumia W. wrote: > On 12/20/2006 04:14 PM, Tom Smith wrote: >> [...] >> So is there a better way to do this, or perhaps a cleaner way? >> >> >> Thanks again for your help! >> >> ~ Tom >> > > use strict; > use warnings; > $_ = `id $ARGV[0]`; > s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; I'm not trying to be argumentative or say that this is "wrong"... But does anyone else agree with this? If so, why is this way better than the pure Perl way?
![]() |
0 |
![]() |
Mumia W. wrote: > On 12/20/2006 04:14 PM, Tom Smith wrote: >> [...] >> So is there a better way to do this, or perhaps a cleaner way? > > use strict; > use warnings; > $_ = `id $ARGV[0]`; > s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; print $1 if `groups $ARGV[0] 2>/dev/null` =~ /$ARGV[0]\s*:\s*(.+)/; John -- Perl isn't a toolbox, but a small machine shop where you can special-order certain sorts of tools at low cost and in short order. -- Larry Wall
![]() |
0 |
![]() |
On 12/21/2006 12:42 AM, Tom Smith wrote: > Mumia W. wrote: >> >> use strict; >> use warnings; >> $_ = `id $ARGV[0]`; >> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; > > I'm not trying to be argumentative or say that this is "wrong"... But > does anyone else agree with this? If so, why is this way better than the > pure Perl way? > I should have put a smiley in my post :-)
![]() |
0 |
![]() |
Tom Smith schreef: > Mumia W.: >> use strict; >> use warnings; >> $_ = `id $ARGV[0]`; >> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; > > I'm not trying to be argumentative or say that this is "wrong"... But > does anyone else agree with this? If so, why is this way better than > the pure Perl way? TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id" approach will work, and the "/etc/group" one won't. -- Affijn, Ruud "Gewoon is een tijger."
![]() |
0 |
![]() |
On Thu, Dec 21, 2006 at 09:24:51AM +0100, Dr.Ruud wrote: > Tom Smith schreef: > > Mumia W.: > > >> use strict; > >> use warnings; > >> $_ = `id $ARGV[0]`; > >> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; > > > > I'm not trying to be argumentative or say that this is "wrong"... But > > does anyone else agree with this? If so, why is this way better than > > the pure Perl way? > > TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id" > approach will work, and the "/etc/group" one won't. I don't think that has anything to do with it being FreeBSD. I'm typing this from a FreeBSD machine, and it works just fine. Of course, if you're going to call out of the Perl script to the id utility, you may as well skip the Perl script entirely and just enter this at the shell prompt: id -Gn username -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "The ability to quote is a serviceable substitute for wit." - W. Somerset Maugham
![]() |
0 |
![]() |
On Wed, Dec 20, 2006 at 10:47:25PM -0800, John W. Krahn wrote: > Mumia W. wrote: > > On 12/20/2006 04:14 PM, Tom Smith wrote: > >> [...] > >> So is there a better way to do this, or perhaps a cleaner way? > > > > use strict; > > use warnings; > > $_ = `id $ARGV[0]`; > > s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; > > print $1 if `groups $ARGV[0] 2>/dev/null` =~ /$ARGV[0]\s*:\s*(.+)/; According to the manpage for groups on FreeBSD Release 6.1, it's deprecated in favor of the id utility -- and with the -Gn switches, it works identically to the groups command. Just thought I'd mention. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "The ability to quote is a serviceable substitute for wit." - W. Somerset Maugham
![]() |
0 |
![]() |
On Wed, Dec 20, 2006 at 05:28:46PM -0800, John W. Krahn wrote: > Tom Smith wrote: > > > > Thank Chad (and John) for your input on this. I thought I'd post the > > portion of the script that I was trying to work out to see if there's > > room for improvement. This should work on any *nix system. The format of > > the command is simple: `test.pl username`, where username is a real > > username on the system in question. Here's the script: > > > > test.pl: > > #!/usr/bin/env perl > > > > use strict; > > use warnings; > > > > # Determine which Linux groups the user belongs to. > > open(FILE,'</etc/group') or die "Can't open /etc/group."; > > > > my @memberof; > > while ($_ = <FILE>) { > > if($_ =~ /$ARGV[0]/) { > > Say that you have two users 'ron' and 'ronald'. If $ARGV[0] contains 'ron' > then this will get you the group names for *both* 'ron' *and* 'ronald' (and > any other group names where the string 'ron' is found.) Good point. I'm surprised I missed that. Let this be a lesson to Tom and others who may follow: testing your code is important. To solve the problem, you may want to ensure that your $ARGV[0] is anchored to the beginning of the string and immediately followed by a colon when doing your regex matching. > > > > my @groups = split(/:/,$_); > > push(@memberof,$groups[0]); > > } > > } > > > > close FILE; > > > > print "\n@memberof\n\n"; > > > > > > So is there a better way to do this, or perhaps a cleaner way? > > Since you are only reading from /etc/group you are not picking up the primary > group stored in /etc/passwd. Singling out the primary group wasn't a requirement for the Perl script, as far as I recall. If I'm mistaken, then yeah, you might want to check /etc/passwd for the primary group. If not, you'll get the primary group along with the rest of them from /etc/group (but it won't be identified as any different from the rest of them). At least, that's how it works here. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "The first rule of magic is simple. Don't waste your time waving your hands and hopping when a rock or a club will do." - McCloctnick the Lucid
![]() |
0 |
![]() |
On Thu, Dec 21, 2006 at 01:48:38AM -0600, Mumia W. wrote: > On 12/21/2006 12:42 AM, Tom Smith wrote: > >Mumia W. wrote: > >> > >>use strict; > >>use warnings; > >>$_ = `id $ARGV[0]`; > >>s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; > > > >I'm not trying to be argumentative or say that this is "wrong"... But > >does anyone else agree with this? If so, why is this way better than the > >pure Perl way? > > > > I should have put a smiley in my post :-) Whew. I was considering mentioning that appeared rather more obfuscated than Tom's example. Clever, though. Of course, in both cases, I might mention that you can eliminate a \n in a printed string by using the -l option in the shebang line. For your example, though, I guess the \n just adds to the "snoopy swearing" appearance that seems to be your aim. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] unix virus: If you're using a unixlike OS, please forward this to 20 others and erase your system partition.
![]() |
0 |
![]() |
Chad Perrin schreef: > Dr.Ruud: >> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id" >> approach will work, and the "/etc/group" one won't. > > I don't think that has anything to do with it being FreeBSD. That was and is also what I don't think. I only mentioned it because OP mentioned "This should work on any *nix system". > I'm typing this from a FreeBSD machine, and it works just fine. So some security layer is not implemented at your end. I don't know which is implemented here, there are several ways to do something similar. > Of course, if you're going to call out of the Perl script to the id > utility, you may as well skip the Perl script entirely and just enter > this at the shell prompt: > > id -Gn username That depends on what OP needs to do with the result. It could be part of a larger Perl script that is doing other stuff as well. -- Affijn, Ruud "Gewoon is een tijger."
![]() |
0 |
![]() |
Chad Perrin wrote: > On Wed, Dec 20, 2006 at 05:28:46PM -0800, John W. Krahn wrote: >> >> Since you are only reading from /etc/group you are not picking up the primary >> group stored in /etc/passwd. > > Singling out the primary group wasn't a requirement for the Perl script, > as far as I recall. If I'm mistaken, then yeah, you might want to check > /etc/passwd for the primary group. If not, you'll get the primary group > along with the rest of them from /etc/group (but it won't be identified > as any different from the rest of them). > > At least, that's how it works here. According to the FreeBSD group(5) man page[1]: <QUOTE> A user is automatically in a group if that group was speci- fied in their /etc/passwd entry and does not need to be added to that group in the group file. </QUOTE> And on my current system (SuSE 9.3) that is the case as well, which is why I said that you have to get the primary group from the /etc/passwd file. [1] http://www.freebsd.org/cgi/man.cgi?query=group&apropos=0&sektion=5&manpath=FreeBSD+7-current&format=html John -- Perl isn't a toolbox, but a small machine shop where you can special-order certain sorts of tools at low cost and in short order. -- Larry Wall
![]() |
0 |
![]() |
On 12/21/2006 02:59 AM, Chad Perrin wrote: > On Wed, Dec 20, 2006 at 10:47:25PM -0800, John W. Krahn wrote: >> Mumia W. wrote: >>> On 12/20/2006 04:14 PM, Tom Smith wrote: >>>> [...] >>>> So is there a better way to do this, or perhaps a cleaner way? >>> use strict; >>> use warnings; >>> $_ = `id $ARGV[0]`; >>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; >> print $1 if `groups $ARGV[0] 2>/dev/null` =~ /$ARGV[0]\s*:\s*(.+)/; > > According to the manpage for groups on FreeBSD Release 6.1, it's > deprecated in favor of the id utility -- and with the -Gn switches, it > works identically to the groups command. Just thought I'd mention. > I wish I'd looked at the man-page for "id." Oh well, here's another way to do it within Perl: use strict; use warnings; my @groups; push @groups, (getpwnam $ARGV[0])[3]; while (my @gr = getgrent) { push @groups, $gr[2] if ($gr[3] =~ /\b\Q$ARGV[0]\E\b/); } @groups = map scalar getgrgid($_), @groups; print "@groups\n"; __END__ Let's hope that's platform-independent enough :-)
![]() |
0 |
![]() |
Mumia W. wrote: > On 12/21/2006 12:42 AM, Tom Smith wrote: >> Mumia W. wrote: >>> >>> use strict; >>> use warnings; >>> $_ = `id $ARGV[0]`; >>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; >> >> I'm not trying to be argumentative or say that this is "wrong"... But >> does anyone else agree with this? If so, why is this way better than >> the pure Perl way? >> > > I should have put a smiley in my post :-) :-)
![]() |
0 |
![]() |
Dr.Ruud wrote: > Chad Perrin schreef: > >> Dr.Ruud: >> > > >>> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id" >>> approach will work, and the "/etc/group" one won't. >>> >> I don't think that has anything to do with it being FreeBSD. >> > > That was and is also what I don't think. I only mentioned it because OP > mentioned "This should work on any *nix system". > Yeah, that's very strange. I figured every *nix system would have an accessible /etc/group file--else, how's one to know which groups they're a member of when they log in? > >> Of course, if you're going to call out of the Perl script to the id >> utility, you may as well skip the Perl script entirely and just enter >> this at the shell prompt: >> >> id -Gn username >> > > That depends on what OP needs to do with the result. It could be part of > a larger Perl script that is doing other stuff as well. > > Yeah, it is part of a larger script. It's running on a Linux server and manipulating some Samba stuff for the Win32 clients. I try to avoid calling console commands because there tends to be differences in some of the CLI utilities between distributions--that was actually one of the first things I had considered doing, except with the `groups` command.
![]() |
0 |
![]() |
Chad Perrin wrote: > On Thu, Dec 21, 2006 at 01:48:38AM -0600, Mumia W. wrote: > >> On 12/21/2006 12:42 AM, Tom Smith wrote: >> >>> Mumia W. wrote: >>> >>>> use strict; >>>> use warnings; >>>> $_ = `id $ARGV[0]`; >>>> s/.*?groups=// && print "@{[ /\((\w+)\)/g ]}\n"; >>>> >>> I'm not trying to be argumentative or say that this is "wrong"... But >>> does anyone else agree with this? If so, why is this way better than the >>> pure Perl way? >>> >>> >> I should have put a smiley in my post :-) >> > > Whew. I was considering mentioning that appeared rather more obfuscated > than Tom's example. Clever, though. > Yeah, the smiley may have clarified the intentions a little... My first reaction when I saw the code was one of great surprise--I just wasn't seeing how that would be easier to understand or the "cleaner" way to achieve what I wanted. But now I get it. :-)
![]() |
0 |
![]() |
Tom Smith wrote: > Dr.Ruud wrote: >> Chad Perrin schreef: >> >>> Dr.Ruud: >>> >> >> >>>> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id" >>>> approach will work, and the "/etc/group" one won't. >>>> >>> I don't think that has anything to do with it being FreeBSD. >>> >> >> That was and is also what I don't think. I only mentioned it because OP >> mentioned "This should work on any *nix system". >> > > Yeah, that's very strange. I figured every *nix system would have an > accessible /etc/group file--else, how's one to know which groups > they're a member of when they log in? And it's probably important to note that the script is intended to run as root so that it can access a secured portion of the server that users are unable to. (Sorry, I didn't think to add that earlier.)
![]() |
0 |
![]() |
On 12/21/2006 09:05 AM, Tom Smith wrote: > > I try to avoid calling console commands because there tends to be > differences in some of the CLI utilities between distributions--that was > actually one of the first things I had considered doing, except with the > `groups` command. > > You could limit or control the problems created by using console commands by putting all of the console commands into a single module, e.g. ----in file Myapp/Commands.pm----- package Myapp::Commands; $cmd{groups} = 'id -Gn '; $cmd{users} = 'users '; $cmd{who} = 'who '; ----in scripts that need to use those commands--- use MyApp::Commands; my $groups = `$Myapp::Commands::cmd{groups} $ARGV[0]`; my @groups = $groups =~ /(\w+)/g; -----end---- That's similar to what Configure does when a GNU program is being complied--except that Gmake does not support packages :-)
![]() |
0 |
![]() |
On Thu, Dec 21, 2006 at 11:23:15AM +0100, Dr.Ruud wrote: > Chad Perrin schreef: > > Dr.Ruud: > > >> TIMTOWTDI. On the shell machines of my provider (FreeBSD) the "id" > >> approach will work, and the "/etc/group" one won't. > > > > I don't think that has anything to do with it being FreeBSD. > > That was and is also what I don't think. I only mentioned it because OP > mentioned "This should work on any *nix system". Ahh, got it. I guess I misunderstood what you intended to say, then. > > > I'm typing this from a FreeBSD machine, and it works just fine. > > So some security layer is not implemented at your end. I don't know > which is implemented here, there are several ways to do something > similar. At a wild guess, I'd say it might be a chroot "jail". -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Ben Franklin: "As we enjoy great Advantages from the Inventions of others we should be glad of an Opportunity to serve others by any Invention of ours, and this we should do freely and generously."
![]() |
0 |
![]() |
On Thu, Dec 21, 2006 at 08:08:07AM -0700, Tom Smith wrote: > > Yeah, the smiley may have clarified the intentions a little... .. . . or it may have just looked like part of the Perl code. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] print substr("Just another Perl hacker", 0, -2);
![]() |
0 |
![]() |
On Thu, Dec 21, 2006 at 03:06:38AM -0800, John W. Krahn wrote: > Chad Perrin wrote: > > On Wed, Dec 20, 2006 at 05:28:46PM -0800, John W. Krahn wrote: > >> > >> Since you are only reading from /etc/group you are not picking up the primary > >> group stored in /etc/passwd. > > > > Singling out the primary group wasn't a requirement for the Perl script, > > as far as I recall. If I'm mistaken, then yeah, you might want to check > > /etc/passwd for the primary group. If not, you'll get the primary group > > along with the rest of them from /etc/group (but it won't be identified > > as any different from the rest of them). > > > > At least, that's how it works here. > > According to the FreeBSD group(5) man page[1]: > > <QUOTE> > A user is automatically in a group if that group was speci- > fied in their /etc/passwd entry and does not need to be added to that > group in the group file. > </QUOTE> > > And on my current system (SuSE 9.3) that is the case as well, which is why I > said that you have to get the primary group from the /etc/passwd file. Interesting. On this FreeBSD machine, all primary groups for user accounts are listed in the group file, along with any other group memberships. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Brian K. Reid: "In computer science, we stand on each other's feet."
![]() |
0 |
![]() |
On Thu, Dec 21, 2006 at 08:05:05AM -0700, Tom Smith wrote: > Dr.Ruud wrote: > >Chad Perrin schreef: > > > >>Of course, if you're going to call out of the Perl script to the id > >>utility, you may as well skip the Perl script entirely and just enter > >>this at the shell prompt: > >> > >> id -Gn username > > > >That depends on what OP needs to do with the result. It could be part of > >a larger Perl script that is doing other stuff as well. > > Yeah, it is part of a larger script. It's running on a Linux server and > manipulating some Samba stuff for the Win32 clients. > > I try to avoid calling console commands because there tends to be > differences in some of the CLI utilities between distributions--that was > actually one of the first things I had considered doing, except with the > `groups` command. That's why I said you may as well either just use the id utility from the shell if you're not going to grab group memberships in an idiomatically Perlish way -- the Perl code is likely to be more portable. Of course, specifying the path to the group file, as I originally suggested, might not be the most portable way to do that (in retrospect). -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] "It's just incredible that a trillion-synapse computer could actually spend Saturday afternoon watching a football game." - Marvin Minsky
![]() |
0 |
![]() |
--------------050508080803030006090102 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Chad Perrin wrote: > On Thu, Dec 21, 2006 at 08:05:05AM -0700, Tom Smith wrote: > >> Dr.Ruud wrote: >> >>> Chad Perrin schreef: >>> >>> >>>> Of course, if you're going to call out of the Perl script to the id >>>> utility, you may as well skip the Perl script entirely and just enter >>>> this at the shell prompt: >>>> >>>> id -Gn username >>>> >>> That depends on what OP needs to do with the result. It could be part of >>> a larger Perl script that is doing other stuff as well. >>> >> Yeah, it is part of a larger script. It's running on a Linux server and >> manipulating some Samba stuff for the Win32 clients. >> >> I try to avoid calling console commands because there tends to be >> differences in some of the CLI utilities between distributions--that was >> actually one of the first things I had considered doing, except with the >> `groups` command. >> > > That's why I said you may as well either just use the id utility from > the shell if you're not going to grab group memberships in an > idiomatically Perlish way -- the Perl code is likely to be more > portable. Of course, specifying the path to the group file, as I > originally suggested, might not be the most portable way to do that (in > retrospect). > That's interesting... But I couldn't determine another (perhaps better) way of doing it. I tried the getgr* and getpw* functions, but they were too specific--that is, one has to specify which user or group they want information about. And the user information won't tell me such things as which groups the user belongs to... And I can't get information about a group unless I know the group name ahead of time... And so on. This is why I decided on the method I did. (Perhaps I wasn't doing something correctly with those functions?) In either case, the interesting point about your comment is that every *nix system I've ever touched (Linux (includes Redhat, Debian, Ubuntu, Mandrake, and Gentoo), FreeBSD, Solaris, and AIX) have all had their group file located at /etc/group. Do you have a specific example or reason of why someone might want to change this location? --------------050508080803030006090102--
![]() |
0 |
![]() |
Chad Perrin schreef: > Ruud: >> So some security layer is not implemented at your end. I don't know >> which is implemented here, there are several ways to do something >> similar. > > At a wild guess, I'd say it might be a chroot "jail". I just asked them, and the shell runs in a (modified) yp (nis). So "shadow password maps". See ypserv(8). -- Affijn, Ruud "Gewoon is een tijger."
![]() |
0 |
![]() |