Group Members

On ubuntu (and I'm sure other distros too) there is a package called members. When you run it you do "members [groupname]" and it lists all the members of a group. My questions is how is this accomplished? I realize that it is probably just a little script parsing something else on the system and returning a list, but what exactly is it looking through?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

UnixGeek

It probably parses the /etc/group file, for example:

cat /etc/group | grep wheel

NightShade03

Just so I understand what you are saying...

So if I have a group "admin" and I run the members command I get:

user1 user2

Which is just the same as running:

cat /etc/group | grep -w admin | cut -d ":" -f4

Which outputs:

user1,user2

UnixGuy

yes the answer above is very accurate. the file "/etc/group" is responsible for groups and members.

Read up on how to interpret the contents of this file. It contains group id, members of groups, and other important stuff.

If you do lot of user administration, u will not use any package and you might not use commands as "grpadd" , you will end up editing the file /etc/group/ directly

make sure you back it up before you do that.

NightShade03

I don't do alot of system admin on linux...yet. We are mostly a Windows shop but I run a few ubuntu servers for particular applications.

I understand the contents of the /etc/group I just want to make sure I understand the differences between using tools such as members, adduser, deluser, etc vs scripting and editing things on my own. I'm already starting to see the power and flexibility that a little bash or python scripting will offer me.

Forsaken_GA

NightShade03 wrote: »

I understand the contents of the /etc/group I just want to make sure I understand the differences between using tools such as members, adduser, deluser, etc vs scripting and editing things on my own.

Here's a dirty little secret -

There's no difference.

If you open up adduser and deluser and such, you'll see they're nothing more than perl scripts (on debian and it's derivatives anyway)

NightShade03

Funny you should mention that because I'm just reading through an article that talks about that. I also believe that adduser is just a pointer to useradd on non-debian systems.

UnixGeek

It helps to know what files your distro's miscellaneous utilities are working with. This can help with troubleshooting, but beyond that, it helps to make your skills more portable. Many of these files are consistent from distro to distro, and are even the same, or very similar when you branch out to Unix variants. That's not as true of the utilities that use these files.

NightShade03

Follow up question:

Looking through the shadow file I see all the user accounts.

Most service accounts have a * which means they are locked. Does this mean that those accounts can still function but no one can login as them?

Also if an account has a ! for the password this I think means "no password"? Can it be that there is no password & the account is locked?

darkerosxx

That's correct.

Extra info you didn't ask for: "usermod -L username" edits the user's info in the shadow file to begin with a "!". Encrypted passwords can't start with a "!", so it effectively locks the account since no password will work when logging in. You can manually do this, yourself, by editing the shadow file and it's a nice way to lock a user's account without actually getting rid of their password. When you want to unlock the account, just remove the "!" or run "usermod -U username".

NightShade03

Although I'm probably beating a dead horse....last question.

I did the following:

useradd james
passwd james (gave him a password)
su james (logged in fine)
exit (back to my primary user)
sudo usermod -L james
sudo cat shadow (saw james's password now has ! in front)
su james

Doing the last su james does lock the account but it still provides a password prompt and just gives back a "Authentication Failure" for any password entered. Is there a way to specifically tell the user that their account is locked as opposed to the generic error message?

MentholMoose

NightShade03 wrote: »

Is there a way to specifically tell the user that their account is locked as opposed to the generic error message?

I couldn't find anything with a quick Google search, so I don't know if there is an "official" way to accomplish this. One possibility would be to write a script that echos "account is locked" and exits, then set the user's shell to that (e.g. "usermod -s /path/to/script.sh"), though I'm not sure if this is a good idea.

darkerosxx

Not providing any kind of message saying account is locked or otherwise is, in my view, a security measure more than anything else. You never want anyone to know a valid user login on your server, regardless of what security measures you have in place or if the account is locked.