发表新帖
发表新帖

Check if a user is in a group

后端 未结
关注
13 1883
梦如初夏
梦如初夏 2021-01-31 02:42

I have a server running where I use php to run a bash script to verify certain information of a user. For example, I have a webhosting server set up, and in order to be able to

相关标签:
13条回答
  • 我在风中等你
    2021-01-31 03:00

    Bash single line:

    [[ " $(groups) " =~ ' spark ' ]] && echo 'Is in group'

    Bash multi line:

    if [[ " $(groups) " =~ ' spark ' ]]; then
    echo 'Is in group'
fi
    0 讨论(0)
  • 佛祖请我去吃肉
    2021-01-31 03:00

    Here's mine.

    First the long version

    #!/bin/bash
if [[ $# -eq 0 ]]
then
  echo "Usage: $0 [-v] user group"
  echo ""
  echo "  -v verbose. Outputs a sentence for humans."
  echo ""
  echo "Example:"
  echo ""
  echo "  ingroup wilma sudo && echo Wilma has superpowers"
  exit 2
fi

if [[ "$1" == "-v" ]]
then
  verbose=1
  shift
fi

user=$1
grp=$2
# Get groups output
grps=$(groups $user)
# Create a regexp. Note that we must create the regexp in a var
# because it's the only way to allow for spaces in the regexp.
# Strangely we provide this var unquoted when using it; even 
# though it has spaces.
re="^.*:.* $2 "
if [[ "$grps" =~ $re ]]
then
  [[ -n "$verbose" ]] && echo "$user is in group $grp"
  # Success error code
  exit 0
else
  [[ -n "$verbose" ]] && echo "$user is not in group $grp"
  # Fail error code
  exit 1
fi

    Want a shorter version as a function?

    ingroup() {
  re="^.*:.* $2 "
  [[ "$(groups $1) " =~ $re ]] || return 1
}

    Tests

    # Basic positive test
$ ingroup -v wilma sudo && echo 'and therefore is cool'
wilma is in group sudo
and therefore is cool

# Basic negative test
$ ingroup -v wilma myprivateclub || echo 'sorry bout that'
wilma is not in group sudo
sorry bout that

# Test with hyphens in the group name
$ ingroup -v wilma systemd-journal
wilma is in group systemd-journal

# If the group does not exist, it's a negative
$ ingroup -v wilma somewronggroup
wilma is not in group somewronggroup
    0 讨论(0)
  • 栀梦
    2021-01-31 03:01

    My version not relying on grep.

    First parameter (mandatory): group
    Second parameter (optional, defaults to current user)

    isInGroup(){
   group="$1"
   user="${2:-$(whoami)}"
   ret=false 
   for x in $(groups "$user" |sed "s/.*://g")
   do [[ "$x" == "$group" ]] && { ret=true ; break ; }
   done
   eval "$ret"
}
    0 讨论(0)
  • 轮回少年
    2021-01-31 03:02

    A while ago, I wrote a shell function to check if a user is a member of a group. To maximise portability, I wanted it be POSIX-compatible (while this question is tagged as bash, this function will still work). For performance, I wanted to use builtin shell features as much as possible: the only external command it uses is id, the POSIX-standardised utility for getting data about a user’s identity.

    is_in_group()
{
  groupname="$1"
  # The second argument is optional -- defaults to current user.
  current_user="$(id -un)"
  user="${2:-$current_user}"
  for group in $(id -Gn "$user") ; do
    if [ "$group" = "$groupname" ]; then
      return 0
    fi
  done
  # If it reaches this point, the user is not in the group.
  return 1
}

    Example usage to test both positive and negative cases – and ensure it handles a non-existent username gracefully:

    g=mail
userlist="anthony postfix xxx"
for u in $userlist; do
  if is_in_group "$g" "$u"; then
    printf "%s is in ‘%s’\n" "$u" "$g"
  else
    printf "%s is NOT in ‘%s’\n" "$u" "$g"
  fi
done

    Running the above command prints the following output:

    anthony is NOT in ‘mail’
postfix is in ‘mail’
id: ‘xxx’: no such user
xxx is NOT in ‘mail’

    It hasn’t been tested for the case where a group or user has a space or other unusual characters in their name but some research shows that such names are not legal: the POSIX Base Definition for Group Name states that

    To be portable across conforming systems, the value is composed of characters from the portable filename character set.

    The Portable Filename Character Set is specified as the alphanumeric characters, A-Z, a-z, 0-9 along with the period, underscore, and hyphen-minus characters.

    0 讨论(0)
  • 情话喂你
    2021-01-31 03:07

    A slightly more error-proof method to check for group membership using zero char delimited fixed string grep.

    if id -nGz "$USER" | grep -qzxF "$GROUP"
then
    echo User \`$USER\' belongs to group \`$GROUP\'
else
    echo User \`$USER\' does not belong to group \`$GROUP\'
fi

    or using long opts

    if id --name --groups --zero "$USER" | 
   grep --quiet --null-data --line-regexp --fixed-strings "$GROUP"
then
    echo User \`$USER\' belongs to group \`$GROUP\'
else
    echo User \`$USER\' does not belong to group \`$GROUP\'
fi
    0 讨论(0)
  • 天命终不由人
    2021-01-31 03:11

    You could use groups $username_here | grep -q '\busergroup\b'

    The exitcode will be 0 if a match was found, 1 if no match was found.

    user_in_group()
{
    groups $1 | grep -q "\b$2\b"
}

    you could use this function as user_in_group userfoo groupbar

    0 讨论(0)
 看不清?
提交回复
热议问题