列出在特定组中登录的所有用户 [英] List all the users logged in a specific group
问题描述
我是 Linux 和 Unix 的新手.我无法弄清楚如何在 Unix 中列出来自特定组的所有登录用户.
I am new to Linux and Unix. I am not being able to figure out that how to list all the logged in users from a specific group in Unix.
我花了很多时间尝试它.我知道"who "命令为我提供了登录的用户,但我需要按特定组过滤它们.请提供任何帮助和提示.
I spent a lot of time trying it. I know ' who ' command gives me the users logged in but I need to filter them by a specific group. Any help and tips please.
推荐答案
在一般情况下,这是一个痛苦的练习.我已经看到生产中使用的密码和组文件违反逻辑 - 但有效.
In the general case, this is a painful exercise. I've seen password and group files in production use that defy logic — but work.
为了具体的例子,假设您对 student 组的登录成员感兴趣.
For sake of concrete example, let's suppose you're interested in the logged-in members of the group student.
现在,组数据库中的条目(/etc/group 文件,加上网络资源)对于诸如 student 的命名组可能有也可能没有任何成员列出.但这并不一定意味着该组中没有成员.密码数据库中的每个条目(/etc/passwd 文件,加上网络资源)都分配有一个组号,并且该组号可能与 student,在这种情况下,该用户也属于该组.
Now, the entry in the group database (/etc/group file, plus network resources) for a named group such as student may or may not have any members listed. That doesn't necessarily mean there are no members in the group, though. Each entry in the password database (/etc/passwd file, plus network resources) has a group number assigned, and the group number might be the same as the group number for group student, in which case that user belongs to the group too.
然而,我们还没有完成.假设组数据库中的条目为:
However, we're not done yet. Suppose the entry in the group database reads:
student:x:2971:newton,einstein,socrates,plato
组数据库中可能还有其他条目,例如:
There might be other entries in the group database such as:
student_2020:x:2971:able,cain,adam,eve
由于该条目与组 student 使用相同的组号,因此列在 student_2020 条目中的任何人在功能上都是 student 组的成员> — o/s 内核使用编号而不是名称来确定组.
Because this entry uses the same group number as group student, anyone who is listed in the student_2020 entry is functionally a member of group student — the o/s kernel uses the number, not the name, to determine groups.
拆分组文件条目可能有充分的理由;至少从历史上看,如果名称列表太长,某些程序会遇到问题.这是糟糕的编程,但是当系统提供的软件导致崩溃时,您就可以避免触发崩溃.因此有多个条目.
There can be sound reasons for splitting up group file entries; historically at least, some programs ran into problems if the list of names is too long. That's bad programming, but when it is the system-provided software that does the crashing, you avoid triggering the crash. Hence the multiple entries.
对于同一个组名,您可能会得到多个具有不同组号的条目(真是令人困惑!),或者同一个组号有多个名称(如上),或者多个条目具有相同的组号和名称.对于任何给定的姓名或号码所报告的内容,可能会一目了然.
You can end up with multiple entries with different group numbers for the same group name (really confusing!) or with multiple names for the same group number (as above) or with multiple entries with the same group number and name. It can be hit'n'miss as to what gets reported for any given name or number.
您可能会在密码文件中遇到类似的问题.例如,有时使用多个具有相同用户号的用户名来允许多人 root 访问(他们的用户号为 0),但每个人都有一个单独的密码,因此某些跟踪是可行的.然而,现在使用 sudo 通常更好——尽管它并不总是可用.偶尔会出现错误,相同的用户名会出现两次不同的用户号.通常,使用文件中的第一个条目,但它可能会令人困惑(充其量).
You can run into analogous problems in password files. For example, multiple user names all with the same user number is sometimes used to allow multiple people root access (their user number is 0) but each has a separate password so some tracking is feasible. However, it is generally better to use sudo these days — it was not always available, though. Occasionally, there'll be a mistake and the same user name will appear twice with different user numbers. Normally, the first entry in the file is used, but it can be confusing (at best).
然而,目前尚不清楚您可以使用哪些程序来分析这些问题,或者得出关于什么是什么的明确答案.如果您按名称搜索组(C 中的 getgrnam()),那么您通常会得到与该名称匹配的第一个条目(但不一定清楚该条目是来自网络还是本地文件系统).如果您按编号搜索组(C 中的 getgrgid()),那么您通常会得到与该编号匹配的第一个条目.但是,如果您使用 setgrent() 加上重复的 getgrent() 加上 endgrent()(可选)扫描整个数据库,您可能会看到所有各种条目.
However, it is not clear which programs you can use to analyze these issues, or derive a definitive answer about what is what. If you search for the group by name (getgrnam() in C), then you typically get the first entry that matches that name (but it isn't necessarily clear whether that entry came from the network or the local file system). If you search for the group by number (getgrgid() in C), then you typically get the first entry that matches that number. However, if you scan the entire database with setgrent() plus repeated getgrent() plus endgrent() (optional), you might see all sorts of entries.
举个例子,我可以在我的 Mac 上运行这段代码:
As a case in point, I can run this code on my Mac:
#include <grp.h>
#include <stdio.h>
int main(void)
{
struct group *grp;
while ((grp = getgrent()) != 0)
{
printf("%5d %-15s", grp->gr_gid, grp->gr_name);
char **mem = grp->gr_mem;
char *pad = " -- ";
while (*mem != 0)
{
printf("%s%s", pad, *mem++);
pad = ", ";
}
putchar('\n');
}
return(0);
}
当我这样做并通过sort -n管道输出时,我得到(部分):
When I do that and pipe the output through sort -n, I get (in parts):
-2 nobody
-2 nobody
-1 nogroup
-1 nogroup
0 wheel -- root
0 wheel -- root
1 daemon -- root
1 daemon -- root
2 kmem -- root
2 kmem -- root
3 sys -- root
3 sys -- root
4 tty -- root
4 tty -- root
5 operator -- root
5 operator -- root
6 mail -- _teamsserver
6 mail -- _teamsserver
7 bin
7 bin
…
16 group
16 group
20 staff -- root
20 staff -- root, informix, anonymous, supernumerary
24 _networkd
24 _networkd
…
为什么要重复输入?好吧,有一个文件 /etc/group 包含一组条目 — 例如:
Why the double entries? Well, there's a file /etc/group which contains one set of entries — for example:
staff:*:20:root
还有一个数据库,Open Directory,可以查询.实际上,Mac 上 /etc/group 文件的第一行是注释行(其他 o/s 通常不支持注释),内容如下:
There is also a database, Open Directory, that is consulted. Indeed, the first lines of the /etc/group file on a Mac are comment lines (comments are not usually supported on other o/s) that read:
##
# Group Database
#
# Note that this file is consulted directly only when the system is running
# in single-user mode. At other times this information is provided by
# Open Directory.
#
# See the opendirectoryd(8) man page for additional information about
# Open Directory.
##
/etc/passwd 文件的顶部有一个类似的提示.staff 的 Open Directory 条目列出了 3 个额外的用户.奇怪的是,当我运行 id 时,我也在 staff 组中:
There's a similar spiel at the top of the /etc/passwd file. The Open Directory entry for staff lists 3 additional users. What's curious is that when I run id, I'm also in group staff:
uid=501(jleffler) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),204(_developer),399(com.apple.access_ssh),701(com.apple.sharepoint.group.1),100(_lpoperator),702(com.apple.sharepoint.group.2)
我的名字甚至没有列在/etc/passwd中;它只出现在数据库的开放目录部分.
My name isn't even listed in /etc/passwd; it only appears in the Open Directory portion of the database.
而且我的名字只在组数据库中针对组 204 和 399 明确列出;它在密码数据库中被赋予第 20 组;我不确定组 12、61、100、701、702 如何与我的用户 ID 相关联.(我不知道这一点对我来说是个新闻——有时回答一个问题比提问的人更有教育意义.)
And my name is only listed explicitly against groups 204 and 399 in the groups database; it is given group 20 in the password database; I'm not sure how groups 12, 61, 100, 701, 702 are associated with my user ID. (And it is news to me that I don't know this — sometimes answering a question is educational for more people than the one who asked the question.)
因此,正如我在开头所指出的,要找到问题的答案并不容易.
So, as I noted at the start, it is not straight-forward to find the answer to your question.
如果您扫描密码数据库和群组数据库,您可以获得所需信息的合理近似值,但除非您探索平台上的控件,否则您可能永远不会得到完整的答案.
If you scan the password database and groups database, you can get a reasonable approximation to the information you need, but you may never get the full answer unless you explore the controls on your platform.
答案">Abhishek Keshhri 建议有一个(Linux 特定的? - 无论如何不在 macOS 上)命令 getent 可用于分析组数据库(可能还有用户或密码数据库),也许还有其他人).macOS 上有 Open Directory 工具可以分析 macOS 上的密码和组数据库.您不必编写和编译 C 代码(但显示的代码不是火箭科学).
The answer by Abhishek Keshhri suggests there is a (Linux-specific? — not on macOS, anyway) command getent that can be used to analyze the group database (and probably the user or password database, and maybe others too). There are Open Directory tools on macOS to analyze the password and group databases on macOS. You don't have to write and compile C code (but the code shown isn't rocket science).
这篇关于列出在特定组中登录的所有用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
