Linux Groups – administration tables
Red Hat Enterprise Linux 7.9
Shell = sh
When I execute …
getent group <group-name> — command 1
>>> getent group grp1 grp1:VAS:67458 usr3,usr2,usr1 >>> groups usr4 usr4: unixuser grp1 >>> getent group grp1 grp1:VAS:67458 usr4,usr3,usr2,usr1
result is not up to date, certain users are missing from the response.
When I execute …
groups <user-name> — command 2
it returns the correct groups the user is a member of and command 1 now includes this user in the group from the
getent command that was previously missing
Please help me understand what is going on and if there is a better way to list the members of a given unix group.
The commands you are using are fine from a linux perspective. But what’s happening here is that linux doesn’t know about
usr4 or their groups until prompted to go find it with
Your system is configured to use nisplus in
nsswitch.conf, this means that there is a database on another machine which stores users and groups. Such bridges virtually never involve copying the entire database onto your local unix machine, especially because some directory servers can hold thousands of users.
So what happens is that
groups usr4 triggers nisplus to go and search for user
usr4 and evaluate their groups. This updates a local cache of the information updating the information for the subsequent
getent group grp1.
getent group grp1 doesn’t trigger nisplus to discover every possible user on the directory server in that group. That operation could be extremely costly and pull back thousands of users.
Unfortunately, your only option will be to interrogate the remote server (AD server) or ask the sys admins to look for you.
If you have LDAP access on the remote directory server then you may be able to construct an ldap query and use openldap or similar to run the query.