grp – Unix Group Database

Purpose:Read group data from Unix group database.
Available In:1.4 and later

The grp module can be used to read information about Unix groups from the group database (usually /etc/group). The read-only interface returns tuple-like objects with named attributes for the standard fields of a group record.

Index Attribute Meaning
0 gr_name Name
1 gr_passwd Password, if any (encrypted)
2 gr_gid Numerical id (integer)
3 gr_mem Names of group members

The name and password values are both strings, the GID is an integer, and the members are reported as a list of strings.

Querying All Groups

Suppose you need to print a report of all of the “real” groups on a system, including their members (for our purposes, “real” is defined as having a name not starting with “_”). To load the entire password database, you would use getgrall(). The return value is a list with an undefined order, so you probably want to sort it before printing the report.

import grp
import operator

# Load all of the user data, sorted by username
all_groups = grp.getgrall()
interesting_groups = sorted((g 
                            for g in all_groups 
                            if not g.gr_name.startswith('_')),
                            key=operator.attrgetter('gr_name'))

# Find the longest length for the name
name_length = max(len(g.gr_name) for g in interesting_groups) + 1

# Print report headers
fmt = '%-*s %4s %10s %s'
print fmt % (name_length, 'Name', 
             'GID', 
             'Password',
             'Members')
print '-' * name_length, '----', '-' * 10, '-' * 30

# Print the data
for g in interesting_groups:
    print fmt % (name_length, g.gr_name, 
                 g.gr_gid, 
                 g.gr_passwd,
                 ', '.join(g.gr_mem))
$ python grp_getgrall.py

Name                                      GID   Password Members
---------------------------------------- ---- ---------- ------------------------------
accessibility                              90          *
accessibility                              90          *
admin                                      80          * root, dhellmann
admin                                      80          * root
authedusers                                50          *
authedusers                                50          *
bin                                         7          *
bin                                         7          *
certusers                                  29          * root, _jabber, _postfix, _cyrus, _calendar, _dovecot
certusers                                  29          * root, _jabber, _postfix, _cyrus, _calendar, _dovecot
com.apple.access_screensharing            401            dhellmann
com.apple.access_screensharing-disabled   101            dhellmann
com.apple.access_ssh                      102            dhellmann
consoleusers                               53          *
consoleusers                               53          *
daemon                                      1          * root
daemon                                      1          * root
dhellmann                                 501
dialer                                     68          *
dialer                                     68          *
everyone                                   12          *
everyone                                   12          *
group                                      16          *
group                                      16          *
interactusers                              51          *
interactusers                              51          *
kmem                                        2          * root
kmem                                        2          * root
localaccounts                              61          *
localaccounts                              61          *
mail                                        6          * _teamsserver
mail                                        6          * _teamsserver
netaccounts                                62          *
netaccounts                                62          *
netusers                                   52          *
netusers                                   52          *
network                                    69          *
network                                    69          *
nobody                                   4294967294          *
nobody                                   4294967294          *
nogroup                                  4294967295          *
nogroup                                  4294967295          *
operator                                    5          * root
operator                                    5          * root
owner                                      10          *
owner                                      10          *
procmod                                     9          * root
procmod                                     9          * root
procview                                    8          * root
procview                                    8          * root
racemi                                    500            dhellmann
smmsp                                     103          *
staff                                      20          * root
staff                                      20          * root
sys                                         3          * root
sys                                         3          * root
tty                                         4          * root
tty                                         4          * root
utmp                                       45          *
utmp                                       45          *
wheel                                       0          * root
wheel                                       0          * root

Group Memberships for a User

Another common task might be to print a list of all the groups for a given user:

import grp

username = 'dhellmann'
groups = [g.gr_name for g in grp.getgrall() if username in g.gr_mem]
print username, 'belongs to:', ', '.join(groups)
$ python grp_groups_for_user.py

dhellmann belongs to: _lpadmin, admin, com.apple.access_screensharing-disabled, com.apple.access_screensharing, com.apple.access_ssh, racemi

Finding a Group By Name

As with pwd, it is also possible to query for information about a specific group, either by name or numeric id.

import grp

name = 'admin'
info = grp.getgrnam(name)
print 'Name    :', info.gr_name
print 'GID     :', info.gr_gid
print 'Password:', info.gr_passwd
print 'Members :', ', '.join(info.gr_mem)
$ python grp_getgrnam.py

Name    : admin
GID     : 80
Password: *
Members : root, dhellmann

Finding a Group by ID

To identify the group running the current process, combine getgrgid() with os.getgid().

import grp
import os

gid = os.getgid()
group_info = grp.getgrgid(gid)
print 'Currently running with GID=%s name=%s' % (gid, group_info.gr_name)
$ python grp_getgrgid_process.py

Currently running with GID=501 name=dhellmann

And to get the group name based on the permissions on a file, look up the group returned by os.stat().

import grp
import os
import sys

filename = 'grp_getgrgid_fileowner.py'
stat_info = os.stat(filename)
owner = grp.getgrgid(stat_info.st_gid).gr_name

print '%s is owned by %s (%s)' % (filename, owner, stat_info.st_gid)
$ python grp_getgrgid_fileowner.py

grp_getgrgid_fileowner.py is owned by dhellmann (501)

See also

grp
The standard library documentation for this module.
pwd
Read user data from the password database.
spwd
Read user data from the shadow password database.