Creating groups and users

Hi

Could anyone please suggest how we can check in Linux if a user or a group name is already existing? In case of a user the command should also be able to specify the user with a given directory and shell. We can of course check this using a grep command but since that is just a pattern match, is there any better way to do this?

"id <test_id>" will tell you if an id is in service. In the beginning, all IDs were in /etc/passwd in colon-separated text, and all groups were in /etc/group.

Later, to maintain identical values across many systems, NIS and YP (yellow pages) were created to share values across systems in addition to the original files, with presentations like the original files from nispasswd or yppasswd. This was especially necessary with NFS mounts, where the same disk with ID and Group #'s on UFS-like file inodes is on two or more systems. Man Page for yppasswd (all Section 1) - The UNIX and Linux Forums

So, it can be simple, or a little more complex.

getent passwd username

and

getent group groupname

will tell you if the username and groupname are already used.

Replace username and groupname by their numeric id in the previous commands if you want to make sure you won't have id clash.

But my idea too is that 'id' should be a better approach. getent again is a pattern matching thing and could be ambiguous if there are users like test, test1, test2 and we are looking only for test user. Please correct me if i am wrong. I know that giving the correct pattern could be a solution, but the example I have taken is only a simple one. Is 'id' not the surest way to do this as compared to getent, grep etc.?

I'm afraid you are. getent is not pattern matching based but expects complete names or ids. In addition getent can query the group database while id is restricted to the passwd one. The question is also asking how to make sure a group name isn't already used but id can't be used to achieve that task.

I think in case the group id is found, then id returns '0' else its exit status is '1'.

I'm afraid this is incorrect too:

$ grep 131 /etc/group
winbindd_priv:x:131:
$ id winbindd_priv
id: winbindd_priv: No such user
$ echo $?
1
$ id 131
id: 131: No such user
$ echo $?
1
tr ':' ' ' </etc/group | while read g x
do
 if [ "$g" = "$MY_TRIAL_GROUP" ]
 then
   echo "Used: $g $x" >&2
   break
 fi
done

awk might be used too, but this would also miss group entries stored elsewhere than /etc/group.

awk -F: '$1 == "'$MY_TRIAL_GROUP'" {printf("Used: %s\n",$0)}' /etc/group

getent group was designed to avoid this issue, no need to handcraft incomplete solutions.

Command id takes an ID not a Group (although some name them alike, they are two different name spaces). You can get all the IDs of a group with -G as described here: Man Page for id (linux Section 1) - The UNIX and Linux Forums

If you know nis or yp is in use, the data equivalent to /etc/passwd is 'niscat passwd' or 'ypcat passwd'. It includes the local /etc/passwd entries:

$ ypcat passwd|grep -i <my_id>
my_id:MY_ID@this_corp.com:6068:6900:David Pickett|MY_ID:/home_dir_path:/usr/bin/ksh
$

For group, there is 'niscat group' and 'ypcat group'. You can grep for groups and users.

Indeed, that's the reason why I'm suggesting to use getent which can search both the passwd and group database (beyond others).

More precisely, you get all the group IDs of a user with this command, which is not what the OP is asking for.

Are you sure of that ? IMHO, that would be a bug of Linux ypcat if it really does.

That's a strange password field, I would expect "*" there.

But here again, they would likely miss /etc/group entries (at least if they work as specified/documented) and they would definitely miss ldap entries.

which is precisely what the OP wants to avoid.

So, in a positive vein, what is the ldap equivalent of "ypcat passwd" and "ypcat group"? We could pile up all the possibilities inside parens in bash, feeding "| sort -u ".

That would be ldaplist but Linux distributions are lacking this command .
I have found this implementation:
RPM resource ldaplist