Check group membership for a Linux user using Java

Question

Hi I can\'t figure out how to verify if a user belong to one o more group under Linux os using java 7 nio library.

Can anyone help me about this issue?

Answer 1

I do not think that reading local /etc/passwd or /etc/group could be good idea, because nis/ldap/ipa/pam can introduce other sources of infromation about group membership. So, it depends on you environment and some other details. E.g.:

Groups for logged in (current) user

  com.sun.security.auth.module.UnixSystem().getGroups()

Hadoop

  org.apache.hadoop.security.UserGroupInformation.getBestUGI(null,"root").getGroupNames()

If neither is you case

You can create jna wrapper for getgroups(2).

Or improve UnixSystem and Java_com_sun_security_auth_module_UnixSystem_getUnixInfo from jdk to take user id/name parameter.

Or rewrite some implementation of org.apache.hadoop.security.GroupMappingServiceProvider interface to not depend on hadoop environment.

Answer 2

You can try to read the file /etc/group.

I have developed a class to easily query this file:

public class UserInfo {

    public UserInfo() throws FileNotFoundException, IOException {
        this.group2users = new HashMap<>();

        FileReader fileReader = new FileReader(groupsFilePath);
        BufferedReader groupsReader = new BufferedReader(fileReader);
        while(groupsReader.ready())
        {
            try
            {
                String line = groupsReader.readLine();
                String [] tokens = line.split(":");
                String groupName = tokens[0];
                Set<String> users = group2users.get(groupName);
                if(users == null)
                {
                    users = new HashSet<String>();
                    group2users.put(groupName, users);
                }
                if(tokens.length>3)
                {
                    for(String uStr: tokens[3].split(","))
                        users.add(uStr);
                }
            } catch (Exception e) { continue; }
        }
        groupsReader.close();
        fileReader.close();
    }

    public boolean belongs2group(String user, String group)
    {
        Set<String> groupRef = group2users.get(group);
        if(groupRef == null) return false;
        return groupRef.contains(user);
    }

    private String groupsFilePath = "/etc/group";
    private Map<String, Set<String>> group2users;

}

This code maps the /etc/group file and keep a map of groups-their users set. I have developed just one query method (belongs2group) but it is fairly easy to add methods to list all groups and/or all users.

This code is written using the old-fashioned-mainstream java io-api but I think it can be easily adapted to nio. Let me know if you need me to complete that step.