Skip to main content
I am using UV 11.3.3 on RHEL7 for this investigation.
I am trying to resolve the logged in user's group numbers into group names.

The BASIC SYSTEM() function has a number of options to get a user's group details:
  • SYSTEM(29) returns the current "gid" - as a group number
  • SYSTEM(30) returns the effective "gid" - as a group number
  • SYSTEM(1017) returns  the user's supplemental groups - as a dynamic array of group names
  • SYSTEM(1403) returns all the local system groups - as a dynamic array of group names
Having access to the user' supplemental groups makes it possible to establish security controls for parts of the application.
Basing such controls on the group id rather than the name would make the security setup un-portable as there is always the possibility that the group ids will change on different systems.

I have not found a system function that returns the group id and group name together.

I can execute SH -c "id -gn" in order to get the user's primary group name.
I can execute SH -c "id" in order to get a messy but parse-able string of group numbers and names.
Both require that the output be captured and interpreted.
There is the option of reading and parsing the /etc/group file via OPENSEQ/READSEQ, or even a simple SH -c "cat /etc/group", but given there are already functions that are returning part of the contents it would seem an unnecessary overhead.

It seems a bit weird that there are system functions to get the names of the groups but not both the id and name combined.

Is anyone aware of a hidden function or system call that does return the combination of group id and name?



------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------
I am using UV 11.3.3 on RHEL7 for this investigation.
I am trying to resolve the logged in user's group numbers into group names.

The BASIC SYSTEM() function has a number of options to get a user's group details:
  • SYSTEM(29) returns the current "gid" - as a group number
  • SYSTEM(30) returns the effective "gid" - as a group number
  • SYSTEM(1017) returns  the user's supplemental groups - as a dynamic array of group names
  • SYSTEM(1403) returns all the local system groups - as a dynamic array of group names
Having access to the user' supplemental groups makes it possible to establish security controls for parts of the application.
Basing such controls on the group id rather than the name would make the security setup un-portable as there is always the possibility that the group ids will change on different systems.

I have not found a system function that returns the group id and group name together.

I can execute SH -c "id -gn" in order to get the user's primary group name.
I can execute SH -c "id" in order to get a messy but parse-able string of group numbers and names.
Both require that the output be captured and interpreted.
There is the option of reading and parsing the /etc/group file via OPENSEQ/READSEQ, or even a simple SH -c "cat /etc/group", but given there are already functions that are returning part of the contents it would seem an unnecessary overhead.

It seems a bit weird that there are system functions to get the names of the groups but not both the id and name combined.

Is anyone aware of a hidden function or system call that does return the combination of group id and name?



------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------

Not much better than your suggestions (and sorry, I don't know of a UV place where this is stored), but you could run both the id -G and id-Gn so you get a little easier list of group ids to group names.  This wouldn't be too costly if you used named common to store the data you need and built a routine around getting this info for ease of access/use.

sh -c "id -G && id -Gn"


------------------------------
Ryan Ladd
------------------------------

Not much better than your suggestions (and sorry, I don't know of a UV place where this is stored), but you could run both the id -G and id-Gn so you get a little easier list of group ids to group names.  This wouldn't be too costly if you used named common to store the data you need and built a routine around getting this info for ease of access/use.

sh -c "id -G && id -Gn"


------------------------------
Ryan Ladd
------------------------------
I was incorrect in my original post when I wrote this:
  • SYSTEM(1017) returns  the user's supplemental groups - as a dynamic array of group names
That is because the function actually returns the group Numbers not the names.

@Ryan Ladd - I did experiment with parsing the id command output. This is the test script I created to record a user's group numbers and names into files in a directory (thinking that a type-19 file could act as a happy conduit between unix scripting output and BASIC program access).

#/bin/bash
echo "parsing 'id'"
full_id=$(id)
groups_id=${full_id##*=}
IFS=',' read -r -a group_arr <<< "${groups_id}"
for grp_index in "${!group_arr[@]}"; do
    group_no=${group_arr[grp_index]%%\\(*}
    group_na=${group_arr[grp_index]#*\\(}
    echo -e "${group_na::-1}\\n$(date --utc +'%F %T %z')" > mygroups/${group_no}
done

Then I thought abut the on-going overhead and performance impact of having to do this, and stopped.

I think my approach now will be to have the setup process capture the group names (working on the basis that the group name-to-number association is unlikely to change very frequently), and use the following command to identify the group number:

SH -c 'getent group "{group_name}"'

This will return a line like this: {group_name}:*:123456789012:

The 3rd field is the group number, and that can be stored in the setups.

The SYSTEM(1017) returns a dynamic array of the user's groups, and it does not involve any parsing of os level files so there is minimal impact in obtaining the data. A simple LOCATE for the group number within the returned dynamic array will determine if the user has the appropriate group membership.



------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------
I was incorrect in my original post when I wrote this:
  • SYSTEM(1017) returns  the user's supplemental groups - as a dynamic array of group names
That is because the function actually returns the group Numbers not the names.

@Ryan Ladd - I did experiment with parsing the id command output. This is the test script I created to record a user's group numbers and names into files in a directory (thinking that a type-19 file could act as a happy conduit between unix scripting output and BASIC program access).

#/bin/bash
echo "parsing 'id'"
full_id=$(id)
groups_id=${full_id##*=}
IFS=',' read -r -a group_arr <<< "${groups_id}"
for grp_index in "${!group_arr[@]}"; do
    group_no=${group_arr[grp_index]%%\\(*}
    group_na=${group_arr[grp_index]#*\\(}
    echo -e "${group_na::-1}\\n$(date --utc +'%F %T %z')" > mygroups/${group_no}
done

Then I thought abut the on-going overhead and performance impact of having to do this, and stopped.

I think my approach now will be to have the setup process capture the group names (working on the basis that the group name-to-number association is unlikely to change very frequently), and use the following command to identify the group number:

SH -c 'getent group "{group_name}"'

This will return a line like this: {group_name}:*:123456789012:

The 3rd field is the group number, and that can be stored in the setups.

The SYSTEM(1017) returns a dynamic array of the user's groups, and it does not involve any parsing of os level files so there is minimal impact in obtaining the data. A simple LOCATE for the group number within the returned dynamic array will determine if the user has the appropriate group membership.



------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------
Ryan,

It would be better solved using python. You can call python as a subroutine in Basic. Python can easily report the group number of a group. Check out the python module 'grp' that comes with the standard UV python modules.

You may want to also consider caching the group data in a UV file that is accessible to your users. Try reading the group number from the file, if it fails call the python routine. This should improve overall performance. Although I've noticed the python/Basic performance is pretty good to start with.

------------------------------
Jon Kristofferson
Pick Programmer
JonKristofferson.com
Elgin IL United States
------------------------------
Ryan,

It would be better solved using python. You can call python as a subroutine in Basic. Python can easily report the group number of a group. Check out the python module 'grp' that comes with the standard UV python modules.

You may want to also consider caching the group data in a UV file that is accessible to your users. Try reading the group number from the file, if it fails call the python routine. This should improve overall performance. Although I've noticed the python/Basic performance is pretty good to start with.

------------------------------
Jon Kristofferson
Pick Programmer
JonKristofferson.com
Elgin IL United States
------------------------------
Great suggestion @Jon Kristofferson

The use of python would avoid the overhead of shelling out and running the getent command.


------------------------------
Gregor Scott
Software Architect
Pentana Solutions Pty Ltd
Mount Waverley VIC Australia
------------------------------
Terms & ConditionsAccessibility statement