9

In various shell scripts I often see two approaches for getting information from databases supported by Name Service Switch libraries like /etc/group, /etc/hosts or /etc/services. One is getent utility and other is grep or some other text processing tool. For example:

root@fw-test:~# getent passwd root root:x:0:0:root:/root:/bin/bash root@fw-test:~# root@fw-test:~# grep root /etc/passwd root:x:0:0:root:/root:/bin/bash root@fw-test:~#

..or:

root@fw-test:~# getent hosts www.blah.com 189.113.174.199 www.blah.com root@fw-test:~# root@fw-test:~# host www.blah.com www.blah.com has address 189.113.174.199 root@fw-test:~#

Which of those two approaches above should be used in scripts? I mean is one of the solutions more elegant or standard than the other?

Improve this question
1
  • At the command line on a nearly fresh install of Fedora Silverblue 37, cat /etc/passwd shows one entry (me) while getent passwd shows maybe 30 users. Same with getent group. Probably this means the command line I'm using is actually running in a container? That would fit with the Silverblue theme. getent must be more globally aware (such as querying the host os?) while /etc/passwd seems to be more local (to the container?). If you're picking a uid for running other containers, getent is what you need to use. Commented Jan 20, 2023 at 13:21

2 Answers 2

Reset to default
9

A lot of this will come down to factors stemming from the specific environment you're in, but I prefer the getent method because it looks up external users as well as local users. Specifically, it will look up the LDAP users in my environment from the LDAP server, whereas a cat /etc/passwd or similar has no idea my LDAP server even exists, much less has valid users on it. If all your users are always local, getent doesn't really buy you much aside from "no need to rewrite if we add an LDAP server in 10 years".

Improve this answer
7

The getent approach would be more compatible and preferable. Those files (/etc/group, /etc/hosts, /etc/services, /etc/passwd, ...) are not always in /etc they could also be, depending on the operating system you're on, in other places. getent would anyway find the entries (if it's on the system).

Also as @John stated, getent searches trough all configured nsswitch databases. Even if you have (multiple) external sources connected, where your users are authenticated with or name resolutions via DNS-servers and so on. getent therefore is slower, because every lookup must go trough all databases.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.