Retrieving non-/etc/passwd users with Python 3?

Loris Bennett loris.bennett at fu-berlin.de
Thu Apr 1 02:46:10 EDT 2021 

Christian Heimes <christian at python.org> writes:

> On 31/03/2021 14.45, Loris Bennett wrote:
>> Chris Angelico <rosuav at gmail.com> writes:
>> 
>>> On Wed, Mar 31, 2021 at 11:21 PM Loris Bennett
>>> <loris.bennett at fu-berlin.de> wrote:
>>>>
>>>> Hi,
>>>>
>>>> I want to get a list of users on a Linux system using Python 3.6.  All
>>>> the users I am interested in are just available via LDAP and are not in
>>>> /etc/passwd.  Thus, in a bash shell I can use 'getent' to display them.
>>>>
>>>> When I try to install the PyPi package
>>>>
>>>>   getent
>>>>
>>>> I get the error
>>>>
>>>>     File "/tmp/pip-build-vu4lziex/getent/setup.py", line 9, in <module>
>>>>       long_description = file('README.rst').read(),
>>>>   NameError: name 'file' is not defined
>>>>
>>>> I duckduckwent a bit and the problem seems to be that 'file' from Python
>>>> 2 has been replaced by 'open' in Python 3.
>>>>
>>>> So what's the standard way of getting a list of users in this case?
>>>>
>>>
>>> I don't have LDAP experience so I don't know for sure, but is the
>>> stdlib "pwd" module suitable, or does it only read /etc/passwd?
>>>
>>> https://docs.python.org/3/library/pwd.html
>>>
>>> Failing that, one option - and not as bad as you might think - is
>>> simply to run getent using the subprocess module, and parse its
>>> output. Sometimes that's easier than finding (or porting!) a library.
>> 
>> D'oh!  Thanks, 'pwd' is indeed exactly what I need.  When I read the
>> documentation here
>> 
>>   https://docs.python.org/3.6/library/pwd.html 
>> 
>> I mistakenly got the impression that it was only going to give me the
>> local users.  It doesn't actually say that, but it mentions /etc/shadow
>> and not getent.  However, it does talk about the "account and password
>> database", which is a clue (although our passwords are on an other
>> system entirely), since "database" is more getent terminology.
>> 
>> In any case, I think 'pwd' is hiding its light under a bushel a bit
>> here.
>
> Please open a documentation bug :)

I'll have a look :)

> The pwd and grp module use the libc API to get users from the local
> account database. On Linux and glibc the account database is handled by
> NSS and nsswitch.conf.
>
> By the way I recommend that you use SSSD instead of talking to LDAP
> directly. You'll have a much more pleasant experience.

Yes, we do use SSSD, but my grasp of what it does is pretty much limited
to "as well as looking at the local /etc/passwd it can also talk to
LDAP" :/

Cheers,

Loris

-- 
This signature is currently under construction.

More information about the Python-list mailing list