Retrieving non-/etc/passwd users with Python 3?
Christian Heimes
christian at python.org
Wed Mar 31 10:24:43 EDT 2021
On 31/03/2021 14.45, Loris Bennett wrote:
> Chris Angelico <rosuav at gmail.com> writes:
>
>> On Wed, Mar 31, 2021 at 11:21 PM Loris Bennett
>> <loris.bennett at fu-berlin.de> wrote:
>>>
>>> Hi,
>>>
>>> I want to get a list of users on a Linux system using Python 3.6. All
>>> the users I am interested in are just available via LDAP and are not in
>>> /etc/passwd. Thus, in a bash shell I can use 'getent' to display them.
>>>
>>> When I try to install the PyPi package
>>>
>>> getent
>>>
>>> I get the error
>>>
>>> File "/tmp/pip-build-vu4lziex/getent/setup.py", line 9, in <module>
>>> long_description = file('README.rst').read(),
>>> NameError: name 'file' is not defined
>>>
>>> I duckduckwent a bit and the problem seems to be that 'file' from Python
>>> 2 has been replaced by 'open' in Python 3.
>>>
>>> So what's the standard way of getting a list of users in this case?
>>>
>>
>> I don't have LDAP experience so I don't know for sure, but is the
>> stdlib "pwd" module suitable, or does it only read /etc/passwd?
>>
>> https://docs.python.org/3/library/pwd.html
>>
>> Failing that, one option - and not as bad as you might think - is
>> simply to run getent using the subprocess module, and parse its
>> output. Sometimes that's easier than finding (or porting!) a library.
>
> D'oh! Thanks, 'pwd' is indeed exactly what I need. When I read the
> documentation here
>
> https://docs.python.org/3.6/library/pwd.html
>
> I mistakenly got the impression that it was only going to give me the
> local users. It doesn't actually say that, but it mentions /etc/shadow
> and not getent. However, it does talk about the "account and password
> database", which is a clue (although our passwords are on an other
> system entirely), since "database" is more getent terminology.
>
> In any case, I think 'pwd' is hiding its light under a bushel a bit
> here.
Please open a documentation bug :)
The pwd and grp module use the libc API to get users from the local
account database. On Linux and glibc the account database is handled by
NSS and nsswitch.conf.
By the way I recommend that you use SSSD instead of talking to LDAP
directly. You'll have a much more pleasant experience.
Christian
More information about the Python-list
mailing list