Check if a user is in a group

I have a server running where I use php to run a bash script to verify certain information of a user. For example, I have a webhosting server set up, and in order to be able to add another domain to their account I want to verify if the user is actually a member of the 'customers' group. What would be the best way to do this?

I have searched google, but all it comes up with is ways to check whether a user or a group exists, so google is not being a big help right now.

if id -nG "$USER" | grep -qw "$GROUP"; then
    echo $USER belongs to $GROUP
else
    echo $USER does not belong to $GROUP
fi

Explanation:

1. id -nG $USER shows the group names a user belongs to.
2. grep -qw $GROUP checks silently if $GROUP as a whole word is present in the input.

Try doing this :

username=ANY_USERNAME
if getent group customers | grep -q "\b${username}\b"; then
    echo true
else
    echo false
fi

or

username=ANY_USERNAME
if groups $username | grep -q '\bcustomers\b'; then
    echo true
else
    echo false
fi

A slightly more error-proof method to check for group membership using zero char delimited fixed string grep.

if id -nGz "$USER" | grep -qzxF "$GROUP"
then
    echo User \`$USER\' belongs to group \`$GROUP\'
else
    echo User \`$USER\' does not belong to group \`$GROUP\'
fi

or using long opts

if id --name --groups --zero "$USER" | 
   grep --quiet --null-data --line-regexp --fixed-strings "$GROUP"
then
    echo User \`$USER\' belongs to group \`$GROUP\'
else
    echo User \`$USER\' does not belong to group \`$GROUP\'
fi

I know this is probably old thread but just in case this also works well:

id -Gn "username"|grep -c "groupname"

if any number > 0 is returned then user is a member of that group.

You could use groups $username_here | grep -q '\busergroup\b'

The exitcode will be 0 if a match was found, 1 if no match was found.

user_in_group()
{
    groups $1 | grep -q "\b$2\b"
}

you could use this function as user_in_group userfoo groupbar

For all those golf fans out there:

ingroup(){ [[ " `id -Gn $2` " == *" $1 "* ]]; }

Usage: ingroup group [user]

Example:

if ingroup video; then
  echo 'Enjoy the show!'
fi

TL;DR The point is I have taken advantage of the built in globbing in order to find the substring.

Edit: Thanks to @Anthony Geoghegan for the id -Gn tip.

Using the zero delimiter to split by lines:

id -nGz user | tr '\0' '\n' | grep '^group$'

A while ago, I wrote a shell function to check if a user is a member of a group. To maximise portability, I wanted it be POSIX-compatible (while this question is tagged as bash, this function will still work). For performance, I wanted to use builtin shell features as much as possible: the only external command it uses is id, the POSIX-standardised utility for getting data about a user’s identity.

is_in_group()
{
  groupname="$1"
  # The second argument is optional -- defaults to current user.
  current_user="$(id -un)"
  user="${2:-$current_user}"
  for group in $(id -Gn "$user") ; do
    if [ "$group" = "$groupname" ]; then
      return 0
    fi
  done
  # If it reaches this point, the user is not in the group.
  return 1
}

Example usage to test both positive and negative cases – and ensure it handles a non-existent username gracefully:

g=mail
userlist="anthony postfix xxx"
for u in $userlist; do
  if is_in_group "$g" "$u"; then
    printf "%s is in ‘%s’\n" "$u" "$g"
  else
    printf "%s is NOT in ‘%s’\n" "$u" "$g"
  fi
done

Running the above command prints the following output:

anthony is NOT in ‘mail’
postfix is in ‘mail’
id: ‘xxx’: no such user
xxx is NOT in ‘mail’

---

It hasn’t been tested for the case where a group or user has a space or other unusual characters in their name but some research shows that such names are not legal: the POSIX Base Definition for Group Name states that

> To be portable across conforming systems, the value is composed of > characters from the portable filename character set.

The Portable Filename Character Set is specified as the alphanumeric characters, A-Z, a-z, 0-9 along with the period, underscore, and hyphen-minus characters.

Sounds like an another answer:

username='myuser'
if grep -q -E "^customers:.*[:,]$username(,.*|\b)" /etc/group; then
    echo 'true'
else
    echo 'false'
fi

As reported by sputnick the output of the groups command may depend on your OS. I am not sure how this code is going to perform, but most probably it will do better.

username='myuser'
if groups "$username" | grep -q -E ' customers(\s|$)'; then
    echo 'yes'
else
    echo 'no'
fi

I have to clear one thing: groups will probably return something like this:

myuser : cdrom floppy sudo audio dip video plugdev fuse

But there is one cornercase when your user is named customers:

customers : cdrom floppy sudo audio dip video plugdev fuse

For example, \bcustomers\b pattern is going to find the username, not the group. So you have to make sure that it is not the first word in the output.

Also, another good regexp is:

grep -q ' customers\b'

My version not relying on grep.

First parameter (mandatory): group
Second parameter (optional, defaults to current user)

isInGroup(){
   group="$1"
   user="${2:-$(whoami)}"
   ret=false 
   for x in $(groups "$user" |sed "s/.*://g")
   do [[ "$x" == "$group" ]] && { ret=true ; break ; }
   done
   eval "$ret"
}

Bash single line:

[[ " $(groups) " =~ ' spark ' ]] && echo 'Is in group'

Bash multi line:

if [[ " $(groups) " =~ ' spark ' ]]; then
    echo 'Is in group'
fi

Here's mine.

First the long version

#!/bin/bash
if [[ $# -eq 0 ]]
then
  echo "Usage: $0 [-v] user group"
  echo ""
  echo "  -v verbose. Outputs a sentence for humans."
  echo ""
  echo "Example:"
  echo ""
  echo "  ingroup wilma sudo && echo Wilma has superpowers"
  exit 2
fi

if [[ "$1" == "-v" ]]
then
  verbose=1
  shift
fi

user=$1
grp=$2
# Get groups output
grps=$(groups $user)
# Create a regexp. Note that we must create the regexp in a var
# because it's the only way to allow for spaces in the regexp.
# Strangely we provide this var unquoted when using it; even 
# though it has spaces.
re="^.*:.* $2 "
if [[ "$grps" =~ $re ]]
then
  [[ -n "$verbose" ]] && echo "$user is in group $grp"
  # Success error code
  exit 0
else
  [[ -n "$verbose" ]] && echo "$user is not in group $grp"
  # Fail error code
  exit 1
fi

Want a shorter version as a function?

ingroup() {
  re="^.*:.* $2 "
  [[ "$(groups $1) " =~ $re ]] || return 1
}

Tests

# Basic positive test
$ ingroup -v wilma sudo && echo 'and therefore is cool'
wilma is in group sudo
and therefore is cool

# Basic negative test
$ ingroup -v wilma myprivateclub || echo 'sorry bout that'
wilma is not in group sudo
sorry bout that

# Test with hyphens in the group name
$ ingroup -v wilma systemd-journal
wilma is in group systemd-journal

# If the group does not exist, it's a negative
$ ingroup -v wilma somewronggroup
wilma is not in group somewronggroup