# [SOLVED] How to clean up /etc/group?

## charles17

Just realized my /etc/group and /etc/group- is full of entries from programs unmerged long time ago.

Is there a tool for checking which entries are still needed?Last edited by charles17 on Thu Sep 14, 2017 3:50 pm; edited 1 time in total

----------

## chiefbag

You could check what groups are there without corresponding users which might narrow things down a bit.

Something like the below script may help.

```
#!/bin/bash

cat /etc/group | grep -v "sys" | grep -v "tty" | grep -v "disk" | grep -v "mem" | grep -v "kmem" | grep -v "wheel" | grep -v "floppy" | grep -v "console" | grep -v "audio" | grep -v "cdrom" | grep -v "tape" | grep -v "video" | grep -v "cdrw" | grep -v "usb" | grep -v "users" | grep -v "utmp" | grep -v "nogroup" | awk -F ':' '{print$1}' | while read LINE;

do

GROUP=$( cat /etc/passwd | awk -F ':' '{print$1}' | grep "$LINE" | wc -l ) 

if [ "$GROUP" -eq 0 ];

then

echo "No user for group \"$LINE\""

fi 

done
```

----------

## charles17

I'll simplify the usage of grep like:

```
#!/bin/bash

cat /etc/group | grep -vE 'sys|tty|disk|mem|kmem|wheel|floppy|console|audio|cdrom|tape|video|cdrw|usb|users|utmp|nogroup' | awk -F ':' '{print$1}' | while read LINE;

do

GROUP=$( cat /etc/passwd | awk -F ':' '{print$1}' | grep "$LINE" | wc -l )

if [ "$GROUP" -eq 0 ];

then

echo "No user for group \"$LINE\""

fi

done
```

And it works.  Result is:

```
No user for group "dialout"

No user for group "nofiles"

No user for group "plugdev"

No user for group "lpadmin"

No user for group "ssmtp"

No user for group "realtime"

No user for group "pulse-access"

No user for group "openct"

No user for group "lock"

No user for group "netdev"

No user for group "scanner"

No user for group "input"

No user for group "vlock"
```

Some of them are in my own user:

```
wheel

uucp

audio

cdrom

dialout

video

games

cdrw

usb

users

portage

vlock

scanner

charies17

plugdev
```

So how to find out for which program a group or a user has been created?

----------

## fedeliallalinea

 *charles17 wrote:*   

> So how to find out for which program a group or a user has been created?

 

You can search in ebuild

```
grep -r "enewgroup <group_name_you_want_search>" /usr/portage/* --include=*.ebuild
```

a problem is that sometimes group name have ${PN} variable

----------

## charles17

With your help I could finally groupdel / userdel some outdated entries from /etc/group

Remaining question: 

```
bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon

sys:x:3:root,bin,adm

adm:x:4:root,adm,daemon

disk:x:6:root,adm
```

adm and daemon, couldn't find them in the ebuilds.  What could they be good for?

----------

## chiefbag

There is some information on groups here from Arch, don't see anything on Gentoo WiKi

https://wiki.archlinux.org/index.php/users_and_groups

----------

## charles17

Thanks for the link.  As in so many cases, Arch has good information.

----------

## mike155

 *Quote:*   

> As in so many cases, Arch has good information.

 

Gentoo once had excellent documentation as well... One day, everything was destroyed - and we never fully recovered from that incident.

----------

## mike155

Below is the contents of /etc/group from stage 3 tarball. I would hesitate to delete any of those groups.

```
root:x:0:root

bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon

sys:x:3:root,bin,adm

adm:x:4:root,adm,daemon

tty:x:5:

disk:x:6:root,adm

lp:x:7:lp

mem:x:8:

kmem:x:9:

wheel:x:10:root

floppy:x:11:root

news:x:13:news

uucp:x:14:uucp

console:x:17:

audio:x:18:

cdrom:x:19:

dialout:x:20:

tape:x:26:root

video:x:27:root

cdrw:x:80:

usb:x:85:

input:x:97:

users:x:100:

portage:x:250:portage

utmp:x:406:

nogroup:x:65533:

nobody:x:65534:

sshd:x:22:

man:x:15:

```

----------

## Hu

 *charles17 wrote:*   

> I'll simplify the usage of grep like:

 I'll simplify it further.  :Smile: 

```
#!/bin/bash

gawk -F: '! /sys|tty|disk|mem|kmem|wheel|floppy|console|audio|cdrom|tape|video|cdrw|usb|users|utmp|nogroup/ {print $1}' < /etc/group | while read LINE;

do

gawk -F: -v "LINE=$LINE" -v r=1 '$1 == LINE {r=0} END {exit r}'

if [[ $? -eq 1 ]];

# ... rest unchanged

```

This improves upon the original script in the following ways:No more Useless Use Of Cat.No need to use a separate grep to filter fields that will also be run through a gawk.No sensitivity to names with special characters (which should not apply here, but it's good practice to avoid the problem).

----------

