etc_group

Use the etc_group InSpec audit resource to test groups that are defined on Linux and Unix platforms. The /etc/group file stores details about each group: group name, password, group identifier, along with a comma-separate list of users that belong to the group.


Availability

Installation

This resource is distributed along with InSpec itself. You can use it automatically.

Version

This resource first became available in v1.0.0 of InSpec.

Syntax

A etc_group resource block declares a collection of properties to be tested:

describe etc_group('path') do
  its('property') { should eq 'some_value' }
end

or:

describe etc_group.where(item: 'value', item: 'value') do
  its('gids') { should_not contain_duplicates }
  its('groups') { should include 'user_name' }
  its('users') { should include 'user_name' }
end

where

  • ('path') is the non-default path to the inetd.conf file
  • .where() filters for a specific item and value, to which the parameter are compared
  • .where filter may be one or more of:
    • name: 'name', group_name: 'group_name', password: 'password', gid: 'gid', group_id: 'gid', users: 'user_name', members: 'member_name'

Properties

  • 'gids', 'groups', and 'users' are valid resource parameters for this resource.


Examples

The following examples show how to use this InSpec audit resource.

Test group identifiers (GIDs) for duplicates

describe etc_group do
  its('gids') { should_not contain_duplicates }
end

Test all groups to see if a specific user belongs to one (or more) groups

describe etc_group do
  its('groups') { should include 'my_group' }
end

Test all groups for a specific user name

describe etc_group do
  its('users') { should include 'my_user' }
end

Filter a list of groups for a specific user

describe etc_group.where(name: 'my_group') do
  its('users') { should include 'my_user' }
end


Matchers

For a full list of available matchers, please visit our matchers page.