🐛 Fetch primary group members from /etc/passwd (#5458)

jaym · web-flow · commit dfcf0353709f · 2025-04-15T14:44:36.000-06:00
The primary group for a user isn't in /etc/group https://askubuntu.com/questions/1373865/etc-group-why-the-username-does-not-appear-in-its-own-primary-group
diff --git a/providers/os/resources/groups/etcgroups.go b/providers/os/resources/groups/etcgroups.go
@@ -5,12 +5,17 @@ package groups
 
 import (
 	"bufio"
+	"errors"
 	"io"
 	"strconv"
 	"strings"
 
+	"slices"
+
 	"github.com/rs/zerolog/log"
 	"go.mondoo.com/cnquery/v11/providers/os/connection/shared"
+	"go.mondoo.com/cnquery/v11/providers/os/resources/users"
+	"go.mondoo.com/cnquery/v11/utils/multierr"
 )
 
 // a good description of this file is available at:
@@ -77,7 +82,40 @@ func (s *UnixGroupManager) List() ([]*Group, error) {
 	if err != nil {
 		return nil, err
 	}
-
 	defer f.Close()
-	return ParseEtcGroup(f)
+
+	groups, err := ParseEtcGroup(f)
+	if err != nil {
+		return nil, multierr.Wrap(err, "could not parse /etc/group")
+	}
+
+	um, err := users.ResolveManager(s.conn)
+	if err != nil {
+		return nil, multierr.Wrap(err, "cannot resolve users manager")
+	}
+	if um == nil {
+		return nil, errors.New("cannot find users manager")
+	}
+
+	groupsByGid := map[int64]*Group{}
+	for i := range groups {
+		g := groups[i]
+		groupsByGid[g.Gid] = g
+	}
+
+	users, err := um.List()
+	if err != nil {
+		return nil, multierr.Wrap(err, "could not retrieve users list")
+	}
+
+	for _, u := range users {
+		if g, ok := groupsByGid[u.Gid]; ok {
+			if slices.Contains(g.Members, u.Name) {
+				continue
+			}
+			g.Members = append(g.Members, u.Name)
+		}
+	}
+
+	return groups, nil
 }
diff --git a/providers/os/resources/groups/etcgroups_test.go b/providers/os/resources/groups/etcgroups_test.go
@@ -1,15 +1,15 @@
 // Copyright (c) Mondoo, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package groups_test
+package groups
 
 import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v11/providers/os/connection/mock"
-	"go.mondoo.com/cnquery/v11/providers/os/resources/groups"
 )
 
 func TestParseLinuxEtcGroups(t *testing.T) {
@@ -24,7 +24,7 @@ func TestParseLinuxEtcGroups(t *testing.T) {
 	assert.Nil(t, err)
 	defer f.Close()
 
-	m, err := groups.ParseEtcGroup(f)
+	m, err := ParseEtcGroup(f)
 	assert.Nil(t, err)
 	assert.Equal(t, 23, len(m), "detected the right amount of services")
 
@@ -53,7 +53,7 @@ func TestParseFreebsd12EtcGroups(t *testing.T) {
 	assert.Nil(t, err)
 	defer f.Close()
 
-	m, err := groups.ParseEtcGroup(f)
+	m, err := ParseEtcGroup(f)
 	assert.Nil(t, err)
 	assert.Equal(t, 36, len(m), "detected the right amount of services")
 
@@ -69,3 +69,32 @@ func TestParseFreebsd12EtcGroups(t *testing.T) {
 	assert.Equal(t, "", m[35].Sid, "detected sid")
 	assert.Equal(t, []string{}, m[35].Members, "user description")
 }
+
+func TestUnixGroupManager(t *testing.T) {
+	mock, err := mock.New(0, "./testdata/debian.toml", &inventory.Asset{
+		Platform: &inventory.Platform{
+			Family: []string{"unix"},
+		},
+	})
+	require.NoError(t, err)
+	gm := &UnixGroupManager{
+		conn: mock,
+	}
+
+	groups, err := gm.List()
+	require.NoError(t, err)
+
+	var vagrantGroup *Group
+	for _, g := range groups {
+		if g.Name == "vagrant" {
+			vagrantGroup = g
+			break
+		}
+	}
+
+	require.NotNil(t, vagrantGroup)
+	assert.Equal(t, "vagrant", vagrantGroup.Name)
+	assert.Equal(t, int64(1000), vagrantGroup.Gid)
+	assert.Equal(t, "1000", vagrantGroup.ID)
+	assert.Equal(t, []string{"vagrant"}, vagrantGroup.Members)
+}
diff --git a/providers/os/resources/groups/manager_test.go b/providers/os/resources/groups/manager_test.go
@@ -30,7 +30,7 @@ func TestManagerDebian(t *testing.T) {
 	assert.Equal(t, "0", grp.ID)
 	assert.Equal(t, int64(0), grp.Gid)
 	assert.Equal(t, "root", grp.Name)
-	assert.Equal(t, []string{}, grp.Members)
+	assert.Equal(t, []string{"root", "sync", "shutdown", "halt", "operator"}, grp.Members)
 
 	assert.Equal(t, 23, len(groupList))
 }
diff --git a/providers/os/resources/groups/testdata/debian.toml b/providers/os/resources/groups/testdata/debian.toml
@@ -23,6 +23,22 @@ dbus:x:81:
 sshd:x:74:
 vagrant:x:1000:vagrant"""
 
+[files."/etc/passwd"]
+content="""root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+vagrant:x:1000:1000::/home/vagrant:/bin/bash"""
+
 [commands."uname -r"]
 stdout = "4.19.76-linuxkit"
 
diff --git a/providers/os/resources/groups/testdata/freebsd12.toml b/providers/os/resources/groups/testdata/freebsd12.toml
@@ -38,6 +38,10 @@ nobody:*:65534:
 messagebus:*:556:
 vagrant:*:1001:"""
 
+[files."/etc/passwd"]
+content="""root:x:0:0:root:/root:/bin/bash
+"""
+
 [commands."uname -s"]
 stdout = "FreeBSD"
 

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ func TestManagerDebian(t *testing.T) {`
`30`	`30`	`assert.Equal(t, "0", grp.ID)`
`31`	`31`	`assert.Equal(t, int64(0), grp.Gid)`
`32`	`32`	`assert.Equal(t, "root", grp.Name)`
`33`		`- assert.Equal(t, []string{}, grp.Members)`
	`33`	`+ assert.Equal(t, []string{"root", "sync", "shutdown", "halt", "operator"}, grp.Members)`
`34`	`34`
`35`	`35`	`assert.Equal(t, 23, len(groupList))`
`36`	`36`	`}`