39

My /etc/group has grown by adding new users as well as installing programs that have added their own user and/or group. The same is true for /etc/passwd. Editing has now become a little cumbersome due to the lack of structure.

May I sort these files (e.g. by numerical id or alphabetical by name) without negative effect on the system and/or package managers?

I would guess that is does not matter but just to be sure I would like to get a 2nd opinion. Maybe root needs to be the 1st line or within the first 1k lines or something?

The same goes for /etc/*shadow.

Improve this question
4
  • 7
    "Editing has now become a little cumbersome due to the lack of structure" Why are you editing those files by hand?
    – Kevin
    Commented Feb 19, 2018 at 23:50
  • How does sorting the file help with editing? Is it because you want to group related accounts together, and then do similar changes in a range of rows? But will related account be adjacent if you sort by uid or name?
    – Barmar
    Commented Feb 21, 2018 at 20:51
  • 1
    @Barmar It has helped mainly because user accounts are grouped by ranges and separate from system accounts (when sorting by UID). Therefore it is easier e.g. to spot the correct line to examine or change when editing with vi.
    – Ned64
    Commented Mar 13, 2018 at 23:15
  • @Kevin PS: I also never learned the syntax of the command to add a user to the Linux system - much easier to do it using vi :-)
    – Ned64
    Commented Jul 26, 2020 at 21:02

4 Answers 4

Reset to default
59

You should be OK doing this: in fact, according to the article and reading the documentation, you can sort /etc/passwd and /etc/group by UID/GID with pwck -s and grpck -s, respectively.

Improve this answer
4
  • 3
    @Menasheh This site's colours don't make them stand out as much as on other sites, but "OK doing this" in this answer is a hyperlink.
    – hvd
    Commented Feb 18, 2018 at 22:59
  • 2
    OK, fine, but... In general, are there valid reasons to manually edit /etc/passwd and similar files? Isn't it considered better to access these via the tools that are designed to create and modify them?
    – user31404
    Commented Feb 19, 2018 at 14:05
  • 1
    @mickeyf I've seen people manually edit /etc/passwd when they're making batch changes, like changing the GECOS field for all users due to moving/restructuring (global room or phone number changes, etc.) It's not common anymore, but there are specific reasons that crop up from time to time.
    – ErikF
    Commented Feb 20, 2018 at 21:21
  • @MickeyfAgain_BeforeExitOfSO What ErikF said, plus the useradd and other tools may do things you may not want, like generate a user group or populate home directories (unless you know the options to suppress that) and this may not be desired in some cases. vi certainly gives more direct control.
    – Ned64
    Commented May 11 at 23:50
43

Although ErikF is correct that this should generally be okay, I do want to point out one potential issue:

You're allowed to map different usernames to the same UID. If you make use of this, tools that map a UID back to a username will generally pick the first username they find for that UID in /etc/passwd. Sorting may cause a different username to appear first. For display purposes (e.g. ls -l output), either username should work, but it's possible that you've configured some program to accept requests from username A, where it will deny those requests if it sees them coming from username B, even if A and B are the same user.

Improve this answer
1
  • Thanks, I know you can, used to have a user with tcsh and uid 0 in Solaris a few decades ago. However, a Linux system will not create this situation by itself - you would need to manually create such a user in order to have issues with that situation.
    – Ned64
    Commented May 5, 2019 at 14:25
2

Having root at first line has been a long time de facto "standard" and is very convenient if you ever have to fix their shell or delete the password, when dealing with problems or recovering systems.

Likewise I prefer to have daemons/utils users in the middle and standard users at the end of both passwd and shadow.

hvd answer is also very good about disturbing the users order, especially in systems with many users maintained by hand.

If you somewhat manage to sort the files, for instance, only for standard users, it would be more sensible than changing the order of all users, imo.

Improve this answer
2
  • 2
    If you sort numerically by UID, you should get your preferred order. Root is always 0, and daemons conventionally have UIDs under 100.
    – Barmar
    Commented Feb 21, 2018 at 20:13
  • @Barmar If sorting by UID and not by name, indeed, thanks for remembering.
    – Rui F Ribeiro
    Commented Feb 21, 2018 at 20:16
0

Here is a bit of somewhat hairy bash code to similarly sort the shadow/gshadow files safely (using vipw -s/vigr -s) and in-place from the command line:

EDITOR="/usr/bin/vi -c \"1,\\\$!awk 'BEGIN {FS = \\\":\\\"} FNR==NR {x2[\\\$1] = \\\$0; next} \\\$1 in x2 {print x2[\\\$1]}' - /etc/passwd\" -c \"wq! \" >/dev/null 2>&1" vipw -s

EDITOR="/usr/bin/vi -c \"1,\\\$!awk 'BEGIN {FS = \\\":\\\"} FNR==NR {x2[\\\$1] = \\\$0; next} \\\$1 in x2 {print x2[\\\$1]}' - /etc/group\" -c \"wq! \" >/dev/null 2>&1" vigr -s

NOTE:

  1. vi -c passes the command to the vim editor which is assigned to be the editor for vipw/vigr by the EDITOR variable
  2. The awk code sorts shadow by passwd (and gshadow by group)
  3. The backslashes are just the multiple levels of escape needed corresponding to the quotation levels.
  4. The second command (-c \"wq! \") force writes and closes the sorted file. The force is necessary since shadow/gshadow are often mode 000 (i.e unwritable). Note the space between '!' and '\' is necessary to prevent interpretation by the shell as '!\' which references a bash event.
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .