getent

Get list of all groups

$ getent group

$ getent group [group_name]

$ getent services

$ getent passwd 1000

$ getent hosts [host]

getent [OPTION]... DATABASE [KEY...]

DATABASE
    The name of the database to query. Common databases include passwd (user accounts), group (user groups), hosts (hostnames and IP addresses), services (network services), protocols (network protocols), rpc (RPC program numbers), and netgroup (network groups).

KEY...
    An optional argument specifying one or more specific entries to look up within the DATABASE. For example, a username for passwd, an IP address for hosts, or a service name for services. If omitted, getent will attempt to list all entries in the specified database (if supported by that database type and its configured sources).

-s CONFIG_STR, --by-source=CONFIG_STR
    Specify an alternative source configuration string for the lookup. This string directly defines the NSS sources to consult for this query, overriding the default behavior defined in /etc/nsswitch.conf for the specified DATABASE. This option is less commonly used than relying on the standard NSS configuration.

getent is a command-line utility used to retrieve entries from the Name Service Switch (NSS) databases. It provides a unified interface for querying various system databases, such as user accounts, groups, hostnames, services, and protocols. Instead of directly parsing configuration files like /etc/passwd or /etc/hosts, getent consults the system's NSS configuration (typically defined in /etc/nsswitch.conf) to determine the order and sources for database lookups. This allows it to fetch information transparently from local files, DNS, LDAP, NIS, or other configured services.

This command is invaluable for system administrators and scripts that need to reliably resolve system entities, as it reflects the same lookup logic that system libraries use. It can query for a specific key within a database or, for some databases, list all available entries.

• getent's behavior is entirely dependent on the system's /etc/nsswitch.conf configuration. If NSS sources are misconfigured or external services are unavailable, getent may return incomplete results or exhibit timeouts.
• Listing all entries (e.g., getent passwd without a key) can be very slow and resource-intensive if the database is large and sourced from remote services like LDAP. Some databases (e.g., netgroup) may not support enumeration without a specific key.
• It requires appropriate permissions to read /etc/nsswitch.conf and access underlying data sources.

While getent can list all entries for databases like passwd and group when no key is provided, this functionality depends on the specific database type and its configured NSS sources. Not all databases support full enumeration; for example, netgroup typically requires a key. Enumerating a large database from remote sources can take a significant amount of time and consume network resources.

The strength of getent lies in its direct consultation of /etc/nsswitch.conf. This file dictates the order and types of sources (e.g., files, dns, ldap, nis) to be queried for each database. This makes getent an indispensable tool for diagnosing and verifying the correct operation of your system's Name Service Switch configuration, reflecting exactly how system libraries will resolve entities.

getent is part of the GNU C Library (glibc) and was developed as a fundamental component of the Name Service Switch (NSS) architecture. NSS emerged to provide a consistent and extensible framework for resolving various system entities across diverse data sources (local files, network services like NIS, LDAP, DNS, etc.). getent's existence allows administrators and applications to leverage this standardized lookup mechanism, abstracting away the complexity of underlying data storage. Its core functionality has remained stable and essential for Linux systems since its introduction.

nsswitch.conf(5), passwd(5), group(5), hosts(5), id(1), who(1)