2016-09-22 12:43:57 +00:00
---
title: About the etc_group Resource
---
# etc_group
Use the `etc_group` InSpec audit resource to test groups that are defined on Linux and Unix platforms. The `/etc/group` file stores details about each group---group name, password, group identifier, along with a comma-separate list of users that belong to the group.
2016-09-27 19:03:23 +00:00
## Syntax
2016-09-22 12:43:57 +00:00
A `etc_group` resource block declares a collection of properties to be tested:
describe etc_group('path') do
its('matcher') { should eq 'some_value' }
end
or:
describe etc_group.where(item: 'value', item: 'value') do
its('gids') { should_not contain_duplicates }
its('groups') { should include 'user_name' }
its('users') { should include 'user_name' }
end
where
* `('path')` is the non-default path to the `inetd.conf` file
* `.where()` may specify a specific item and value, to which the matchers are compared
* `'gids'`, `'groups'`, and `'users'` are valid matchers for this resource
2016-09-27 19:03:23 +00:00
## Matchers
2016-09-22 12:43:57 +00:00
This InSpec audit resource has the following matchers:
2016-09-27 19:03:23 +00:00
### be
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_be" %>
2016-09-27 19:03:23 +00:00
### cmp
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_cmp" %>
2016-09-27 19:03:23 +00:00
### eq
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_eq" %>
2016-09-27 19:03:23 +00:00
### gids
2016-09-22 12:43:57 +00:00
The `gids` matcher tests if the named group identifier is present or if it contains duplicates:
its('gids') { should_not contain_duplicates }
2016-09-27 19:03:23 +00:00
### groups
2016-09-22 12:43:57 +00:00
The `groups` matcher tests all groups for the named user:
its('groups') { should include 'my_group' }
2016-09-27 19:03:23 +00:00
### include
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_include" %>
2016-09-27 19:03:23 +00:00
### match
2016-09-22 12:43:57 +00:00
<%= partial "/shared/matcher_match" %>
2016-09-27 19:03:23 +00:00
### users
2016-09-22 12:43:57 +00:00
The `users` matcher tests all groups for the named user:
its('users') { should include 'my_user' }
2016-09-27 19:03:23 +00:00
### where
2016-09-22 12:43:57 +00:00
The `where` matcher allows the test to be focused to one (or more) specific items:
etc_group.where(item: 'value', item: 'value')
where `item` may be one (or more) of:
* `name: 'name'`
* `group_name: 'group_name'`
* `password: 'password'`
* `gid: 'gid'`
* `group_id: 'gid'`
* `users: 'user_name'`
* `members: 'member_name'`
2016-09-27 19:03:23 +00:00
## Examples
2016-09-22 12:43:57 +00:00
The following examples show how to use this InSpec audit resource.
2016-09-27 19:03:23 +00:00
### Test group identifiers (GIDs) for duplicates
2016-09-22 12:43:57 +00:00
describe etc_group do
its('gids') { should_not contain_duplicates }
end
2016-09-27 19:03:23 +00:00
### Test all groups to see if a specific user belongs to one (or more) groups
2016-09-22 12:43:57 +00:00
describe etc_group do
its('groups') { should include 'my_group' }
end
2016-09-27 19:03:23 +00:00
### Test all groups for a specific user name
2016-09-22 12:43:57 +00:00
describe etc_group do
its('users') { should include 'my_user' }
end
2016-09-27 19:03:23 +00:00
### Filter a list of groups for a specific user
2016-09-22 12:43:57 +00:00
describe etc_group.where(name: 'my_group') do
its('users') { should include 'my_user' }
end