Feature #3243

Add shadow support to getent(1)

Added by Igor Pashev over 8 years ago. Updated almost 7 years ago.

Start date:
Due date:
% Done:


Estimated time:
Gerrit CR:


./getent shadow root


getent-shadow.patch (3.28 KB) getent-shadow.patch Igor Pashev, 2012-09-30 12:00 PM
illumos-3243-getent-shadow.patch (5.09 KB) illumos-3243-getent-shadow.patch manpage patched Igor Pashev, 2012-10-03 08:44 PM

Related issues

Has duplicate illumos gate - Feature #4076: getent should support shadow lookupsClosedRich Lowe2013-08-23


Updated by Milan Jurik over 8 years ago



Updated by Igor Pashev over 8 years ago

Milan Jurik wrote:


Use case:

Administrator removes sudo. Before removing, package manager checks whether root has password (login enabled).


Updated by Milan Jurik over 8 years ago

  • Status changed from New to Feedback

So package manager checks line in /etc/shadow, grep should be enough for this one.


Updated by Igor Pashev over 8 years ago

glibc's getent supports shadow, I'm not sure if root account may be in LDAP, or somewhere else.

I don't care much, I'm just sharing my work.


Updated by Milan Jurik over 8 years ago

The point is that from "somewhere else" you will not receive what you are expecting.

I am only afraid that it will be misleading because getent works with databases and shadow is not database and use case is limited to something which grep for root account can do.

Anyway, we are not doing everything "architecturally" great but mainly useful and if you see it useful, please add manpage diff and I can review it for you.


Updated by Gary Mills over 8 years ago

`shadow.byname' can certainly be an NIS database. /etc/shadow is indeed a files database.


Updated by Gary Mills about 7 years ago

  • % Done changed from 0 to 80

A couple of people wanted to see use cases for the modified version of getent. It's a system administration tool, used like many others. It's a bad idea to place artificial limits on system administration. Of course, if you have nsswitch.conf configured to use only local files for passwd and shadow, getent is not necessary for either one.

It's a different story if you have nsswitch.conf configured for multiple sources of information for these two databases. The behavior then is fully described in the getspman man page.


Updated by Gary Mills almost 7 years ago

  • Assignee set to Gary Mills

Igor gave me permission to complete this change.


Updated by Electric Monk almost 7 years ago

git commit 00277c9e43668ff248a12ee635ce125957750373

Author: Gary Mills <>

3243 Add shadow support to getent(1)
Reviewed by: Igor Kozhukhov <>
Reviewed by: Albert Lee <>
Approved by: Dan McDonald <>


Updated by Dan McDonald almost 7 years ago

  • Status changed from Feedback to Resolved

See above....

Also available in: Atom PDF