In linux, how can one find out when was a user added to/removed from a group?

The title pretty much captures everything. I'm on linux, and I want to find out when was a particular user added to or removed from a group. Some Google-ing leads me to believe it is possible in Windows,开发者_JS百科 but I couldn't find anything relevant for linux.

In Linux it depends:

If you're just using files you need to watch /etc/group and look at the timestamps of changes on that, from archived copies or live. (Assuming you take regular snapshots or can watch this file).

If you're using LDAP you can look at the modification dates (modifyTimeStamp) on individual entries in the DIT. If you want to make this robust and reliable then the nicer option would be to implement it as an overlay (assuming OpenLDAP), or simply use the existing audit overlay.

There are other NSS modules (e.g. nis/nis+), but I'm not so familiar with them.