BSD Links · New Links · Advocacy · Drivers · Events · Flavours · FAQs · Guides · Programming · Security · Software · User Groups

This is the BSDA Study Guide Book written via a wiki collaboration. This is a work in progress. You may contribute to or discuss this specific page at http://bsdwiki.reedmedia.net/wiki/Determine_identity_and_group_membership.html. Determine identity and group membership Concept In the context of the Unix permission system, determining one's identity and group membership is essential to determine what authorizations are available. Be able to determine, and as required, change identity or group membership. Introduction The user's priviledges determine what kind of access (if any) to given files and directories a user have. Groups are a mean to simplify user management. Examples We can determine our identity -- that is our username and groups to which we belong -- using id, groups and whoami commands. Our username can be determined by simply executing whoami command without any parameters. $ whoami user In the above example we're logged into the system as a user. The whoami command is equivalent to id -un. The groups command let us check to which groups we're currently begin assigned to. It can also be used to check other existing user's group membership. Executing groups without a username will display information on us. $ groups users audio mail cvs $ groups john users mail $ groups mike groups: mike: no such user The groups command is equivalent to id -Gn. The id command may take few arguments and can output many informations on given user. In most basic usage it displays our user ID (uid), our basic group id (gid) and groups to which we belong to. $ id uid=1001(user) gid=100(users) groups=100(users), 92(audio), 1003(mail), 1004(cvs) It can also be used to display the very same information on other user. $ id john uid=1002(john) gid=100(users) groups=100(users), 1003(mail) Note, that the above mentioned commands will not display our new groups membership untill we'll logout and login again. As explained above, some commands let us peek into other user's identity information, which might be useful to system administrators for checking other logged in users. To see who is currently logged in execute who command: $ who root ttyv1 Jan 4 23:16 user ttyp0 Jan 5 22:19 (192.168.86.11) This command outputs some more information on all logged users: username, tty name, date and time of login and remote host's IP address if it is not local. It can also display the very same information only about us: $ who am I user ttyp0 Jan 5 22:19 (192.168.86.11) Finaly, having determined who we are -- our username and groups membership -- we may sometimes need to switch to more priviledged account (most commonly root) without completely logging out current user. To do so, we'll use the su command. The su command may be given with or without a username. Given without a username su switches do superuser root. Password is not echoed in any form (not even with * marks). $ whoami user $ su Password: # whoami root Most commonly, when switching to normal user account, we'd like to simulate a full login. This is done with the - parameter: $ whoami user $ echo $HOME /home/user $ su - john Password: $ whoami john $ echo $HOME /home/john Practice Exercises Compare the output of whoami and id -un commands. Compare the output of groups and id -Gn commands. Try executing id with a variation of all parameters described in id(1) system manual. Try checking information on both existing and not existing users. Try executing who with arguments: -H, -q, -m, and -u. Check the result of su command with parameters: -, -l, and -m. More information id(1), groups(1), who(1), whoami(1), su(1)