How to Identify Your User Account on a Unix Computer
How to Identify Your User Account on a Unix Computer |
How to Identify Your User Account on a Unix Computer - This little chapter will teach you how to identify your user account on a Unix computer using commands like who am i, id, and more.
Command Identify Your User Account
In a second part you will learn how to become another user with the su command. And you will learn how to run a program as another user with sudo.
whoami
The whoami command tells you your username.
[kitsake@dlp ~]$ whoami kitsake [kitsake@dlp ~]$
who
The who command will give you information about who is logged on the system.
[kitsake@dlp ~]$ who
kitsake pts/0 2023-12-20 14:58 (192.x.x.x)
[kitsake@dlp ~]$
who am i
With who am i the who command will display only the line pointing to your current session.
[kitsake@dlp ~]$ who am i kitsake pts/0 2023-12-20 14:58 (192.x.x.x) [kitsake@dlp ~]$
w
The w command shows you who is logged on and what they are doing.
[kitsake@dlp ~]$ w 15:08:10 up 313 days, 18:18, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT kitsake pts/0 192.x.x.x 14:58 2.00s 0.02s 0.00s w
[kitsake@dlp ~]$
id
The id command will give you your user id, primary group id, and a list of the groups that you belong to.
[kitsake@dlp ~]$ id uid=1000(kitsake) gid=1000(kitsake) groups=1000(kitsake),10(wheel) [kitsake@dlp ~]$
On RHEL/CentOS you will also get SELinux context information with this command.
[kitsake@dlp ~]# id uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r\ :unconfined_t:s0-s0:c0.c1023
su to another user
The su command allows a user to run a shell as another user.
[kitsake@dlp ~]$ su bangkit Password: [bangkit@dlp kitsake]$
su to root
Yes you can also su to become root, when you know the root password.
[kitsake@dlp ~]$ su root Password: [root@dlp kitsake]#
su as root
You need to know the password of the user you want to substitute to, unless your are logged in as root. The root user can become any existing user without knowing that user's password.
[root@dlp ~]# id uid=0(root) gid=0(root) groups=0(root) [root@dlp ~]# su - kitsake Last login: Wed Dec 20 14:58:18 WIB 2023 from 192.x.x.x on pts/0
[kitsake@dlp ~]$
su - $username
By default, the su command maintains the same shell environment. To become another user and also get the target user's environment, issue the su - command followed by the target username.
[root@dlp ~]# su kitsake [kitsake@dlp root]$ exit exit [root@dlp ~]# [root@dlp ~]# su - kitsake Last login: Wed Dec 20 15:25:25 WIB 2023 on pts/0 [kitsake@dlp ~]$ pwd /home/kitsake [kitsake@dlp ~]$
su -
When no username is provided to su or su -, the command will assume root is the target.
[kitsake@dlp ~]$ su - Password: Last login: Wed Dec 20 15:27:22 WIB 2023 on pts/0 [root@dlp ~]#
run a program as another user
The sudo program allows a user to start a program with the credentials of another user. Before this works, the system administrator has to set up the /etc/sudoers file. This can be useful to delegate administrative tasks to another user (without giving the root password).
The screenshot below shows the usage of sudo. User kitsake received the right to run useradd with the credentials of root. This allows kitsake to create new users on the system without becoming root and without knowing the root password.
First the command fails for kitsake.
[kitsake@dlp ~]$ useradd -m ade useradd: Permission denied. useradd: cannot lock /etc/passwd; try again later.
But with sudo it works.
[kitsake@dlp ~]$ sudo useradd -m ade [sudo] password for kitsake: [kitsake@dlp ~]$
visudo
Check the man page of visudo before playing with the /etc/sudoers file. Editing the sudoers is out of scope for this fundamentals book.
[kitsake@dlp ~]$ apropos visudo visudo: nothing appropriate. [kitsake@dlp ~]$
sudo su -
On some Linux systems like Ubuntu and Xubuntu, the root user does not have a password set. This means that it is not possible to login as root (extra security).
To perform tasks as root, the first user is given all sudo rights via the /etc/sudoers. In fact all users that are members of the admin group can use sudo to run all commands as root.
[root@dlp kitsake]# grep wheel /etc/sudoers ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL # %wheel ALL=(ALL) NOPASSWD: ALL [root@dlp kitsake]#
The end result of this is that the user can type sudo su - and become root without having to enter the root password. The sudo command does require you to enter your own password.
Thus the password prompt in the screenshot below is for sudo, not for su.
[kitsake@dlp ~]$ sudo su - Last login: Wed Dec 20 16:16:03 WIB 2023 on pts/0 [root@dlp ~]#
sudo logging
Using sudo without authorization will result in a severe warning:
[blog@dlp ~]$ sudo su - We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for blog: blog is not in the sudoers file. This incident will be reported. [blog@dlp ~]$
The root user can see this in the /var/log/secure on Red Hat.
[root@dlp kitsake]# tail /var/log/secure | grep sudoers Dec 20 16:26:38 dlp sudo[4072016]: blog : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/blog ; USER=root ; COMMAND=/bin/su - [root@dlp kitsake]#
Practice: introduction to users
- Run a command that displays only your currently logged on user name.
- Display a list of all logged on users.
- Display a list of all logged on users including the command they are running at this very moment.
- Display your user name and your unique user identification (userid).
- Use su to switch to another user account (unless you are root, you will need the password of the other account). And get back to the previous account.
- Now use su - to switch to another user and notice the difference. Note that su - gets you into the home directory of Tania.
- Try to create a new user account (when using your normal user account). this should fail.
- Now try the same, but with sudo before your command.
Solution: introduction to users
1. Run a command that displays only your currently logged on user name.
[kitsake@dlp ~]$ whoami kitsake [kitsake@dlp ~]$ echo $USER kitsake [kitsake@dlp ~]$
2. Display a list of all logged on users.
[kitsake@dlp ~]$ who kitsake pts/0 2023-12-20 14:58 (192.x.x.x)
kitsake pts/1 2023-12-20 16:25 (192.x.x.x)
[kitsake@dlp ~]$
3. Display a list of all logged on users including the command they are running at this very moment.
[kitsake@dlp ~]$ w 16:41:11 up 313 days, 19:51, 2 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT kitsake pts/0 192.x.x.x 14:58 13:36 0.18s 0.02s sshd: kitsake [
kitsake pts/1 192.x.x.x 16:25 1.00s 0.02s 0.00s w
[kitsake@dlp ~]$
4. Display your user name and your unique user identification (userid).
[kitsake@dlp ~]$ id uid=1000(kitsake) gid=1000(kitsake) groups=1000(kitsake),10(wheel) [kitsake@dlp ~]$
5. Use su to switch to another user account (unless you are root, you will need the password of the other account). And get back to the previous account.
[kitsake@dlp ~]$ su blog Password: [blog@dlp kitsake]$ id uid=1012(blog) gid=1012(blog) groups=1012(blog) [blog@dlp kitsake]$ exit exit [kitsake@dlp ~]$
6. Now use su - to switch to another user and notice the difference.
[kitsake@dlp ~]$ su - blog Password: Last login: Wed Dec 20 16:43:03 WIB 2023 on pts/1 [blog@dlp ~]$ pwd /home/blog [blog@dlp ~]$ logout [kitsake@dlp ~]$
Note that su - gets you into the home directory of blog.
7. Try to create a new user account (when using your normal user account). this should fail.
[kitsake@dlp ~]$ useradd blogspot useradd: Permission denied. useradd: cannot lock /etc/passwd; try again later. [kitsake@dlp ~]$
8. Now try the same, but with sudo before your command.
[saputra@dlp ~]$ sudo /usr/sbin/useradd blog [sudo] password for saputra: saputra is not in the sudoers file. This incident will be reported. [saputra@dlp ~]$
Notice that blog has no permission to use the sudo on this system.
Post a Comment for "How to Identify Your User Account on a Unix Computer"
Post a Comment