Chapter 27. introduction to users

Table of Contents

whoami
who
who am i
w
id
su to another user
su to root
su as root
su - $username
su -
run a program as another user
visudo
sudo su -
sudo logging
practice: introduction to users
solution: introduction to users

This little chapter will teach you how to identify your user account on a Unix computer using commands like who am i, id, and more.

In a second part you will learn how to become another user with the su command.

And you will learn how to run a program as another user with sudo.

whoami

The whoami command tells you your username.

[paul@centos7 ~]$ whoami
paul
[paul@centos7 ~]$

who

The who command will give you information about who is logged on the system.

[paul@centos7 ~]$ who
root     pts/0        2014-10-10 23:07 (10.104.33.101)
paul     pts/1        2014-10-10 23:30 (10.104.33.101)
laura    pts/2        2014-10-10 23:34 (10.104.33.96)
tania    pts/3        2014-10-10 23:39 (10.104.33.91)
[paul@centos7 ~]$

who am i

With who am i the who command will display only the line pointing to your current session.

[paul@centos7 ~]$ who am i
paul     pts/1        2014-10-10 23:30 (10.104.33.101)
[paul@centos7 ~]$

w

The w command shows you who is logged on and what they are doing.

[paul@centos7 ~]$ w
 23:34:07 up 31 min,  2 users,  load average: 0.00, 0.01, 0.02
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0     23:07   15.00s  0.01s  0.01s top
paul     pts/1     23:30    7.00s  0.00s  0.00s w
[paul@centos7 ~]$

id

The id command will give you your user id, primary group id, and a list of the groups that you belong to.

paul@debian7:~$ id
uid=1000(paul) gid=1000(paul) groups=1000(paul)

On RHEL/CentOS you will also get SELinux context information with this command.

[root@centos7 ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r\
:unconfined_t:s0-s0:c0.c1023

su to another user

The su command allows a user to run a shell as another user.

laura@debian7:~$ su tania
Password:
tania@debian7:/home/laura$

su to root

Yes you can also su to become root, when you know the root password.

laura@debian7:~$ su root
Password:
root@debian7:/home/laura#

su as root

You need to know the password of the user you want to substitute to, unless your are logged in as root. The root user can become any existing user without knowing that user's password.

root@debian7:~# id
uid=0(root) gid=0(root) groups=0(root)
root@debian7:~# su - valentina
valentina@debian7:~$

su - $username

By default, the su command maintains the same shell environment. To become another user and also get the target user's environment, issue the su - command followed by the target username.

root@debian7:~# su laura
laura@debian7:/root$ exit
exit
root@debian7:~# su - laura
laura@debian7:~$ pwd
/home/laura

su -

When no username is provided to su or su -, the command will assume root is the target.

tania@debian7:~$ su -
Password:
root@debian7:~#

run a program as another user

The sudo program allows a user to start a program with the credentials of another user. Before this works, the system administrator has to set up the /etc/sudoers file. This can be useful to delegate administrative tasks to another user (without giving the root password).

The screenshot below shows the usage of sudo. User paul received the right to run useradd with the credentials of root. This allows paul to create new users on the system without becoming root and without knowing the root password.

First the command fails for paul.

paul@debian7:~$ /usr/sbin/useradd -m valentina
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.

But with sudo it works.

paul@debian7:~$ sudo /usr/sbin/useradd -m valentina
[sudo] password for paul:
paul@debian7:~$

visudo

Check the man page of visudo before playing with the /etc/sudoers file. Editing the sudoers is out of scope for this fundamentals book.

paul@rhel65:~$ apropos visudo
visudo               (8)  - edit the sudoers file
paul@rhel65:~$

sudo su -

On some Linux systems like Ubuntu and Xubuntu, the root user does not have a password set. This means that it is not possible to login as root (extra security). To perform tasks as root, the first user is given all sudo rights via the /etc/sudoers. In fact all users that are members of the admin group can use sudo to run all commands as root.

root@laika:~# grep admin /etc/sudoers 
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

The end result of this is that the user can type sudo su - and become root without having to enter the root password. The sudo command does require you to enter your own password. Thus the password prompt in the screenshot below is for sudo, not for su.

paul@laika:~$ sudo su -
Password:
root@laika:~#

sudo logging

Using sudo without authorization will result in a severe warning:

paul@rhel65:~$ sudo su -

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for paul:
paul is not in the sudoers file.  This incident will be reported.
paul@rhel65:~$

The root user can see this in the /var/log/secure on Red Hat and in /var/log/auth.log on Debian).

root@rhel65:~# tail /var/log/secure | grep sudo | tr -s ' '
Apr 13 16:03:42 rhel65 sudo: paul : user NOT in sudoers ; TTY=pts/0 ; PWD=\
/data/sites/web/cobbautbe/subsites ; USER=root ; COMMAND=/bin/su -
root@rhel65:~#

practice: introduction to users

1. Run a command that displays only your currently logged on user name.

2. Display a list of all logged on users.

3. Display a list of all logged on users including the command they are running at this very moment.

4. Display your user name and your unique user identification (userid).

5. Use su to switch to another user account (unless you are root, you will need the password of the other account). And get back to the previous account.

6. Now use su - to switch to another user and notice the difference.

Note that su - gets you into the home directory of Tania.

7. Try to create a new user account (when using your normal user account). this should fail. (Details on adding user accounts are explained in the next chapter.)

8. Now try the same, but with sudo before your command.

solution: introduction to users

1. Run a command that displays only your currently logged on user name.

laura@debian7:~$ whoami
laura
laura@debian7:~$ echo $USER
laura

2. Display a list of all logged on users.

laura@debian7:~$ who
laura     pts/0        2014-10-13 07:22 (10.104.33.101)
laura@debian7:~$

3. Display a list of all logged on users including the command they are running at this very moment.

laura@debian7:~$ w
 07:47:02 up 16 min,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    10.104.33.101    07:30    6.00s  0.04s  0.00s w
root     pts/1    10.104.33.101    07:46    6.00s  0.01s  0.00s sleep 42
laura@debian7:~$

4. Display your user name and your unique user identification (userid).

laura@debian7:~$ id
uid=1005(laura) gid=1007(laura) groups=1007(laura)
laura@debian7:~$

5. Use su to switch to another user account (unless you are root, you will need the password of the other account). And get back to the previous account.

laura@debian7:~$ su tania
Password:
tania@debian7:/home/laura$ id
uid=1006(tania) gid=1008(tania) groups=1008(tania)
tania@debian7:/home/laura$ exit
laura@debian7:~$

6. Now use su - to switch to another user and notice the difference.

laura@debian7:~$ su - tania
Password:
tania@debian7:~$ pwd
/home/tania
tania@debian7:~$ logout
laura@debian7:~$

Note that su - gets you into the home directory of Tania.

7. Try to create a new user account (when using your normal user account). this should fail. (Details on adding user accounts are explained in the next chapter.)

laura@debian7:~$ useradd valentina
-su: useradd: command not found
laura@debian7:~$ /usr/sbin/useradd valentina
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.

It is possible that useradd is located in /sbin/useradd on your computer.

8. Now try the same, but with sudo before your command.

laura@debian7:~$ sudo /usr/sbin/useradd valentina
[sudo] password for laura:
laura is not in the sudoers file.  This incident will be reported.
laura@debian7:~$

Notice that laura has no permission to use the sudo on this system.