Mistaken identity?
Archive - Originally posted on "The Horse's Mouth" - 2009-07-22 05:52:55 - Graham EllisI asked who I was logged in as yesterday ... and I got two different answers:
[melksham ~]# who am i
trainee pts/1 2009-07-21 13:16 (192.168.200.80)
[melksham ~]# whoami
root
[melksham ~]# When you log in to a Unix or a Linux box, you give an account name (and password, I hope!) and you're given a user account name / identity. Or so you think - but really you have two identities, your real and your effective id. If you use a command such as su to get a new identity, your effective id changes, but not your real id ... and that's what had happened with the report above.
There is a good reason for this ... the difference between real and effective ids is used within programs too - operating system programs such as the passwd program. On one hand, users cannot possibly be allowed to write from their normal accounts to the file that contains encoded passwords - think of the security risk, yet on the other hand they must write to that file if they're going to be changing their password. The conundrum is neatly overcome by having the passwd program set up with a setuid bit, which means that while you're running it, you have an effective root id while your real id remains as the user you logged in as.
We tell you more about su and why you should always run su - on our Linux Admin Introduction.