1 /* id -- print real and effective UIDs and GIDs
2 Copyright (C) 1989-2012 Free Software Foundation, Inc.
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>. */
17 /* Written by Arnold Robbins.
18 Major rewrite by David MacKenzie, djm@gnu.ai.mit.edu. */
22 #include <sys/types.h>
26 #include <selinux/selinux.h>
30 #include "mgetgroups.h"
32 #include "group-list.h"
34 /* The official name of this program (e.g., no 'g' prefix). */
35 #define PROGRAM_NAME "id"
38 proper_name ("Arnold Robbins"), \
39 proper_name ("David MacKenzie")
41 /* If nonzero, output only the SELinux context. -Z */
42 static int just_context = 0;
44 static void print_user (uid_t uid);
45 static void print_full_info (const char *username);
47 /* If true, output user/group name instead of ID number. -n */
48 static bool use_name = false;
50 /* The real and effective IDs of the user to print. */
51 static uid_t ruid, euid;
52 static gid_t rgid, egid;
54 /* True unless errors have been encountered. */
55 static bool ok = true;
57 /* The SELinux context. Start with a known invalid value so print_full_info
58 knows when 'context' has not been set to a meaningful value. */
59 static security_context_t context = NULL;
61 static struct option const longopts[] =
63 {"context", no_argument, NULL, 'Z'},
64 {"group", no_argument, NULL, 'g'},
65 {"groups", no_argument, NULL, 'G'},
66 {"name", no_argument, NULL, 'n'},
67 {"real", no_argument, NULL, 'r'},
68 {"user", no_argument, NULL, 'u'},
69 {GETOPT_HELP_OPTION_DECL},
70 {GETOPT_VERSION_OPTION_DECL},
77 if (status != EXIT_SUCCESS)
81 printf (_("Usage: %s [OPTION]... [USERNAME]\n"), program_name);
83 Print user and group information for the specified USERNAME,\n\
84 or (when USERNAME omitted) for the current user.\n\
86 -a ignore, for compatibility with other versions\n\
87 -Z, --context print only the security context of the current user\n\
88 -g, --group print only the effective group ID\n\
89 -G, --groups print all group IDs\n\
90 -n, --name print a name instead of a number, for -ugG\n\
91 -r, --real print the real ID instead of the effective ID, with -ugG\n\
92 -u, --user print only the effective user ID\n\
94 fputs (HELP_OPTION_DESCRIPTION, stdout);
95 fputs (VERSION_OPTION_DESCRIPTION, stdout);
98 Without any OPTION, print some useful set of identified information.\n\
100 emit_ancillary_info ();
106 main (int argc, char **argv)
109 int selinux_enabled = (is_selinux_enabled () > 0);
111 /* If true, output the list of all group IDs. -G */
112 bool just_group_list = false;
113 /* If true, output only the group ID(s). -g */
114 bool just_group = false;
115 /* If true, output real UID/GID instead of default effective UID/GID. -r */
116 bool use_real = false;
117 /* If true, output only the user ID(s). -u */
118 bool just_user = false;
120 initialize_main (&argc, &argv);
121 set_program_name (argv[0]);
122 setlocale (LC_ALL, "");
123 bindtextdomain (PACKAGE, LOCALEDIR);
124 textdomain (PACKAGE);
126 atexit (close_stdout);
128 while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
133 /* Ignore -a, for compatibility with SVR4. */
137 /* politely decline if we're not on a selinux-enabled kernel. */
138 if (!selinux_enabled)
139 error (EXIT_FAILURE, 0,
140 _("--context (-Z) works only on an SELinux-enabled kernel"));
157 just_group_list = true;
159 case_GETOPT_HELP_CHAR;
160 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
162 usage (EXIT_FAILURE);
166 size_t n_ids = argc - optind;
169 error (0, 0, _("extra operand %s"), quote (argv[optind + 1]));
170 usage (EXIT_FAILURE);
173 if (n_ids && just_context)
174 error (EXIT_FAILURE, 0,
175 _("cannot print security context when user specified"));
177 if (just_user + just_group + just_group_list + just_context > 1)
178 error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
180 bool default_format = (just_user + just_group + just_group_list
181 + just_context == 0);
183 if (default_format && (use_real || use_name))
184 error (EXIT_FAILURE, 0,
185 _("cannot print only names or real IDs in default format"));
187 /* If we are on a selinux-enabled kernel, no user is specified, and
188 either --context is specified or none of (-u,-g,-G) is specified,
189 and we're not in POSIXLY_CORRECT mode, get our context. Otherwise,
190 leave the context variable alone - it has been initialized to an
191 invalid value that will be not displayed in print_full_info(). */
195 || (default_format && ! getenv ("POSIXLY_CORRECT"))))
197 /* Report failure only if --context (-Z) was explicitly requested. */
198 if (getcon (&context) && just_context)
199 error (EXIT_FAILURE, 0, _("can't get process context"));
204 struct passwd *pwd = getpwnam (argv[optind]);
206 error (EXIT_FAILURE, 0, _("%s: no such user"), argv[optind]);
207 ruid = euid = pwd->pw_uid;
208 rgid = egid = pwd->pw_gid;
212 /* POSIX says identification functions (getuid, getgid, and
213 others) cannot fail, but they can fail under GNU/Hurd and a
214 few other systems. Test for failure by checking errno. */
218 if (just_user ? !use_real
219 : !just_group && !just_group_list && !just_context)
223 if (euid == NO_UID && errno)
224 error (EXIT_FAILURE, errno, _("cannot get effective UID"));
227 if (just_user ? use_real
228 : !just_group && (just_group_list || !just_context))
232 if (ruid == NO_UID && errno)
233 error (EXIT_FAILURE, errno, _("cannot get real UID"));
236 if (!just_user && (just_group || just_group_list || !just_context))
240 if (egid == NO_GID && errno)
241 error (EXIT_FAILURE, errno, _("cannot get effective GID"));
245 if (rgid == NO_GID && errno)
246 error (EXIT_FAILURE, errno, _("cannot get real GID"));
252 print_user (use_real ? ruid : euid);
256 if (!print_group (use_real ? rgid : egid, use_name))
259 else if (just_group_list)
261 if (!print_group_list (argv[optind], ruid, rgid, egid, use_name))
264 else if (just_context)
266 fputs (context, stdout);
270 print_full_info (argv[optind]);
274 exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
277 /* Print the name or value of user ID UID. */
280 print_user (uid_t uid)
282 struct passwd *pwd = NULL;
286 pwd = getpwuid (uid);
289 error (0, 0, _("cannot find name for user ID %lu"),
290 (unsigned long int) uid);
296 printf ("%lu", (unsigned long int) uid);
298 printf ("%s", pwd->pw_name);
301 /* Print all of the info about the user's user and group IDs. */
304 print_full_info (const char *username)
309 printf (_("uid=%lu"), (unsigned long int) ruid);
310 pwd = getpwuid (ruid);
312 printf ("(%s)", pwd->pw_name);
314 printf (_(" gid=%lu"), (unsigned long int) rgid);
315 grp = getgrgid (rgid);
317 printf ("(%s)", grp->gr_name);
321 printf (_(" euid=%lu"), (unsigned long int) euid);
322 pwd = getpwuid (euid);
324 printf ("(%s)", pwd->pw_name);
329 printf (_(" egid=%lu"), (unsigned long int) egid);
330 grp = getgrgid (egid);
332 printf ("(%s)", grp->gr_name);
339 int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
345 error (0, errno, _("failed to get groups for user %s"),
350 error (0, errno, _("failed to get groups for the current process"));
357 fputs (_(" groups="), stdout);
358 for (i = 0; i < n_groups; i++)
362 printf ("%lu", (unsigned long int) groups[i]);
363 grp = getgrgid (groups[i]);
365 printf ("(%s)", grp->gr_name);
370 /* POSIX mandates the precise output format, and that it not include
371 any context=... part, so skip that if POSIXLY_CORRECT is set. */
373 printf (_(" context=%s"), context);