id and whoami commands shows different user

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












Recently, I've noticed a strange thing, and I'm asking you to explain such behavior.



# Ok, I logged in as root

# Am I root? Sure.
╭─root@s1 ~
╰─# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)


# Now i want to log in as user1
╭─root@s1 ~
╰─# su - user1


# What? nginx instead of user1?
╭─nginx@s1 ~
╰─$ whoami && id
nginx
uid=498(nginx) gid=500(user1) groups=500(user1)


# So, what is my home dir?
╭─nginx@s1 ~
╰─$ echo $HOME
/home/user1


So the question is: why whoami and id commands shows me different user?



I'm not an administrator of this server and I don't know what he did with the server but this question interesting to me.




linux centos users




share|improve this question




















  • try egrep 'nginx|user1' /etc/passwd my best guess is that user1 ans nginx have same userid (498), and nginx is above user1 in /etc/passwd.
    – Archemar
    Nov 19 '17 at 9:46










  • @Archemar hmm, you're totally right! nginx:x:498:498::/var/www:/bin/false user1:x:498:500::/home/user1:/bin/zsh But how did it happen?
    – Sergey Chizhik
    Nov 19 '17 at 10:18















up vote
1
down vote

favorite












Recently, I've noticed a strange thing, and I'm asking you to explain such behavior.



# Ok, I logged in as root

# Am I root? Sure.
╭─root@s1 ~
╰─# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)


# Now i want to log in as user1
╭─root@s1 ~
╰─# su - user1


# What? nginx instead of user1?
╭─nginx@s1 ~
╰─$ whoami && id
nginx
uid=498(nginx) gid=500(user1) groups=500(user1)


# So, what is my home dir?
╭─nginx@s1 ~
╰─$ echo $HOME
/home/user1


So the question is: why whoami and id commands shows me different user?



I'm not an administrator of this server and I don't know what he did with the server but this question interesting to me.




linux centos users




share|improve this question




















  • try egrep 'nginx|user1' /etc/passwd my best guess is that user1 ans nginx have same userid (498), and nginx is above user1 in /etc/passwd.
    – Archemar
    Nov 19 '17 at 9:46










  • @Archemar hmm, you're totally right! nginx:x:498:498::/var/www:/bin/false user1:x:498:500::/home/user1:/bin/zsh But how did it happen?
    – Sergey Chizhik
    Nov 19 '17 at 10:18













up vote
1
down vote

favorite









up vote
1
down vote

favorite











Recently, I've noticed a strange thing, and I'm asking you to explain such behavior.



# Ok, I logged in as root

# Am I root? Sure.
╭─root@s1 ~
╰─# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)


# Now i want to log in as user1
╭─root@s1 ~
╰─# su - user1


# What? nginx instead of user1?
╭─nginx@s1 ~
╰─$ whoami && id
nginx
uid=498(nginx) gid=500(user1) groups=500(user1)


# So, what is my home dir?
╭─nginx@s1 ~
╰─$ echo $HOME
/home/user1


So the question is: why whoami and id commands shows me different user?



I'm not an administrator of this server and I don't know what he did with the server but this question interesting to me.




linux centos users




share|improve this question












Recently, I've noticed a strange thing, and I'm asking you to explain such behavior.



# Ok, I logged in as root

# Am I root? Sure.
╭─root@s1 ~
╰─# whoami && id
root
uid=0(root) gid=0(root) groups=0(root)


# Now i want to log in as user1
╭─root@s1 ~
╰─# su - user1


# What? nginx instead of user1?
╭─nginx@s1 ~
╰─$ whoami && id
nginx
uid=498(nginx) gid=500(user1) groups=500(user1)


# So, what is my home dir?
╭─nginx@s1 ~
╰─$ echo $HOME
/home/user1


So the question is: why whoami and id commands shows me different user?



I'm not an administrator of this server and I don't know what he did with the server but this question interesting to me.





linux centos users





share|improve this question











share|improve this question




share|improve this question










asked Nov 19 '17 at 9:36









Sergey Chizhik

1166




1166











  • try egrep 'nginx|user1' /etc/passwd my best guess is that user1 ans nginx have same userid (498), and nginx is above user1 in /etc/passwd.
    – Archemar
    Nov 19 '17 at 9:46










  • @Archemar hmm, you're totally right! nginx:x:498:498::/var/www:/bin/false user1:x:498:500::/home/user1:/bin/zsh But how did it happen?
    – Sergey Chizhik
    Nov 19 '17 at 10:18

















  • try egrep 'nginx|user1' /etc/passwd my best guess is that user1 ans nginx have same userid (498), and nginx is above user1 in /etc/passwd.
    – Archemar
    Nov 19 '17 at 9:46










  • @Archemar hmm, you're totally right! nginx:x:498:498::/var/www:/bin/false user1:x:498:500::/home/user1:/bin/zsh But how did it happen?
    – Sergey Chizhik
    Nov 19 '17 at 10:18
















try egrep 'nginx|user1' /etc/passwd my best guess is that user1 ans nginx have same userid (498), and nginx is above user1 in /etc/passwd.
– Archemar
Nov 19 '17 at 9:46




try egrep 'nginx|user1' /etc/passwd my best guess is that user1 ans nginx have same userid (498), and nginx is above user1 in /etc/passwd.
– Archemar
Nov 19 '17 at 9:46












@Archemar hmm, you're totally right! nginx:x:498:498::/var/www:/bin/false user1:x:498:500::/home/user1:/bin/zsh But how did it happen?
– Sergey Chizhik
Nov 19 '17 at 10:18





@Archemar hmm, you're totally right! nginx:x:498:498::/var/www:/bin/false user1:x:498:500::/home/user1:/bin/zsh But how did it happen?
– Sergey Chizhik
Nov 19 '17 at 10:18











1 Answer
1






active

oldest

votes

















up vote
1
down vote



accepted










Is it safe ?



This won't break the OS, you can spy on nginx (and nginx on you). It is more a hindrance to human (hence your question) than dangerous to OS.



For unix/linux kernel, process and files are onwed by user-id (I'll drop group for simplicity).



When using ps or ls -l thoses commands (ps and ls) will read /etc/passwd to match id against username. The rule, if an id is mentioned more than once is to stop at first occurence.



How can two user have same id ?



default option for useradd will prevent those conflicting issues, however



  1. you can force useradd to use an existing id (-o, --non-unique options)

  2. you can edit /etc/passwd manualy, or by have a script include a bunch of user

In your case, it is likely admin didn't do this purposfully, they simply have shell, lots of host to manage, and didn't bother to check for conflicting issue.



nginx might be installed upon host creation (install process will create user nginx), thus adding



nginx:x:498:498::/var/www:/bin/false


to /etc/passwd



then latter on, users are added by a combination of editing /etc/passwd and mkdir+chown, adding in turn



user1:x:498:500::/home/user1:/bin/zsh
user2:x:499:500::/home/user2:/bin/zsh


to /etc/passwd



Why would one do that on purpose ?



You might whish to have more than one login shell (e.g. bash, csh, fish, kde, ...), in this case you can use multiple entry like :



archemar:x:101:101:Archemar:/home/archemar/bash:/bin/bash
arcsh:x:101:101:Archemar:/home/archemar/csh:/bin/csh
arfish:x:101:101:Archemar:/home/archemar/fish:/bin/fish
arkde1:x:101:101:Archemar:/home/archemar/kde1:/bin/bash
arkde2:x:101:101:Archemar:/home/archemar/kde2:/bin/bash


This would allow me to use different login and keep specific configuration file and edit each other without sudo. On the downside there are five different password, this is not the proper way to switch KDE's env, and there is a chsh command should I need to switch shell.



Above configuration would be (should be) frown upon by sysadmin, different $HOME value, will yield different PATH=$HOME/bin:.. (which is what you are looking), yet you still have to have a common part in $PATH, and in the end it is not likely you configuration would be easiest.



You can also be running automatic software tests and want to keep separate directories (home dir in this case), with a unique id for test user.



but, I mean ...



pwck (password check) will issue a warning






share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f405572%2fid-and-whoami-commands-shows-different-user%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote



    accepted










    Is it safe ?



    This won't break the OS, you can spy on nginx (and nginx on you). It is more a hindrance to human (hence your question) than dangerous to OS.



    For unix/linux kernel, process and files are onwed by user-id (I'll drop group for simplicity).



    When using ps or ls -l thoses commands (ps and ls) will read /etc/passwd to match id against username. The rule, if an id is mentioned more than once is to stop at first occurence.



    How can two user have same id ?



    default option for useradd will prevent those conflicting issues, however



    1. you can force useradd to use an existing id (-o, --non-unique options)

    2. you can edit /etc/passwd manualy, or by have a script include a bunch of user

    In your case, it is likely admin didn't do this purposfully, they simply have shell, lots of host to manage, and didn't bother to check for conflicting issue.



    nginx might be installed upon host creation (install process will create user nginx), thus adding



    nginx:x:498:498::/var/www:/bin/false


    to /etc/passwd



    then latter on, users are added by a combination of editing /etc/passwd and mkdir+chown, adding in turn



    user1:x:498:500::/home/user1:/bin/zsh
    user2:x:499:500::/home/user2:/bin/zsh


    to /etc/passwd



    Why would one do that on purpose ?



    You might whish to have more than one login shell (e.g. bash, csh, fish, kde, ...), in this case you can use multiple entry like :



    archemar:x:101:101:Archemar:/home/archemar/bash:/bin/bash
    arcsh:x:101:101:Archemar:/home/archemar/csh:/bin/csh
    arfish:x:101:101:Archemar:/home/archemar/fish:/bin/fish
    arkde1:x:101:101:Archemar:/home/archemar/kde1:/bin/bash
    arkde2:x:101:101:Archemar:/home/archemar/kde2:/bin/bash


    This would allow me to use different login and keep specific configuration file and edit each other without sudo. On the downside there are five different password, this is not the proper way to switch KDE's env, and there is a chsh command should I need to switch shell.



    Above configuration would be (should be) frown upon by sysadmin, different $HOME value, will yield different PATH=$HOME/bin:.. (which is what you are looking), yet you still have to have a common part in $PATH, and in the end it is not likely you configuration would be easiest.



    You can also be running automatic software tests and want to keep separate directories (home dir in this case), with a unique id for test user.



    but, I mean ...



    pwck (password check) will issue a warning






    share|improve this answer


























      up vote
      1
      down vote



      accepted










      Is it safe ?



      This won't break the OS, you can spy on nginx (and nginx on you). It is more a hindrance to human (hence your question) than dangerous to OS.



      For unix/linux kernel, process and files are onwed by user-id (I'll drop group for simplicity).



      When using ps or ls -l thoses commands (ps and ls) will read /etc/passwd to match id against username. The rule, if an id is mentioned more than once is to stop at first occurence.



      How can two user have same id ?



      default option for useradd will prevent those conflicting issues, however



      1. you can force useradd to use an existing id (-o, --non-unique options)

      2. you can edit /etc/passwd manualy, or by have a script include a bunch of user

      In your case, it is likely admin didn't do this purposfully, they simply have shell, lots of host to manage, and didn't bother to check for conflicting issue.



      nginx might be installed upon host creation (install process will create user nginx), thus adding



      nginx:x:498:498::/var/www:/bin/false


      to /etc/passwd



      then latter on, users are added by a combination of editing /etc/passwd and mkdir+chown, adding in turn



      user1:x:498:500::/home/user1:/bin/zsh
      user2:x:499:500::/home/user2:/bin/zsh


      to /etc/passwd



      Why would one do that on purpose ?



      You might whish to have more than one login shell (e.g. bash, csh, fish, kde, ...), in this case you can use multiple entry like :



      archemar:x:101:101:Archemar:/home/archemar/bash:/bin/bash
      arcsh:x:101:101:Archemar:/home/archemar/csh:/bin/csh
      arfish:x:101:101:Archemar:/home/archemar/fish:/bin/fish
      arkde1:x:101:101:Archemar:/home/archemar/kde1:/bin/bash
      arkde2:x:101:101:Archemar:/home/archemar/kde2:/bin/bash


      This would allow me to use different login and keep specific configuration file and edit each other without sudo. On the downside there are five different password, this is not the proper way to switch KDE's env, and there is a chsh command should I need to switch shell.



      Above configuration would be (should be) frown upon by sysadmin, different $HOME value, will yield different PATH=$HOME/bin:.. (which is what you are looking), yet you still have to have a common part in $PATH, and in the end it is not likely you configuration would be easiest.



      You can also be running automatic software tests and want to keep separate directories (home dir in this case), with a unique id for test user.



      but, I mean ...



      pwck (password check) will issue a warning






      share|improve this answer
























        up vote
        1
        down vote



        accepted







        up vote
        1
        down vote



        accepted






        Is it safe ?



        This won't break the OS, you can spy on nginx (and nginx on you). It is more a hindrance to human (hence your question) than dangerous to OS.



        For unix/linux kernel, process and files are onwed by user-id (I'll drop group for simplicity).



        When using ps or ls -l thoses commands (ps and ls) will read /etc/passwd to match id against username. The rule, if an id is mentioned more than once is to stop at first occurence.



        How can two user have same id ?



        default option for useradd will prevent those conflicting issues, however



        1. you can force useradd to use an existing id (-o, --non-unique options)

        2. you can edit /etc/passwd manualy, or by have a script include a bunch of user

        In your case, it is likely admin didn't do this purposfully, they simply have shell, lots of host to manage, and didn't bother to check for conflicting issue.



        nginx might be installed upon host creation (install process will create user nginx), thus adding



        nginx:x:498:498::/var/www:/bin/false


        to /etc/passwd



        then latter on, users are added by a combination of editing /etc/passwd and mkdir+chown, adding in turn



        user1:x:498:500::/home/user1:/bin/zsh
        user2:x:499:500::/home/user2:/bin/zsh


        to /etc/passwd



        Why would one do that on purpose ?



        You might whish to have more than one login shell (e.g. bash, csh, fish, kde, ...), in this case you can use multiple entry like :



        archemar:x:101:101:Archemar:/home/archemar/bash:/bin/bash
        arcsh:x:101:101:Archemar:/home/archemar/csh:/bin/csh
        arfish:x:101:101:Archemar:/home/archemar/fish:/bin/fish
        arkde1:x:101:101:Archemar:/home/archemar/kde1:/bin/bash
        arkde2:x:101:101:Archemar:/home/archemar/kde2:/bin/bash


        This would allow me to use different login and keep specific configuration file and edit each other without sudo. On the downside there are five different password, this is not the proper way to switch KDE's env, and there is a chsh command should I need to switch shell.



        Above configuration would be (should be) frown upon by sysadmin, different $HOME value, will yield different PATH=$HOME/bin:.. (which is what you are looking), yet you still have to have a common part in $PATH, and in the end it is not likely you configuration would be easiest.



        You can also be running automatic software tests and want to keep separate directories (home dir in this case), with a unique id for test user.



        but, I mean ...



        pwck (password check) will issue a warning






        share|improve this answer














        Is it safe ?



        This won't break the OS, you can spy on nginx (and nginx on you). It is more a hindrance to human (hence your question) than dangerous to OS.



        For unix/linux kernel, process and files are onwed by user-id (I'll drop group for simplicity).



        When using ps or ls -l thoses commands (ps and ls) will read /etc/passwd to match id against username. The rule, if an id is mentioned more than once is to stop at first occurence.



        How can two user have same id ?



        default option for useradd will prevent those conflicting issues, however



        1. you can force useradd to use an existing id (-o, --non-unique options)

        2. you can edit /etc/passwd manualy, or by have a script include a bunch of user

        In your case, it is likely admin didn't do this purposfully, they simply have shell, lots of host to manage, and didn't bother to check for conflicting issue.



        nginx might be installed upon host creation (install process will create user nginx), thus adding



        nginx:x:498:498::/var/www:/bin/false


        to /etc/passwd



        then latter on, users are added by a combination of editing /etc/passwd and mkdir+chown, adding in turn



        user1:x:498:500::/home/user1:/bin/zsh
        user2:x:499:500::/home/user2:/bin/zsh


        to /etc/passwd



        Why would one do that on purpose ?



        You might whish to have more than one login shell (e.g. bash, csh, fish, kde, ...), in this case you can use multiple entry like :



        archemar:x:101:101:Archemar:/home/archemar/bash:/bin/bash
        arcsh:x:101:101:Archemar:/home/archemar/csh:/bin/csh
        arfish:x:101:101:Archemar:/home/archemar/fish:/bin/fish
        arkde1:x:101:101:Archemar:/home/archemar/kde1:/bin/bash
        arkde2:x:101:101:Archemar:/home/archemar/kde2:/bin/bash


        This would allow me to use different login and keep specific configuration file and edit each other without sudo. On the downside there are five different password, this is not the proper way to switch KDE's env, and there is a chsh command should I need to switch shell.



        Above configuration would be (should be) frown upon by sysadmin, different $HOME value, will yield different PATH=$HOME/bin:.. (which is what you are looking), yet you still have to have a common part in $PATH, and in the end it is not likely you configuration would be easiest.



        You can also be running automatic software tests and want to keep separate directories (home dir in this case), with a unique id for test user.



        but, I mean ...



        pwck (password check) will issue a warning







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 21 '17 at 13:26


























        community wiki





        2 revs
        Archemar




























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f405572%2fid-and-whoami-commands-shows-different-user%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
            Read more

            Bahrain

            Image
            For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
            Read more

            Postfix configuration issue with fips on centos 7; mailgun relay

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
            Read more