10

I did a usermod to add the current user user in a group, but when I run id -Gn it only shows the main user's group:

[user@computer ~]$ id -Gn 
user

But when I specify the user, it works normally:

[user@computer ~]$ id -Gn user
user newgroup

Do you have an idea why it works like it? Am I missing something concerning the groups management in UNIX?

Braiam
  • 35,380
  • 25
  • 108
  • 167
Notiggsam
  • 103
  • 1
  • 1
  • 6

1 Answers1

18

That's because your active set of groups is only determined at login. You'll need to logout and login again to pick up the change and see it reflected by id. You can see this another way by issuing cat /proc/$$/status which lists most of your current (session) process states.

BobDoolittle
  • 1,607
  • 15
  • 26
  • 1
    +1. Just in order to point out the difference: when calling `id -Gn user`, `id` will perform a group lookup based on `/etc/group`. When calling `id -Gn`, `id` will only lookup groups registered in the current session (that is, for the current *user*). – John WH Smith Aug 10 '14 at 15:22
  • @JohnWHSmith: run `strace id`, you can see it read information from `/etc/group`. – cuonglm Aug 10 '14 at 15:25
  • Thanks all, I just logged out and in and it works now. Thanks for the precisions. – Notiggsam Aug 10 '14 at 15:27
  • The `/etc/group` file is the *default* way group information is stored. Systems can supplement it with other sources such as YP/NIS and LDAP. The `id` and `getent` commands will query whatever source(s) the system uses. (Likewise for `/etc/passwd` and several other databases). – Keith Thompson Aug 10 '14 at 19:15
  • 2
    That `id` reads `/etc/group` in either case is not relevant. `id` will call `getgroups(3)`, which returns an array of `gid_t` types (integers) for the current session. `id` needs to scan the `/etc/group` file to retrieve the names for the groups (e.g. `100(users)`, `10(wheel)`...). When you give a username to `id`, it has to open the `/etc/passwd` file to get the user ID, then it finds groups that this user belongs to in the `/etc/group` file. – sleblanc Aug 10 '14 at 19:21
  • [`newgrp -`](http://linux.die.net/man/1/newgrp) might also be useful. – bishop Aug 10 '14 at 19:54
  • 2
    @slebanc - that's incorrect. If you invoke id with no specific user, it will do as John WH Smith suggested - it will only return groups registered in the current session, and will not utilize /etc/group directly or indirectly. Try it for yourself and see. Add a group to /etc/group for yourself and then run id. You won't see the new group until you logout and login again. Not only that, but as Keith Thompson stated, when getting group names the /etc/group file is only utilized if the nsswitch.conf file lists "files" for the group map. Although that's the default other sources can be configured. – BobDoolittle Mar 24 '16 at 21:19
  • You are not contradicting what sleblanc actually wrote, or the point that sleblanc was making in response to cuonglm, who indeed actually _had_ tried it for xyrself and seen it using `/etc/group`. – JdeBP Jun 22 '20 at 17:48