21
3
Im not sure why the following have different output. My understanding is that groups without specifying a user give all the groups the currently logged in user is a member of.
jacob@box:~$ groups
jacob adm lp dialout cdrom plugdev lpadmin sambashare
jacob@box:~$ groups jacob
jacob : jacob
Also what does it mean "groups of the current process" (from the groups man page)? Where are they set up?
NOTE: My distro is Ubuntu.
Jake
Posted 2011-06-08T17:37:55.447
Reputation: 579
12
It could be one of the following:
The groups are set in the /etc/group.
8
Just as every process has a current real and effective user ID, and a real and effective group ID, it also has a list of supplementary groups. These are numbers (not names) all maintained by the kernel. They are set by the login process (or display manager) when you log it, just like your user ID. They are inherited by sub-processes, just like your user ID.
When you run groups with no arguments, it ultimately invokes getgroups() to obtain the supplementary group list from the kernel. (On my Linux system, /usr/bin/groups is a shell script that runs "id -Gn", which in turn invokes getgroups().)
When you run groups username, the command has to "guess" what the supplementary groups will be when that user logs in. It generally does this by reading /etc/group or talking to NIS or talking to nscd or... Well, there are a lot of ways it might work.
What you are observing is similar to discovering that your current real user ID and your entry in /etc/passwd are inconsistent. This means there is something a little odd about your system's configuration, but it is hard to say what without more investigation.
Nemo
Posted 2011-06-08T17:37:55.447
Reputation: 276
3
(Remark: The groups command, although still useful, is mostly superseded by
the id command.)
A user has a primary group that is traditionally defined in the file
/etc/passwd file with which he logs in, but that today may have other sources.
He may also be a member of additional groups, known as secondary or
supplementary groups,
traditionally specified in the file /etc/groups,
but which today can also come from or be implied by
additional sources (such as NIS, LDAP, SAMBA etc).
Primary and supplementary groups are defined at the time of login and remain current.
However, the user can at any time change his current active primary group
by using the newgrp command.
The login process sets the primary and supplementary groups. For the later, it typically calls the libc function initgroups, which compiles the list of supplementary group data and passes it to the setgroups function, which establishes it in the context of the process.
The sources of information for initgroups are:
used by the GNU C Library and certain other applications to determine the sources from which to obtain name-service information in a range of categories, and in what order. Each category of information is identified by a database name.
The groups command shows the groups as currently applied to your user,
and the list will start with the current primary group followed by the
supplementary groups from the time of login.
Any changes to the sources of the data from after the time of login
are not reflected in the displayed list.
The groups username command is asking Linux to calculate the groups for that user,
which it will do using principally the files /etc/password
and /etc/groups and then the additional sources.
This will reflect the current situation of the system files and may not
equal the current groups that are still in effect from the time of login.
The groups username command may give a different result
when it doesn't use all the sources that the login process used to calculate
your supplementary groups, which is what apparently happened in your case.
These sources may not be accessible from your login or may just not be consulted
by the command.
Using the id username command may give better results, although also not guaranteed
to be as complete as that of the login process. The id command
is more recent than, and was intended to be more precise than,
the old groups command.
While the groups command gives a precise and correct result,
you have well demonstrated that the groups username command
cannot be depended upon to do the same.
Without examining the source-code of the groups command, I would guess
that the implementation of the groups username command in your Linux
distribution analyzes /etc/groups, which in your case contained nothing,
but does not use /etc/nsswitch.conf, from which came all of your
supplementary groups. Therefore is listed only the primary group name,
jacob.
For more information see:
harrymc
Posted 2011-06-08T17:37:55.447
Reputation: 306 093
1I am having this issue in reverse. 'groups myname' gives me all the groups I have in the /etc/groups file, but doing just 'groups' shows me only my primary group. And, indeed, commands that require I be in a certain supplementary group fail due to lack of permissions. Sure wish I knew what was causing this. – Todd Walton – 2018-12-10T20:57:29.277
@Jake Try logging out and then back in. – None – 2011-06-08T17:58:25.670