This Article IsCreated at 2024-05-09Last Modified at 2024-05-10Referenced as ia.www.f37

How POSIX User ID and Supplementary Group IDs are Set On Login

This is usually done by the login(1) setuid executable.

It looks up /etc/passwd with the username and gets the User ID and the Primary Group ID. This is the 0:0 in /etc/passwd.


It looks up /etc/group with the username and gets all the groups the user is in (Supplementary Group IDs).

Then, it spawns a shell (the shell command is also read from /etc/passwd) in a new session (kernel concept) with the User ID, Primary Group ID, Supplementary Group IDs. It also sets $USER and other environment variables.

One uid can have multiple names, and one gid can have multiple names.

Here’s an example from FreeBSD:


toor:*:0:0:Bourne-again Superuser:/root:



Now observe the magic:

user@ed ~> doas -s -u root
root@ed ~# groups
wheel operator
root@ed ~# exit
user@ed ~> doas -s -u toor
toor@ed ~# groups

An even more cursed idea:


As it turns out, the source of uid/gid comes is less straightforward than simply reading /etc/passwd. libc (providing getpwent(3) and family) reads /etc/nsswitch.conf to see if it should access /etc/passwd or some other place.

Authentication modules like in Linux-PAM uses getpwent(3) to check passwords of UNIX users.