id: output the effective group for the process

* src/id.c (print_full_info): When no user is specified, output the effective group for the _process_, rather than the default group from the system database, which may be different. * tests/id/setgid.sh: Add a case for `id` as well as `id -G`. * NEWS: Mention the bug fix. Fixes http://bugs.gnu.org/7320 Reported at http://bugzilla.redhat.com/1016163
2026-04-19 18:26:32 +02:00 · 2014-06-25 18:26:23 +01:00
parent d71c12f1e4
commit 408461c0e7
3 changed files with 27 additions and 14 deletions
--- a/6
+++ b/6
@@ -67,6 +67,12 @@ GNU coreutils NEWS                                    -*- outline -*-
  now copies all input to stdout.  Previously nothing was output in this case.
  [bug introduced with the --lines=-N feature in coreutils-5.0.1]

+  id, when invoked with no user name argument, now prints the correct group ID.
+  Previously, in the default output format, it would print the default group ID
+  in the password database, which may be neither real nor effective.  For e.g.,
+  when run set-GID, or when the database changes outside the current session.
+  [bug introduced in coreutils-8.1]
+
  ln -sf now replaces symbolic links whose targets can't exist.  Previously
  it would display an error, requiring --no-dereference to avoid the issue.
  [bug introduced in coreutils-5.3.0]
--- a/src/id.c
+++ b/src/id.c
@@ -399,19 +399,20 @@ print_full_info (const char *username)
    gid_t *groups;
    int i;

-    int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : -1),
-                               &groups);
+    gid_t primary_group;
+    if (username)
+      primary_group = pwd ? pwd->pw_gid : -1;
+    else
+      primary_group = egid;
+
+    int n_groups = xgetgroups (username, primary_group, &groups);
    if (n_groups < 0)
      {
        if (username)
-          {
-            error (0, errno, _("failed to get groups for user %s"),
-                   quote (username));
-          }
+          error (0, errno, _("failed to get groups for user %s"),
+                 quote (username));
        else
-          {
-            error (0, errno, _("failed to get groups for the current process"));
-          }
+          error (0, errno, _("failed to get groups for the current process"));
        ok = false;
        return;
      }
--- a/tests/id/setgid.sh
+++ b/tests/id/setgid.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Verify that id -G prints the right group when run set-GID.
+# Verify that id [-G] prints the right group when run set-GID.

 # Copyright (C) 2012-2014 Free Software Foundation, Inc.

@@ -20,16 +20,22 @@
 print_ver_ id
 require_root_

-g=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+u=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+g=$u

 # Construct a different group number.
 gp1=$(expr $g + 1)

 echo $gp1 > exp || framework_failure_

-chroot --user=$NON_ROOT_USERNAME:$gp1 --groups='' / env PATH="$PATH" \
-  id -G > out || fail=1
-compare exp out || fail=1
 # With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+chroot --user=+$u:+$gp1 --groups='' / env PATH="$PATH" \
+  id -G > out || fail=1
+compare exp out || { cat out; fail=1; }
+
+# With coreutils-8.22 and earlier, id would erroneously print groups=$g
+chroot --user=+$u:+$gp1 --groups='' / env PATH="$PATH" \
+  id > out || fail=1
+grep -F "groups=$gp1" out || { cat out; fail=1; }

 Exit $fail