# **User Accounts** - User accounts are configured in the /etc/passwd file - User password hashes are store in the /etc/shadow file - Users are identified by an integer user ID (UID) - The root user account has a UID of 0 - Groups are configured in the /etc/group file. - Users have a primary group, and can have multiple secondary or supplementary groups. - By default, a user's primary group has the same name as their user account. - Users are identified by user ID, in fact each user has 3 IDs in linux (real, effective, and saved) - A user's real ID is who they actual are (the ID defined in /etc/passwd). Ironically, the real ID is actually used less often to check a user's identity. - A user's effective ID is normally equal to their real ID, however when executing a process as another user, the effective ID is set to that user's real ID. - The effective ID is used in most access control decisions to verify a users, and commands such as whoami use the effective ID. - The saved ID is used to ensure that SUID processes can temporarily switch a user's effective ID back to their real ID and back again with out losing track of the original effective ID. ### Print real and effective user / group IDs: ```bash ┌──(kali㉿kali)-[~] └─$ id uid=1000(kali) gid=1000(kali) groups=1000(kali),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),109(netdev),119(wireshark),121(bluetooth),133(scanner),141(kaboxer) ``` - The above command will print the user ID (uid) and group ID (gid), along with the effective user ID and effective group ID if they are different. ### Print real, effective, saved, and file system user / group IDs of the current process (i.e. our shell): ```bash ┌──(kali㉿kali)-[~] └─$ cat /proc/$/status | grep "[UG]id" Uid: 1000 1000 1000 1000 Gid: 1000 1000 1000 1000 ```