2.f. verifying user access level
id & groups Verifying user access levels.
What You Will Learn
- Understand the role of **user IDs (UIDs) and **group IDs (GIDs) in Linux.
- Learn how to check which groups a user belongs to.
- Use
id,groups, and related commands to verify access levels. - Diagnose permission issues by comparing UID/GID against file ownership.
- Apply verification to **WordPress folder ownership (
/var/www). - Distinguish between **primary group and supplementary groups.
- Interpret
idoutput to troubleshoot permission denied errors. - Implement best practices for group management in WordPress VPS.
Prerequisites
- **Access Level: Normal user account;
sudofor checking other users. - **Software: Pre-installed Linux tools (
id,groups,whoami). - **Knowledge: Basic Linux permissions (
ls -l), ownership concepts.
5W + 1H Framework
| Question | Answer |
|---|---|
| What | id, groups, whoami → commands to view user and group information. |
| Why | To confirm whether a user has the right permissions for WordPress folders/files. |
| When | Before granting permissions, after user creation, during troubleshooting. |
| Where | /etc/passwd, /etc/group, and runtime environment of /var/www. |
| Who | Admins, developers, DevOps working with multi-user WordPress VPS. |
| How | By running id USER, groups USER, whoami, and comparing with file ownership. |
Core Commands Reference
| Command | Purpose | Example | Expected Output |
|---|---|---|---|
id | Show UID, GID, and group memberships | id | uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),27(sudo),33(www-data) |
id USERNAME | Check details for another user | id www-data | uid=33(www-data) gid=33(www-data) groups=33(www-data) |
groups | List groups current user belongs to | groups | ubuntu : ubuntu sudo www-data |
groups USERNAME | List groups for another user | groups ubuntu | ubuntu : ubuntu sudo www-data |
whoami | Show current effective username | whoami | ubuntu |
getent passwd USERNAME | Get account entry from /etc/passwd | getent passwd www-data | www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin |
getent group GROUPNAME | Get group entry from /etc/group | getent group www-data | www-data:x:33:ubuntu |
Understanding UID and GID
- **UID (User ID): Unique number identifying a user.
- Example:
uid=1000(ubuntu) - **GID (Group ID): Primary group associated with the user.
- Example:
gid=1000(ubuntu) - **Supplementary Groups: Additional groups granting extra rights.
- Example:
groups=1000(ubuntu),27(sudo),33(www-data)
WordPress Example:
If wp-content/uploads/ is owned by www-data:www-data, the PHP process (www-data) needs to appear in the id or groups output for uploads to work.
Practical WordPress Use Cases
| Scenario | Command | Expected Outcome |
|---|---|---|
Check if ubuntu user can manage uploads | groups ubuntu | Should include www-data if ACL/group access configured. |
| Verify PHP-FPM user identity | `ps aux | grep php-fpm→ thenid USER` |
| Debug file ownership error | ls -l wp-content/uploads/ + id | Compare owner/group of files vs your groups. |
| Audit all WordPress users/groups | `getent passwd | grep -E "ubuntu |
Command Examples with Expected Outputs
Check Current User
whoami
Output:
ubuntu
Check UID, GID, and Groups
id
Output:
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),27(sudo),33(www-data)
Check Groups for Specific User
groups www-data
Output:
www-data : www-data
Get Detailed Entry
getent passwd www-data
Output:
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
Verify Group Membership
getent group www-data
Output:
www-data:x:33:ubuntu
Meaning: ubuntu belongs to www-data group.
Benefits for WordPress Management
| Action | Benefit |
|---|---|
id / groups | Confirms user belongs to web server group (www-data). |
whoami | Prevents accidental root vs normal user operations. |
getent | Verifies system-level user and group database entries. |
Comparing with ls -l | Direct mapping between file ownership and user access. |
Implementation Steps
-
Check your identity:
whoami -
Verify your UID, GID, and groups:
id -
Confirm youre in
www-data(or PHP user group):groups -
Audit WordPress ownership vs groups:
ls -ld /var/www/html/wp-content/uploads/id -
If missing access, add user to group:
sudo usermod -aG www-data ubuntu
Troubleshooting Matrix
| Symptom | Likely Cause | Fix |
|---|---|---|
| “Permission denied” when uploading | User not in www-data group | sudo usermod -aG www-data <user> then re-login |
Files owned by root | Commands run as sudo created files | sudo chown -R www-data:www-data /var/www/html |
| Web server cannot write to uploads | PHP-FPM user not in group | Check id www-data and adjust ACLs or ownership |
| Group changes not applied | User session not refreshed | Re-login or newgrp www-data |
Quick Lab
# 1. Check current user
whoami
# 2. View groups
groups
# 3. Inspect uploads ownership
ls -ld /var/www/html/wp-content/uploads/
# 4. Verify web server identity
id www-data
# 5. Add your user to web server group (if missing)
sudo usermod -aG www-data ubuntu
Expected Results:
- You confirm your username (
whoami). - Groups include
www-data. - Uploads directory shows
www-dataownership.
Cheat Sheet
| Command | Purpose |
|---|---|
whoami | Show current username |
id | Show UID, GID, groups |
id USER | Show another user’s details |
groups | List current user’s groups |
groups USER | List another user’s groups |
getent passwd USER | View user entry |
getent group GROUP | View group entry |
usermod -aG group user | Add user to group |
Mini Quiz
- What does
idshow thatgroupsdoesnt? - Why is being part of
www-datagroup important for WordPress admins? - Which command verifies the primary group of a user?
- What must you do after
usermod -aGto apply group changes? - How would you check if
ubuntuis part ofwww-datagroup?