This PR is a rework of #5615.

Ditto all the review comments I made on the last PR, of course.

Just to clarify in this thread. I can removed System.{user, group,user?,group?}.

Does this reflect the distinction between gid/egid and uid/euid?
("reflect" in the sense that all four can be separately inspected/modified via the crystal API)

(later: nevermind. Based on a quick skim over the changes, it looks like it does)

@drosehn - Process has a method for real, effective and saved users/groups.

Just to clarify in this thread. I can removed System.{user, group,user?,group?}.

I guess that's still open for debate. Let's wait to here some thoughts on which of these should be preferred:

• System::User.get and System::Group.get (plus ?-methods)
• System.user and System.group (plus ?-methods)

There are certainly arguments for both. User.get/Group.get means single responsibility. On the other hand, there is also Process.user. Should this then also be User.current? The method name get is somewhat arbitrary. The reason to avoid new is solid, but it's not entirely natural to use get. In Go, for example, it's User.Lookup.
So I actually tend to favour System.user/System.group because it follows the same scheme as Process.user/Process.group, as well as existing System class methods: System.hostname means "give me the system's hostname", System.user("root")means "give me the system's user with name 'root'".

Instead of {User, Group}.exists?() I am going to implement User.uid?(), Group.gid?(), User.name?(), and Group.name?() as lighter-weight checkers of existence and fetchers of info.

@straight-shoota - @RX14, put it in as changes to be made in the previous PR. I personally wouldn't use it. All I am interested in is making sure I can use System::{User, Group).get().

@straight-shoota - I like System::User.lookup(), System::User.lookup?(), and the Group equivalents but its uncomfortably long. Though I am willing to change it. All being said I still like square brackets best.

Let's freeze changes to this PR and wait a few days for other people to weigh in on how they think the API should work. No more nitpicks on the implementation until we've decided on the interface please!

Sure, though I have some changes to documentation in the pipe.

@chris-huxtable if you've written stuff, push it, but i'd suggest not writing more and waiting for consensus to emerge.

@Sija please make your reviews one review with multiple comments, instead of multiple reviews.

@drosehn - As of right now it doesn't let you set the real/effective/saved uid's independently. It can be done if you want to use LibC. From a security standpoint, someone not understanding the difference will likely screw things up, so I think it best to not make it easy to do so.

I would also like to float the idea of having Process.root?() to see if you are running as root. Which would be more light-weight then Process.user == System::User.get(root)

def self.root?() : Bool
  return LibC.getuid == 0
end

As of right now it doesn't let you set the real/effective/saved uid's independently. It can be done if you want to use LibC. From a security standpoint, someone not understanding the difference will likely screw things up, so I think it best to not make it easy to do so.

Well, that seems less-than-wonderful to me, but then I'm a systems programmer who has worked on Solaris, MacOS, AIX (ugh), and Linux for many years. I already wrote a crystal program which uses these features, because I know what I'm doing with the different values. I stopped after implementing what I needed, because I wasn't sure how I'd write specs for setting these values, when you have to be root in order to set them. I trust me with root access on my machines, but I'm not sure how could write specs which would need to be run as root!

(note: i have no experience in writing specs for a compiler's standard library)

@drosehn - I don't have specs for any of the setuid/et al. methods because it would be dangerous to run as root. What I may do though is make some that catch the raises which would be thrown when they fail. This would at least test for the failing cases.

Ready for review, provided this passes tests (which they should).

We can add an explicit getter for named and id based values. But that seems kludgy.

There is no way around something like this. We can't distinguish ids from names by data type if both are strings. And there is no way to distinguish by value because according to POSIX definition, any id should also be a valid name.

One alternative is to have separate methods from_uid/from_username. The other option is to use the same method name but different argument names: get(gid: "123")/get(name: "root").

What about extending the API with Int overloads for Unix systems? IDs are a feature that Windows doesn't have.

For usernames, the API can be the same because this feature is in common.

@chris-huxtable It seems we're waiting for you to address some of the review comments and rebase on master.

@straight-shoota - I haven’t had time. I am hopefully going to have some down time in the coming weeks.

JFYI: I'm going to try to revive a trimmed-down version of this (just System::Group and System::User).

Closed by #7725