- Everything Important You Need to Know About UID in Linux
- What is UID in Linux?
- How to find the UID of a user in Linux?
- How to change UID of a user in Linux?
- How does UID associate with different system resources? [for advanced users]
- UID and files
- UID and processes
- 12 Ways to Find User Account Info and Login Details in Linux
- 1. id Command – Show User and Group IDs
- 2. groups Command – View User Group Memberships
- 3. finger Command – Show User Information
- 4. getent Command – Fetch User Info from System Database
- 5. grep Command – Search for Patterns or Specific Text in Files
- 6. lslogins Command – Display User Information in Linux
- 7. users Command – List Current Logged-In Users on Linux
- 8. who Command – Show Information Of Currently Logged-In Users
- 9. w Command – Show Currently Logged-In User Activity
- 10. last Command – Show Most Recent Login Session
- 11. lastb Command – Show Failed Login Attempts
- 12. lastlog Command – List User Login Information
Everything Important You Need to Know About UID in Linux
This Linux Basics guide teaches you everything important associated with UID in Linux.
What is UID in Linux?
UID stands for user identifier. A UID is a number assigned to each Linux user. It is the user’s representation in the Linux kernel. The UID is used for identifying the user within the system and for determining which system resources the user can access. This is why the user ID should be unique.
You can find UID stored in the /etc/passwd file. This is the same file that can be used to list all the users in a Linux system.
Use a Linux command to view text file and you’ll see various information about the users present on your system.
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin johndoe:x:1000:1000:John Doe. /home/helder:/bin/bash davmail:x:127:65534::/var/lib/davmail:/usr/sbin/nologin statd:x:128:65534::/var/lib/nfs:/usr/sbin/nologin
The third field here represents the user ID or UID.
Do note that in most Linux distributions, UID 1-500 are usually reserved for system users. In Ubuntu and Fedora, UID for new users start from 1000.
For example, if you use adduser or useradd command to create a new user, it will get the next available number after 1000 as its UID.
How to find the UID of a user in Linux?
You can always rely on the /etc/passwd file to get the UID of a user. That’s not the only way to get the UID information in Linux.
The id command in Linux will display the UID, GID and groups your current user belongs to:
id uid=1000(abhishek) gid=1000(abhishek) groups=1000(abhishek),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),127(kvm)
You can also specify the user names with the id command to get the UID of any Linux user:
id standard uid=1001(standard) gid=1001(standard) groups=1001(standard)
How to change UID of a user in Linux?
Suppose you had several users on your Linux system. You had to delete a user because he/she left the organization. Now you want its UID to be taken by another user already on the system.
You can change the UID by modifying the user using usermod command like this:
You need to have superuser privilege to execute the above command.
Do you remember the file permission and ownership concept in Linux? The ownership of a file is determined by the UID of the owner user.
When you update the UID of a user, what happens to the files owned by this user?While all the files in the home directory of user_2 will have their associated UID changed, you’ll have to manually update the associated UID of other files outside the home directory.
What you can do is manually update the ownership of the files associated with the old UID of the user_2.
find / -user old_uid_of_user_2 -exec chown -h user_2 <> \;
How does UID associate with different system resources? [for advanced users]
UIDs are unique to one another and thus they can also be used to identify ownership of different system resources such as files and processes.
UID and files
I hope you are familiar with the file permission concept in Linux. When you’re creating a file, you’re the owner of this file. Now you can decide who gets to do what with this file. This is part of Linux’s DAC mechanism where each file is left at its owner’s discretion.
You can read a file’s ownership by using either ls or stat command. Let’s do it with the popular ls command and check the ownership of either the binary sleep or passwd .
As you can see, the file /usr/bin/sleep belongs to root:
ls -l $(which sleep) -rwxr-xr-x 1 root root 39048 Mar 6 2020 /usr/bin/sleep
Let’s force it to map the ownership with UID instead of username:
ls -lhn $(which sleep) -rwxr-xr-x 1 0 0 39K Mar 6 2020 /usr/bin/sleep
Here’s fun information. Your operating system doesn’t understand «usernames». Whenever a program needs to work with usernames or needs to print such, it refers to the /etc/passwd file to extract the information.
You don’t have to take my words for it. See it yourself with strace program which prints all the system calls made by a program.
strace ls -lhn $(which sleep) 2>&1 | grep passwd
What you are trying to see is whether ls command is trying to read the /etc/passwd file or not.
strace ls -lh $(which sleep) 2>&1 | grep passwd openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 6
UID and processes
Processes have owners too, just like files. Only the owner (or the root user) of a process can send process signals to it. This is where the UID comes into play.
If a normal user tries to kill a process owned by another user, it will result in error:
kill 3708 bash: kill: (3708) - Operation not permitted
Only the owner of the process or the root can do this.
A process must be regulated. Regulated as in you need to have a way to limit or know how much a process is allowed to do. This is determined by its UID(s).
There are three types of UIDs associated with a process.
- Real UID: Real UID is the UID that a process adopts from its parent. In easier terms, whoever starts a process, the UID of that user is the real UID of the process. This is helpful in identifying who a process really belongs to. This is essential especially when the effective UID is not the same as the real UID which I’m going to talk about next.
- Effective UID: This is what mostly determines what permissions a certain process really has. While a user can start the process, it can run with a different user’s available permissions. The command passwd is one example of this. This program edits the file /etc/shadow , which is root owned. Therefore, a normal user shouldn’t be able to run this command or change his/her password. Luckily, the binary runs with an effective UID of 0 (i.e. root), which enables it to have enough privilege to edit the /etc/shadow file. Real and effective UIDs are mostly the same except in the case of SUID bit enabled binaries.
- Saved UID: UID that’s available at a process’s disposal. This one is not normally used, but is still there in case the process knows it’s not going to perform any privileged work, so it can change its effective UID to something that’s unprivileged. This reduces the surface of an unintentional misbehavior.
That’s it. I hope you have a better idea about UID in Linux now. Don’t hesitate to ask your questions, if any.
As a pro Linux user, if you think I missed some important concept about UID, please let me know in the comment section.
12 Ways to Find User Account Info and Login Details in Linux
This article will show you useful ways to find information about users on a Linux system. Here we’ll describe commands to get a user’s account details, show login details as well what users are doing on the system.
If you want to add or create users in Linux, use the useradd command, and to modify or change any attributes of an already created user account, use the usermod command via the command line.
You might also like:
We’ll start by looking at 12 useful commands to find a user’s account information, then proceed to explain commands to view login details in the Linux system.
1. id Command – Show User and Group IDs
The id is a simple command line utility for displaying a real and effective user and group IDs identity information for the current user or specified user.
2. groups Command – View User Group Memberships
The groups command is used to display the group memberships for a user. It lists all the groups that a user belongs to, including both primary and supplementary groups.
3. finger Command – Show User Information
The finger command is used to search for information about a user on Linux, which includes detailed information about a specific user or a list of users, including their login name, real name, terminal, idle time, login time, and other relevant details.
The finger command doesn’t come pre-installed on many Linux distributions, you need to install it using your default package manager as shown.
$ sudo apt install finger [On Debian, Ubuntu and Mint] $ sudo yum install finger [On RHEL/CentOS/Fedora and Rocky/AlmaLinux] $ sudo emerge -a sys-apps/finger [On Gentoo Linux] $ sudo apk add finger [On Alpine Linux] $ sudo pacman -S finger [On Arch Linux] $ sudo zypper install finger [On OpenSUSE]
It shows a user’s real name; home directory; shell; login: name, time; and so much more as shown below.
4. getent Command – Fetch User Info from System Database
The getent command is used to retrieve information from various databases, including the system user and group databases. It can be used to retrieve information about users, groups, hosts, networks, protocols, and other system entities that are stored in database files like /etc/passwd, /etc/group, /etc/hosts, etc.
To get a user’s account details, use the passwd database and the username as follows.
5. grep Command – Search for Patterns or Specific Text in Files
The grep command is a powerful command used to search for patterns or specific text in files. It allows you to filter and extract lines from text based on matching patterns. The name “grep” stands for “Global Regular Expression Print“.
You might also like:
You can use grep to find information about a specific user from the system accounts file: /etc/passwd as shown below.
6. lslogins Command – Display User Information in Linux
The lslogins command shows information about known users in the system, which typically includes details such as the username, UID (User ID), GID (Group ID), home directory, shell, last login time, and more, depending on the options used and the system configuration.
$ lslogins -u tecmint $ lslogins -u
7. users Command – List Current Logged-In Users on Linux
The users command is used to display the list of currently logged-in users on the Linux system.
8. who Command – Show Information Of Currently Logged-In Users
The who command is used to display users who are logged on to the system, including the username, terminal, login time, and remote host from which the user is logged in.
9. w Command – Show Currently Logged-In User Activity
The w command shows a summary of the currently logged-in users and their activity, which displays the login session, including the username, terminal, login time, idle time, JCPU (total CPU time used by all processes), PCPU (CPU time used by the current process), and the command or process running on the terminal.
10. last Command – Show Most Recent Login Session
The last command displays a list of the most recent login sessions, which includes information about the users who have logged in, their login times, and the terminals or remote hosts they used for login.
To show all the users who were present at a specified time, use the -p option as follows.
11. lastb Command – Show Failed Login Attempts
The lastb command is used to display a list of the last failed login attempts on the system. It reads from the system log file that records failed login attempts, typically stored in /var/log/btmp.
12. lastlog Command – List User Login Information
lastlog command is used to find the details of the most recent login information for all users or a specific user on the system, which provides details about the last login time and location for each user.
$ lastlog OR $ lastlog -u tecmint
That’s it! If you know any other command-line trick or command to view user account details do share with us.
You might also like:
In this article, we’ve explained various ways to find information about users and login details on a Linux system. You can ask any questions or share your thoughts via the feedback form below.