id Command: Tutorial & Examples
Display User and Group Identity Information in Linux
The id
command in Linux is a fundamental tool for displaying user and group identity information. It shows the real and effective user IDs (UID), group IDs (
GID), and all the groups a user belongs to. This information is essential for managing permissions, troubleshooting access issues, and scripting user-related
logic on Linux servers.
The command works by querying underlying system databases such as local files or network services to retrieve identity details. It is widely used by system administrators and users alike to confirm user identities and group memberships, which directly affect file access and process privileges.
What It Does
The id
command displays identity information about a user, including:
- The real user ID (UID): The user who owns the process.
- The effective user ID (EUID): The user whose permissions are currently applied (may differ due to privilege escalation).
- The real group ID (GID): The primary group of the user.
- The effective group ID (EGID): The group permissions currently applied.
- All supplementary groups the user is a member of.
The output typically looks like this:
uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo)
This indicates that the user has UID 1000 with username "user1", primary group ID 1000 named "user1", and belongs to additional groups such as adm, cdrom, and sudo.
How It Works
The id
command retrieves user and group information by consulting the system's Name Service Switch (NSS) configuration. This means it can query local files
such as /etc/passwd
and /etc/group
, or network services like LDAP, NIS, or others configured on the
system.
The command fetches and displays:
- User identifiers (UID and EUID).
- Group identifiers (GID and EGID).
- Supplementary groups assigned to the user.
The difference between real and effective IDs is important:
- The real UID is the user who started the process.
- The effective UID determines the permissions the process currently has, which can differ when using setuid programs or privilege escalation with
sudo
.
Understanding these distinctions helps troubleshoot permission issues and security configurations.
What It Is Used For
The id
command serves many purposes, including:
- Troubleshooting permission problems by verifying user and group identities.
- Confirming user identity after switching users with
su
orsudo
. - Checking group memberships to understand file access rights.
- Scripting to conditionally execute commands based on user privileges.
- Auditing and security by verifying which groups a user belongs to.
Why It Is Important
In Linux, permissions are tied closely to user and group IDs. The id
command is crucial because:
- It helps system administrators understand who owns processes and files.
- It assists in diagnosing access denials or permission errors.
- It clarifies the effective permissions of a process, which may differ from the real user.
- It provides insight into group memberships that influence access control.
Without this command, managing multi-user environments and securing systems would be significantly more difficult.
How To Use It
Running id
without arguments displays the identity of the current user:
id
Sample output:
uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo)
To display info for a specific user, pass the username as an argument:
id root
Example output:
uid=0(root) gid=0(root) groups=0(root)
Common Command Line Parameters
The id
command supports several options to customize output:
-u
or--user
: Show only the effective user ID.id -u
Output example:
1000
-g
or--group
: Show only the effective group ID.id -g
Output example:
1000
-G
or--groups
: Show all group IDs the user belongs to.id -G
Output example:
1000 4 24 27
-n
or--name
: Show the name instead of the numeric ID. Often combined with-u
,-g
, or-G
.id -un
Output example:
user1
-r
or--real
: Show the real ID instead of the effective ID (used with-u
,-g
).id -ur
Output example:
1000
Examples Combining Options
Show the username of the effective user ID:
id -un
Show the group name of the real group ID:
id -gr
Show all group names the user belongs to:
id -Gn
Practical Examples Using id
Display current user’s full identity:
id
Output:
uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo)
Display numeric user ID only:
id -u
Output:
1000
Display current user's name using numeric ID with name:
id -un
Output:
user1
Display groups of another user (e.g.,
www-data
):id www-data
Output (example):
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Check if running as root in a script:
if [ "$(id -u)" -eq 0 ]; then echo "Running as root" else echo "Not root user" fi
Common Errors and Troubleshooting
User Does Not Exist: If you query a non-existent user,
id
outputs:id: ‘fakeuser’: no such user
Permission Denied: Usually,
id
can be run by any user to query their own identity and groups. However, depending on system configuration and NSS modules, querying some user info may be restricted.Unexpected Output: If user or group names contain unusual characters, output may be harder to parse.
NSS or LDAP Issues: Problems with name service configuration can cause
id
to fail or produce incomplete info.
Tips and Best Practices
- Use
id
in scripts to check user privileges before executing commands that require specific permissions. - Combine
id
options to get just the info you need, for easier parsing. - When switching users, verify the effective identity with
id
to ensure permissions are as expected. - Remember that group memberships may change after login; re-login or re-source environment if group changes occur.
Scripting and Integration With Other Tools
The id
command is often used in shell scripts to verify user or group identity:
# Check if user belongs to 'sudo' group
if id -nG "$USER" | grep -qw "sudo"; then
echo "User $USER has sudo privileges"
else
echo "User $USER does NOT have sudo privileges"
fi
This snippet lists all group names the user belongs to (id -nG
), then searches for "sudo".
Security Considerations
- Knowing user and group IDs is essential for file and process permission security.
- Running commands with elevated privileges (
sudo
) changes effective UID/GID;id
helps verify this. - Scripts that check user identity help prevent unauthorized access or privilege escalation.
- Be cautious about exposing user and group information in logs or output that may be accessible to others.
Possible Alternatives or Related Commands
groups
: Show groups a user belongs to.whoami
: Show the current effective username.getent
: Query NSS databases, including passwd and group.
See Also
Further Reading
- Linux for Hackers by Mark Reed (partner link)
- How Linux Works by Brian Ward (partner link)
- Linux for Beginners by Jason Cannon (partner link)
- Expert Linux Administration Guide by Vishal Rai (partner link)
As an Amazon Associate, I earn from qualifying purchases.