id Command: Tutorial & Examples

Display User and Group Identity Information in Linux

The id command in Linux is a fundamental tool for displaying user and group identity information. It shows the real and effective user IDs (UID), group IDs ( GID), and all the groups a user belongs to. This information is essential for managing permissions, troubleshooting access issues, and scripting user-related logic on Linux servers.

The command works by querying underlying system databases such as local files or network services to retrieve identity details. It is widely used by system administrators and users alike to confirm user identities and group memberships, which directly affect file access and process privileges.

What It Does

The id command displays identity information about a user, including:

• The real user ID (UID): The user who owns the process.
• The effective user ID (EUID): The user whose permissions are currently applied (may differ due to privilege escalation).
• The real group ID (GID): The primary group of the user.
• The effective group ID (EGID): The group permissions currently applied.
• All supplementary groups the user is a member of.

The output typically looks like this:

uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo)

This indicates that the user has UID 1000 with username "user1", primary group ID 1000 named "user1", and belongs to additional groups such as adm, cdrom, and sudo.

How It Works

The id command retrieves user and group information by consulting the system's Name Service Switch (NSS) configuration. This means it can query local files such as /etc/passwd and /etc/group, or network services like LDAP, NIS, or others configured on the system.

The command fetches and displays:

• User identifiers (UID and EUID).
• Group identifiers (GID and EGID).
• Supplementary groups assigned to the user.

The difference between real and effective IDs is important:

• The real UID is the user who started the process.
• The effective UID determines the permissions the process currently has, which can differ when using setuid programs or privilege escalation with sudo.

Understanding these distinctions helps troubleshoot permission issues and security configurations.

What It Is Used For

The id command serves many purposes, including:

• Troubleshooting permission problems by verifying user and group identities.
• Confirming user identity after switching users with su or sudo.
• Checking group memberships to understand file access rights.
• Scripting to conditionally execute commands based on user privileges.
• Auditing and security by verifying which groups a user belongs to.

Why It Is Important

In Linux, permissions are tied closely to user and group IDs. The id command is crucial because:

• It helps system administrators understand who owns processes and files.
• It assists in diagnosing access denials or permission errors.
• It clarifies the effective permissions of a process, which may differ from the real user.
• It provides insight into group memberships that influence access control.

Without this command, managing multi-user environments and securing systems would be significantly more difficult.

How To Use It

Running id without arguments displays the identity of the current user:

id

Sample output:

uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo)

To display info for a specific user, pass the username as an argument:

id root

Example output:

uid=0(root) gid=0(root) groups=0(root)

Common Command Line Parameters

The id command supports several options to customize output:

• -u or --user: Show only the effective user ID.

  id -u
  

  Output example:

  1000
  

• -g or --group: Show only the effective group ID.

  id -g
  

  Output example:

  1000
  

• -G or --groups: Show all group IDs the user belongs to.

  id -G
  

  Output example:

  1000 4 24 27
  

• -n or --name: Show the name instead of the numeric ID. Often combined with -u, -g, or -G.

  id -un
  

  Output example:

  user1
  

• -r or --real: Show the real ID instead of the effective ID (used with -u, -g).

  id -ur
  

  Output example:

  1000
  

Examples Combining Options

• Show the username of the effective user ID:

  id -un
  

• Show the group name of the real group ID:

  id -gr
  

• Show all group names the user belongs to:

  id -Gn
  

Practical Examples Using id

1. Display current user’s full identity:

   id
   

   Output:

   uid=1000(user1) gid=1000(user1) groups=1000(user1),4(adm),24(cdrom),27(sudo)
   

2. Display numeric user ID only:

   id -u
   

   Output:

   1000
   

3. Display current user's name using numeric ID with name:

   id -un
   

   Output:

   user1
   

4. Display groups of another user (e.g., www-data):

   id www-data
   

   Output (example):

   uid=33(www-data) gid=33(www-data) groups=33(www-data)
   

5. Check if running as root in a script:

   if [ "$(id -u)" -eq 0 ]; then
           echo "Running as root"
   else
           echo "Not root user"
   fi
   

Common Errors and Troubleshooting

• User Does Not Exist: If you query a non-existent user, id outputs:

  id: ‘fakeuser’: no such user
  

• Permission Denied: Usually, id can be run by any user to query their own identity and groups. However, depending on system configuration and NSS modules, querying some user info may be restricted.

• Unexpected Output: If user or group names contain unusual characters, output may be harder to parse.

• NSS or LDAP Issues: Problems with name service configuration can cause id to fail or produce incomplete info.

Tips and Best Practices

• Use id in scripts to check user privileges before executing commands that require specific permissions.
• Combine id options to get just the info you need, for easier parsing.
• When switching users, verify the effective identity with id to ensure permissions are as expected.
• Remember that group memberships may change after login; re-login or re-source environment if group changes occur.

Scripting and Integration With Other Tools

The id command is often used in shell scripts to verify user or group identity:

# Check if user belongs to 'sudo' group

if id -nG "$USER" | grep -qw "sudo"; then
    echo "User $USER has sudo privileges"
else
    echo "User $USER does NOT have sudo privileges"
fi

This snippet lists all group names the user belongs to (id -nG), then searches for "sudo".

Security Considerations

• Knowing user and group IDs is essential for file and process permission security.
• Running commands with elevated privileges (sudo) changes effective UID/GID; id helps verify this.
• Scripts that check user identity help prevent unauthorized access or privilege escalation.
• Be cautious about exposing user and group information in logs or output that may be accessible to others.

Possible Alternatives or Related Commands

• groups: Show groups a user belongs to.
• whoami: Show the current effective username.
• getent: Query NSS databases, including passwd and group.

See Also

• groups
• whoami
• getent
• permission problems
• /etc/passwd
• /etc/group
• su
• sudo
• shell

Further Reading

• Linux for Hackers by Mark Reed (partner link)
• How Linux Works by Brian Ward (partner link)
• Linux for Beginners by Jason Cannon (partner link)
• Expert Linux Administration Guide by Vishal Rai (partner link)

As an Amazon Associate, I earn from qualifying purchases.