LinuxCommandLibrary

id

Display user and group identification numbers

TLDR

Display current user's ID (UID), group ID (GID) and groups to which they belong

$ id
copy

Display the current user identity
$ id [[-un|--user --name]]
copy

Display the current user identity as a number
$ id [[-u|--user]]
copy

Display the current primary group identity
$ id [[-gn|--group --name]]
copy

Display the current primary group identity as a number
$ id [[-g|--group]]
copy

Display an arbitrary user's ID (UID), group ID (GID) and groups to which they belong
$ id [username]
copy

SYNOPSIS

id [OPTION]... [USERNAME]

PARAMETERS

-g, --group
    Print only the effective group ID.

-G, --groups
    Print all group IDs (real, effective, and supplementary).

-n, --name
    Print name instead of number for -ugG options.

-r, --real
    Print real ID instead of effective ID for -ugG options.

-u, --user
    Print only the effective user ID.

-Z, --context
    Print only the security context (e.g., SELinux context).

-z, --zero
    Delimit entries with NUL characters, useful for scripting.

--help
    Display a help message and exit.

--version
    Output version information and exit.

DESCRIPTION

The id command in Linux is used to display user and group identity information for the current user or a specified USERNAME.

By default, when invoked without any arguments, id shows the real user ID (RUID), effective user ID (EUID), and saved user ID (SUID), along with the real group ID (RGID), effective group ID (EGID), saved group ID (SGID), and all supplementary group IDs that the user belongs to.

This command is crucial for understanding the security context of a process or a user. It helps in diagnosing permission issues by revealing exactly which user and group IDs a process is operating under. The distinction between real and effective IDs is particularly important in scenarios involving setuid/setgid programs, where the effective ID changes to that of the file owner while the real ID remains that of the invoking user.

id is part of the GNU Core Utilities, making it a fundamental and universally available tool on most Linux distributions.

CAVEATS

When a program is executed with the setuid or setgid bit set, its effective user/group ID changes to that of the file owner/group, while the real user/group ID remains that of the user who executed it. The id command helps differentiate these, but understanding the implications of effective vs. real IDs is crucial for security. The -Z option for security context is specific to systems with Mandatory Access Control (MAC) frameworks like SELinux or AppArmor; it will not show meaningful output on systems without these enabled.

UNDERSTANDING IDS

RUID/RGID: Real User/Group ID, identifies the actual user/group who started the process.
EUID/EGID: Effective User/Group ID, determines the process's permissions for accessing resources. This can change for setuid/setgid programs.
SUID/SGID: Saved User/Group ID, used by a process to temporarily revert its effective ID to the real ID and then restore the effective ID.

EXAMPLES

To show your own IDs:
id

To show IDs for a specific user (e.g., 'root'):
id root

To get only your effective username:
id -un

To list all groups a user (e.g., 'myuser') belongs to, by name:
id -Gn myuser

HISTORY

The id command has been a standard utility in Unix-like operating systems for decades, providing a simple way to query user and group identities. Its inclusion in GNU Core Utilities ensures its widespread availability and consistent behavior across Linux distributions. Over time, options like -Z were added to accommodate new security features (e.g., SELinux), and others like -a became default behavior, simplifying the command's usage. Its core functionality, however, remains unchanged: to display identity information.

SEE ALSO

whoami(1), groups(1), logname(1), users(1), getent(1), passwd(5), group(5)

Copied to clipboard