Overview
In a Linux system, the id command is used to display identification information (UID, GID) and all group memberships for the current user or a specified user. It is vital for troubleshooting permission issues and verifying credentials within shell scripts to ensure that the correct authorization levels are met.
Specifications (Arguments and Options)
Syntax
BASH
id [options] [username]
Main Options
| Option | Description |
| -u, –user | Displays only the effective User ID (UID). |
| -g, –group | Displays only the effective Group ID (GID). |
| -G, –groups | Displays all associated Group IDs. |
| -n, –name | Displays names instead of numeric IDs (used with -u, -g, or -G). |
| -z, –zero | Uses a NULL character (\0) as a delimiter instead of a space. |
Basic Usage
In a system audit scenario, you might need to check the detailed identity of a user named mori who is currently operating the system.
BASH
# Display UID, GID, and all groups for user mori
id mori
Example Output
uid=1001(mori) gid=1001(mori) groups=1001(mori),10(wheel),998(docker)
If you specify a username that does not exist, the command will return an error.
BASH
# Specifying a non-existent user
id invalid_user
Example Output
id: ‘invalid_user’: no such user
Practical Command Scenarios
Identifying Effective User ID and Username
Within an automated maintenance script, you can extract just the ID or the name to verify if the current process is running as root (UID: 0) or as a specific auditor account.
BASH
# Display only the numeric effective UID
id -u
# Display only the string username
id -un
Analyzing Group Memberships
This is used to retrieve a list of group names that are easy for humans to read, rather than numeric GIDs.
BASH
# Display all associated group names for user mori
id -Gn mori
Example Output
mori wheel docker
Changing the Delimiter to NULL
When a user belongs to many groups or when group names contain spaces, you can use the NULL character as a delimiter to process the list safely within a program.
BASH
# Display group names separated by NULL characters
id -Gnz mori
Verifying Effective User During Privilege Escalation
When executing commands via sudo, you can verify which user identity the system is currently recognizing for the process.
BASH
# Effective username during standard execution
id -un
# Effective username during sudo execution (recognized as root)
sudo id -un
Example Output
mori
root
Important Considerations
The effective UID (euid) and the real UID are usually the same. However, when running programs with SUID (Set User ID) permissions, the id command may display an “euid” field. It is important to remember that the system determines permissions based on this effective user ID. Additionally, in environments using external directory services like LDAP or Active Directory, group changes might not appear immediately due to caching. In such cases, clearing the service cache or logging in again is necessary to see the updated information.
Summary
The id command is an essential tool for clarifying your identity and permissions within a Linux system. When file access is denied, you can quickly identify the cause by verifying if your numeric UID or GID matches the owner settings of the file. By effectively combining options like -n for names or -z for NULL delimiters, you can adapt the command for everything from manual checks to automated script processing.
