Did you know that users in a Linux system can change their own password using passwd even though they may not have write permission to modify the file “/etc/shadow”, the location of the user’s password?
This works because passwd has a setuid executable bit set, allowing any non-admin user to act as root when running it. Now, it all depends on knowing how Linux UIDs work.
Therefore, understanding how UIDs impact file permissions and the execution of programs can help you enhance your skills as an admin or security specialist. Here, we’ll take a quick look at what UID in Linux means, how to display, assign, and manage them, along with how UIDs in Linux can help you better understand Linux file permissions using practical Bash examples.
Table of Contents:
What is UID in Linux?
UID stands for “user identifier”. Every user on a Linux system is uniquely identified by a UID (User Identifier), which is a 32-bit integer.
Each user account is given this unique identifier number to help the operating system manage file ownership, permissions, and other user-related tasks. Essentially, the User ID in Linux ensures that users have adequate access and control over their files and system resources to keep them secure.
Note: Here, you should understand that UID is stored as an unsigned integer. Traditional Linux systems supported 16-bit UIDs (0–65535), but modern ones (with GNU core utilities and glibc support) use 32-bit UIDs, allowing values up to 4,294,967,295.
Now, let’s discuss the different types of UIDs in Linux to understand this better.
What is the Importance of a User Identifier in Linux?
UID is a crucial part of the Linux security model and decides the users’ level of permissions within the system. UID is used to control and determine which files belong to which users, what system resources a user may access, and what privileged commands a user can run.
When, for instance, a file is created, it is owned by the UID of the user who is involved in the creation process. This basically means that only the user with the corresponding UID can modify or delete the file, provided the file permission is not altered to give access to other users.
The UID is also used to know which user has the permission to run commands as root or access sensitive resources of the system. The super-user account (UID 0) or root user can perform any operation on the system, while a regular user account has restricted rights based on the UID.
Note: Knowing what UIDs are and how they work is important for Linux system administrators and developers, as it allows them to effectively manage user accounts, file rights, and security-related tasks.
What are the Different Types of User Identifiers (UID) in Linux?
In Linux, User IDs (UIDs) are structured into two primary categories:
1. System Users:
UIDs from 0 to 999 are mostly reserved for system users. This group includes the root user, represented by UID 0, who is often referred to as the superuser. The root user has all of the rights in the Linux system, giving them complete access to perform critical tasks such as modifying system files, installing software, and managing other user accounts and management-related tasks.
Note: Most distributions (like, for example, Debian/Ubuntu) reserve UIDs less than 1000 for system accounts. In some other OSes like CentOS/RHEL, you may see 0–499 or 0–999. Always refer to /etc/login.defs
for the real UID ranges on your system.
2. Regular Users:
UIDs starting from 1000 to 65535 are typically allocated to regular user accounts. These UIDs in Linux grant individual users permissions to operate within their environments, ensuring they have personalized spaces while adhering to the overarching security and management protocols of the system.
Note: Modern systems support UIDs up to 4294967295 (32-bit unsigned integer). Understanding how UIDs are divided is important to recognize user roles and permissions in a Linux environment, as it creates the basis for both system integrity and user access control.
How To Find the UID of a User in Linux?
The UID can be located in the /etc/passwd file, which is also used to display all users on a Linux system.
In the output below, the third field corresponds to the User ID, commonly known as UID. while fourth is designated to represent GID.
You can always rely on the /etc/passwd file to get the UID of a user, as we discussed earlier. But that’s not the only way to get the UID information in Linux.
In Linux, the id command displays your UID, GID, and the groups:
id
uid=1000(asha) gid=1000(asha) groups=1000(asha),4(adm),24(cdrom),30(dip),46(plugdevops),116(lpad),126(simbashare)
Here, you can also include the user names with the id command to find the UID of any Linux user:
id name
uid=1001(name) gid=1001(name) groups=1001(name)
Let’s learn a bit about this new term, GID, before moving forward!
GID means Group Identifier, a unique numerical identifier allotted to each group in an operating system. GIDs are fundamentally important for the Linux permission system, working in conjunction with User IDs (UIDs) to control file and resource access.
Similarly, we have one more term, PID! Let’s cover that too.
PID in Linux refers to the Process IDentifier. PID is the numerical identifier that is unique to each process assigned by the operating system kernel while a process is running.
Now understand this: everything that is running on a Linux system is technically a process; this includes things like user-level applications, system daemons, and even background tasks. Each of these processes is assigned a separate PID for the system to be able to distinguish and manage each process separately.
Now, it’s important to note that in most Linux distributions, UIDs from 1 to 500 are typically designated for system users. In Ubuntu and Fedora, new users are assigned UIDs starting from 1000.
For instance, when you use the adduser or useradd command to create a new user, that user will receive the next available UID following 1000. Additionally, UID 0 is specifically reserved for the root user in Linux.
How To Change UID of a User in Linux?
Let’s say you have multiple users on your Linux machine. You have a user that you deleted because he/she has left the company. Now you want another user already on the system to take his/her UID.
The UID can be changed by modifying the user with the usermod command:
usermod -u 1001 user_2
You should have superuser access to be able to run the command above.
Remember the concept of file permissions & ownership in Linux? Ownership of a file is identified by the UID of the owner user.
What happens to a user’s files if you modify the UID of the user? All files in the home directory of user_2 will have their original UID replaced, yet you may have to manually change other files in other locations.
What you can manually do is simply change the owner of the old UIDs’ files.
find / -user <old_uid_of_user_2> -exec chown -h user_2 {} ;
How To Customize User ID In Linux?
Normally, an administrator who wishes to add a user to secondary groups would do this at account creation time using the useradd command with the -G option.
Make sure to include all secondary memberships after the -G option, comma-separated without spaces.
Use the following command to allow the system to allocate the UID and primary GID based on the next available number, but include user Jane in the sysadmin and helpdesk groups:
$ sudo useradd -u 7000 -g 100 -G sysadmin,helpdesk jane
If you’d like to set the primary group using the -g argument, the group account must have already been created. For instance, if you type in the command:
sudo useradd -u 10600 -g 10600 -G sysadmin,helpdesk jane
And, you’ll definitely receive an error message, “useradd: group ‘10600’ does not exist”. If you need to specify the group, put the group first, like below:
$ groupadd 10600
$ sudo useradd -u 10600 -g 10600 -G sysadmin, helpdesk jane
How Does UID Associate With Different System Resources?
Each UID is different from all other UIDs in the system, so it is also used to identify ownership of other system resources (i.e., processes, files).
1. UID and Files
Assuming you know the file permission concept in Linux, if you do not, please feel free to check any Linux beginner guide to start things over. When a user creates a file, it is automatically owned by their UID. You can now control who can do what with this file. It’s a feature of the DAC system in Linux where every file is at its owner’s discretion to create, alter, or delete, and more.
You can view the ownership of a file by using the ls or stat command. Let’s run the “ls” command and verify the ownership of the binary sleep or passwd.
Clearly, the file /usr/bin/sleep belongs to root:
ls -l $(which sleep)
-rwxr-xr-x 1 root root 39048 Mar 6 2020 /usr/bin/sleep
Let’s make it map the ownership to UID rather than the username:
ls -lhn $(which sleep)
-rwxr-xr-x 1 0 0 39K Mar 6 2020 /usr/bin/sleep
Note: Every time a particular process wants to access usernames or has to print out usernames, it goes to the /etc/passwd file to retrieve the information. For example,
strace ls -lhn $(which sleep) 2>&1 | grep passwd
You’re trying to determine whether ls
consults the /etc/passwd
file to translate UID values into usernames when listing file ownership.
strace ls -lh $(which sleep) 2>&1 | grep passwd
openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
2. UID and Processes
Processes also have owners like files have. You can only send process signals to a process if you are the owner (or root) of the process. Here is where this UID comes in useful.
1. When a Regular User Attempts To Kill Another User’s Process:
kill 3209
bash: kill: (3209) - Operation not permitted
Only the owner of the process or the root can do this.
2. When a Process Must Be Regulated:
Regulated, as in you should have the right to allow or limit how much a process is allowed to do ,which is taken care of by the UIDs.
Types of Process UIDs in Linux:
There are three types of UIDs associated with a process, mainly Real, Effective, and Saved UserID in Linux:
1. Real UID:
Real UID is the UID assigned to a process by its parent. In other words, whoever created a process is the actual owner and the UID of the process(UID inherited by the process from the owner). It does not give a username to a process, but rather determines via UID to whom a process belongs, similar to a digital signature. This is crucial, particularly when the effective UID differs from the real UID, which we will discuss next.
2. Effective UID:
This is the one that usually decides what permissions a process actually has. Although one user can initiate it, the process can still be executed with another user’s privileges. The passwd command is an example of such a command. This script modifies the file /etc/shadow, which is a root owned file. Hence, a regular user can’t execute this command and thus cannot change his/her password. The binary fortunately runs with a real UID of 0 (root), which gives it the necessary privilege to edit the /etc/shadow file. This happens as the passwd command has an effective UID of 0 due to the setuid bit. The real UID remains that of the invoking user, but the effective UID is temporarily elevated to root (UID 0), allowing access to /etc/shadow. Real and effective UIDs are generally the same, unless in the case of SUID bit integrated binaries.
3. Saved UID:
That’s where SUID is involved. The Saved User ID provides a mechanism for a process to exchange its real and effective UID. This is very important for security since you need higher privileges only in very particular places.
Conclusion
The User Identifier (UID) is simply a unique ID that is automatically assigned to every user account and is necessary for managing user permissions, file ownership, and Linux system security as a whole. Hence, it is essential to understand UIDs before attempting to obtain a Linux administration certification. For anyone who wants to work with Linux, getting your head around UIDs in Linux is important to learn.
User Identifier in Linux- FAQs
1. What is UID in Linux, How to Find and Change it?
In Linux, a User Identifier (UID) is a unique number assigned to each user account. The system uses this number, along with the Group Identifier (GID), to manage access to files, processes, and other resources. This unique number allows the operating system to distinguish between users and manage their access to files, processes, and system resources.
Rather than relying on usernames, the system uses UIDs behind the scenes to enforce permissions and security rules, making it a core part of user management. In essence, it serves as the operating system’s method for tracking user identities.
2. How to find the UID of a file in Linux?
To find a user’s UID in Linux, you can check the /etc/passwd file. Each line in this file holds user details, where the third field represents the UID and the fourth field is the GID. This method works on most Linux systems.
3. What is UID 1000 in Linux?
In Linux, user IDs from 0 to 99 are reserved for system accounts and are assigned statically. While IDs from 100 to 999 are used for service and application accounts and are dynamically assigned. However, starting from 1000, UIDs are assigned to human users by default.
4. What is a set UID in Linux?
Setuid is a special permission in Unix-like operating systems that allows a program to run with the privileges of the file’s owner. When this permission is set, the program executes with the file owner’s user ID, rather than the user ID of the person running it.
For example, if a file is owned by the root user and has the Set UID bit turned on, anyone who runs that file will temporarily get root privileges while the program runs, even if they’re a regular user.
Note: Most Linux systems ignore setuid bits on scripts (like shell or Python scripts) for security. Setuid typically only works on compiled binaries (like those written in C).
5. What is PID in Linux?
In the Linux operating system, PID is referred to as “Process IDentifier.” It is a unique number that is used to identify a particular running process on the system.