Linux File Permission: uid vs gid
The uid (user identifier) and gid (group identifier) are important fundamental concepts for Linux system administration. With that being said, it is critical to understand them before achieving a Linux certification. Understanding how uid and gid affect file permissions and how programs run can make you a better exam taker, administrator, or security pro.
Here, we'll take a quick look at what the uid and gid are, how to display them, and how they can help you better understand Linux file permissions.
What are Uid and Gid?
As you might expect, uid is a number associated with a user account and gid is a number associated with a group.
The root user and group are usually given uid and gid 0. The IDs from 1-99 are also reserved for use by other system accounts. What happens after ID 99 tends to vary by operating system. For example, some flavors of *nix reserve 100-499 for dynamic system allocation (e.g. if a package you install needs a uid/gid) and begin allocating standard user accounts uid and gid numbers at 500. Other systems, reserve 100-999 for dynamic system allocation and start standard user accounts from 1,000 and up.
Uid and gid matter for more than just identifying users and groups. When a process is started or a command is run, the uid or gid that called it dictates privileges and file system access. For example, uid and gid values help your Linux systems differentiate between root and a user with lower privileges.
How to Display a Uid and Gid
There are a few ways to view a uid and gid. One of the simplest is looking at the /etc/passwd file available on most Linux operating systems. In the /etc/passwd file the uid is the 3rd field and the gid is the 4th.
For example, on our Ubuntu 20.04 system where "cooluser" was the first account created, we can see that cooluser's uid and gid are 1000.
cooluser@LAPTOP-5V55HON5:~$ cat /etc/passwd | grep cooluser cooluser:x:1000:1000:,,,:/home/cooluser:/bin/bash cooluser@LAPTOP-5V55HON5:~$
You can also check the gid and uid of your current user or other users with the aptly named id command. In the examples below, we use id to check our own uid and gid as well as the uid and gid of "otheruser" with the command id otheruser.
cooluser@LAPTOP-5V55HON5:~$ id uid=1000(cooluser) gid=1000(cooluser) groups=1000(cooluser),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),117(netdev) cooluser@LAPTOP-5V55HON5:~$ id otheruser uid=1001(otheruser) gid=1001(otheruser) groups=1001(otheruser) cooluser@LAPTOP-5V55HON5:~$
You'll notice that there are multiple groups in id cooluser command. This is because the id command prints the real uid/gid, the effective uid/gid usually the same as the real uid/gid, but not always, and supplementary group IDs. These values come into play once you dive into file permissions and concepts like setuid.
Final Thoughts: What's Next?
We hope this crash course was helpful! Understanding gid and uid is important foundational knowledge for Linux professionals. From here, you dive further into Linux file system permissions or user administration. If you're still not sure where to start but know you want to improve your *nix skills, check out Shawn Powers' Linux Essentials training. Whichever path you take, the important thing is to keep stacking your skills.