User identifier (Unix)
Encyclopedia
Unix-like
operating system
s identify users within the kernel
by an unsigned integer value called a user identifier, often abbreviated to UID or User ID. The range of UID values varies amongst different systems; at the very least, a UID represents a 15-bit integer, ranging between 0 and 32767, with the following restrictions:
The UID value references users in the /etc/passwd file. Shadow password
files and Network Information Service
also refer to numeric UIDs. The user identifier has become a necessary component of Unix
file system
s and processes
. Some operating systems support 16-bit UIDs, making 65536 unique IDs possible; a modern system with 32-bit UIDs will potentially make 4,294,967,296 (232) distinct values available.
In POSIX
-compliant environments the command-line command
gives the user's user identifier number as well as more information on the user account like the user name, primary user group and group identifier
(GID).
The intent of
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s identify users within the kernel
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...
by an unsigned integer value called a user identifier, often abbreviated to UID or User ID. The range of UID values varies amongst different systems; at the very least, a UID represents a 15-bit integer, ranging between 0 and 32767, with the following restrictions:
- The superuserSuperuserOn many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
must always have a UID of zero (0). - The user “nobodyNobody (username)In many Unix variants, "nobody" is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has....
” traditionally got the largest possible UID (as the opposite of the superuser): 32767. More recently, systems have assigned the user a UID in the system range (1–100, see below) or in the range 65530–65535. - Convention reserves UIDs from 1 to 100 for system use; some manuals recommend reserving UIDs from 101 up to 499 (Red Hat Enterprise LinuxRed Hat Enterprise LinuxRed Hat Enterprise Linux is a Linux-based operating system developed by Red Hat and targeted toward the commercial market. Red Hat Enterprise Linux is released in server versions for x86, x86-64, Itanium, PowerPC and IBM System z, and desktop versions for x86 and x86-64...
) or even up to 999 (DebianDebianDebian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
) as well.
The UID value references users in the /etc/passwd file. Shadow password
Shadow password
In computing, Unix-like operating systems use the shadow password database mechanism to increase the security level of passwords by restricting all but highly privileged users' access to encrypted password data...
files and Network Information Service
Network Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
also refer to numeric UIDs. The user identifier has become a necessary component of Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
s and processes
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
. Some operating systems support 16-bit UIDs, making 65536 unique IDs possible; a modern system with 32-bit UIDs will potentially make 4,294,967,296 (232) distinct values available.
In POSIX
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
-compliant environments the command-line command
idId (Unix)
In computer software, id is a program in Unix-like operating systems that prints the user or group identifier of the account by which the program is executed; an example of the command id as executed by user alice:alice@darkstar:~$ id...
gives the user's user identifier number as well as more information on the user account like the user name, primary user group and group identifier
Group identifier
In Unix-like systems, multiple users can be categorized into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,...
(GID).
Effective user ID
The effective UID (euid) and effective GID (egid) affect file creation and access. During file creation, the kernel sets the owner attributes of the file to the effective UID and effective GID of the creating process. During file access, the kernel uses the effective UID and effective GID of the process to determine if it can access the file.Saved user ID
The saved user ID (suid) is used when a program running with elevated privileges needs to temporarily do some unprivileged work: it changes its effective user ID from a privileged value (typically root) to some unprivileged one, and this triggers a copy of the privileged user ID to the saved user ID slot. Later, it can set its effective user ID back to the saved user ID (an unprivileged process can only set its effective user ID to three values: its real user ID, its saved user ID, and its effective user ID—i.e., unchanged) to resume its privileges.File system user ID
Linux also has a file system user ID (fsuid) which is used explicitly for access control to the file system. It matches the euid unless explicitly set otherwise. It may be root's user ID only if ruid, suid, or euid is root. Whenever the euid is changed, the change is propagated to the fsuid.The intent of
fsuid is to permit programs (e.g. the NFS server) to limit themselves to the file system rights of some given uid without giving that uid permission to send them signals.Real user ID
The real UID (ruid) and real GID rgid identify the real owner of the process and affect the permissions for sending signals. A process without superuser privilege can signal another process only if the sender’s real UID matches with the real UID of the receiver. Since child processes inherit the credentials from the parent, they can signal each other.See also
- setuidSetuidsetuid and setgid are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group...
- Sticky bitSticky bitIn computing, the sticky bit is an access-right flag that can be assigned to files and directories on Unix systems.-History:The sticky bit was introduced in the Fifth Edition of Unix in 1974 for use with pure executable files. When set, it instructed the operating system to retain the text segment...
- Group identifierGroup identifierIn Unix-like systems, multiple users can be categorized into groups. POSIX and conventional Unix file system permissions are organized into three classes, user, group, and others. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks,...
- Process identifierProcess identifierIn computing, the process identifier is a number used by most operating system kernels to uniquely identify a process...
- InodeInodeIn computing, an inode is a data structure on a traditional Unix-style file system such as UFS. An inode stores all the information about a regular file, directory, or other file system object, except its data and name....
- File system permissionsFile system permissionsMost current file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem....