User ID and User types in UNIX Operating Systems


This article explains about, what exactly is an USER ID in UNIX operating system and how is that been represented and stored in "passwd" file with the user details. Also, read this article to know about the range of user ids and their special permissions.

What is User ID in UNIX?


Unix-like operating systems use a unique positive integer assigned to each user, which in turn is used to identify users within the kernel. This is called as user identifier, which is often abbreviated as UID or User ID. The user names are used as an interface to human.

The UID of the current user can be checked just by typing "id" in the terminal.
e.g.,
[nura@localhost ~]$ id --> a normal user
uid=500(nura) gid=500(nura) groups=500(nura) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[root@localhost]# id --> a super or administrative user
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

How is it stored?
The user details are stored in a file called "/etc/passwd" with UIDs along with corresponding user names and other information related to the user. Sample content of "/etc/passwd" file is as follows and can be viewed using the "cat" command.

[nura@localhost ~]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
saslauth:x:497:495:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
nura:x:500:500:User Nura:/home/nura:/bin/bash

A sample entry explained:
root:x:0:0:root:/root:/bin/bash


• The first field represents the Username.
• The second field usually stores the password, which is used to validate the user during login. But, in the modern systems, it is set to 'x' and the actual encrypted password is stored in "/etc/shadow" file.
• The third field is the UID and fourth is GID, which is nothing but group identifier representing to which group does the user belong.
• The fifth field describes the person or the account, typically contains the user's full name or the description of the account. This field can also be called as Gecos field.
• The sixth field is the home directory of the user and represents where exactly the user home directory is mounted.
• The seventh but last field represents the program which is executed whenever the user logs into the machine. Here it is "/bin/bash" for both root and nura which is a shell that runs when logged in either as root or nura.

Range of UIDs:
The range of UID values varies among different kernels and systems. In general, UID represents a 15-bit integer, ranging between 0 and 32767. But, in the Linux kernels 2.4 and above, they are unsigned 32-bit integers, that can represent values from 0 to 4,294,967,296. However, in order to be compatible with the older kernel systems, which can only accommodate 16-bit UIDs it is advisable to use values only up to 65,534.

Special UID and their roles:
UID 0 is preserved always for the root or super user account (the omnipotent administrative use). Even though, the username can be changed or additional accounts can be created with the same UID, neither of this is advisable due to security reason.

The user "nobody", a user with no system privileges has UID of 65534 in 32 bit or 32767 in 16 bit. This is the largest possible UID opposed to super user with UID 0 (in permissions too). This usually is used either in FTP (file transfer protocol) or HTTP (hypertext transfer protocol), where the remote systems are accessed.

UIDs from 1 to 100 are reserved for special system users, such as wheel, daemon, lp, mail, sync etc., as provided in the above sample O/P. These users are administrators. But, will have less permission comparing root, but more privileges than an ordinary user to perform some administrative tasks. This range again varies according to the distribution, as it is from 101 up to 499 in Red Hat Enterprise Linux, up to 999 in Debian.

Also, it will be a convenient way to reserve a block of UIDs for local users, such as 1000 through 9999, and another block for remote users, such as 10000 to 65534. The advantage of reserving blocks of numbers for particular types of users will help in checking user activity using, which suspicious activity can be identified.


Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: