1. Introduction
A User Identifier (UID) is a unique numerical value for identifying users and processes. User identifiers are important for determining file permissions, process owners, and access control rights.
While the average Linux user might not need to alter their UID often, system administrators and developers may encounter scenarios where they need to understand and exercise this process.
In this tutorial, we’ll explore these scenarios and see how we can alter our UID.
2. Types of UIDs
2.1. Real UID
This is the UID that starts the process. It is assigned when a user logs in, and it remains constant throughout that session. This ID is used to determine ownership of files and processes.
2.2. Effective UID
This is used to assign a user’s privileges while executing a process. In most cases, this ID is the same as the actual ID.
However, sometimes, it may be elevated to grant a user more permissions without changing the real UID.
2.3. Saved UID
This is used to preserve the initial user associated with a process. It is normally used when a user (usually root) requires lower privileges to carry out a task. Their effective ID can be temporarily changed to one with lower privileges, while the original effective ID is saved to the saved UID.
When the operation is done, the user can regain their original privileges.
3. Why Change a UID?
Here are some scenarios where we might need to alter a UID:
- User account reorganization – when restructuring access controls, changing UIDs can help ensure that permissions are configured appropriately
- Security – borrowing from the principle of least privilege, a user should only be required to have as many rights as needed to complete a task; therefore, it may occasionally be necessary for a system admin to adjust user privileges accordingly
- System migration – during a migration, aligning UIDs to ensure consistency across different platforms or databases might be necessary
- Deduplication of UIDs – we may need to resolve UID conflicts, for example, when scenarios such as the need for data recovery arise
4. How to Change a UID
Let’s first see how we can tell the UID of the current user. We can use the id command as below:
# replace username with a valid user
$ id -u usernameThis will output a numerical value (such as 1000). Note that the number 0 is reserved for the root user.
Alternatively, we can open the /etc/passwd file:
$ nano /etc/passwdThe following is the sample output when running on Ubuntu 22.04:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
...Each entry in this file contains info about a user, separated by colons. The data includes the user name, encrypted password (x), user ID (UID), group ID (GID), full name of the user (GECOS), home directory, and login shell, respectively.
Now that we know how to get our UID let’s see how to change it:
# Replace `new_uid` with your new UID and `username` with the user's username
sudo usermod -u new_uid usernameIt’s important to note that files and directories in the user’s home directory will automatically modify their UID to the new one. We’ll need to adjust the UID for files outside our home directory manually. We can achieve this using the command below:
# replace `old_uid_of_user_X` with the old UID of the `user_X`
# Also replace `user_X` with the given username
find / -user old_uid_of_user_X -exec chown -h user_X {} \;5. Conclusion
In this article, we have seen how to manage user IDs. Remember that when modifying UIDs, we should only provide a user with as many privileges as they need to complete an operation.