The Linux Security Journey — UID (User Identifier)

UID stands for “User Identifier”, it is a number associated with each Linux user in order to represent it in the Linux kernel. We can think about it like SID (https://medium.com/@boutnaru/windows-security-sid-security-identifier-d5a27567d4e5) in Windows which uniquely identifies a security principal. We can see the UID for a specific user defined in “/etc/passwd”.

In most Linux distributions UIDs 1–500 are reserved for system users, while in distributions like Ubuntu/Fedora the UID for a new user starts from 1000 — by default, the UID of root is 0

(https://linuxhandbook.com/uid-linux/). Moreover, we can also change the UID of a user with the “usermod” (https://linux.die.net/man/8/usermod) command in the following manner: “sudo usermod -u [NEW_UID] [USER_NAME]” — as shown in the screenshot below. Also, all processes executed by the user will get its UID — more on that in a future writeup.

Lastly, it is important to understand that there are three different types of UID: EUID (Effective UID), RUID (Real UID) and SUID (Saved UID) — I am going to explain about those in future writeups including the relevant kernel data structure (struct cred).

See you in my next writeup ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru). Also, you can read my other writeups on medium — https://medium.com/@boutnaru. You can find my free eBooks at https://TheLearningJourneyEbooks.com.