id — Verify User Identity and Access Context
By the end of this lesson, you will be able to read UID/GID output, validate supplementary groups, and use id in scripts to prevent ownership and permission mistakes in WordPress operations.
Overview
id is the fastest command for checking who a user is from the kernel's perspective: user ID, primary group ID, and supplementary groups. This is essential when debugging file permissions, running automation, or auditing privilege boundaries.
On WordPress VPS hosts, incorrect UID/GID mapping is a common cause of failed uploads, plugin updates, and deployment errors.
- Core Function: Display user and group identity information.
- Primary Benefit: Immediate clarity on permission scope and ownership mapping.
- Where to Use: Post-onboarding checks, deployment troubleshooting, security audits.
- Workflow:
id [OPTION] [USERNAME].
id is part of GNU coreutils and is installed by default on Ubuntu.
System Check
Ensure id is available and check your version:
which id # Expected: /usr/bin/id
id --version # Shows coreutils version
Syntax & Expression Rules
The command follows a logical structure that reads almost like a sentence:
id [OPTION] [USERNAME]
[OPTION]: Output selector such as-u,-g,-G, or-n.[USERNAME]: Optional target account (defaults to current user if omitted).(combined flags): Combine options like-Gnto output group names only.
Identity Output Flags
| Expression | Description | Example Syntax | ⭐ Rating |
|---|---|---|---|
| :-- | :-- | :-- | :-- |
(no flag) | Show full UID/GID/groups line | id wpdev | ⭐⭐⭐⭐⭐ |
-u | Show numeric UID only | id -u wpdev | ⭐⭐⭐⭐⭐ |
-g | Show numeric primary GID only | id -g wpdev | ⭐⭐⭐⭐ |
-G | Show all numeric group IDs | id -G wpdev | ⭐⭐⭐⭐ |
-n | Print names instead of IDs (with -u, -g, -G) | id -Gn wpdev | ⭐⭐⭐⭐ |
-r | Show real ID instead of effective ID | id -ru | ⭐⭐⭐ |
-z | Separate output fields with NUL (script use) | id -z -Gn wpdev | ⭐⭐ |
Identity Validation Actions
| Action | Description | WordPress/VPS Use Case | Example Syntax |
|---|---|---|---|
| :-- | :-- | :-- | :-- |
| Check web access identity | Confirm membership in www-data | Validate deploy/write permissions | id wpdev | grep www-data |
| Compare admin vs deploy identities | Verify role separation | Ensure deploy user lacks sudo | id wpadmin && id deployer |
| Validate web daemon ownership account | Inspect www-data identity | Troubleshoot ownership mismatch | id www-data |
| Scriptable compliance check | Return pass/fail for CI preflight | Stop deployments with wrong memberships | id -Gn wpdev | tr ' ' '\\n' | grep -qx www-data |
Practical Use Cases
1. Show full identity for current user
id
Expected output:
uid=1003(wpdev) gid=1003(wpdev) groups=1003(wpdev),33(www-data)
Explanation: Reports primary and supplementary identity values for current shell. Use case: Quick pre-check before editing WordPress files.
2. Inspect another account's full identity
id wpadmin
Expected output:
uid=1001(wpadmin) gid=1001(wpadmin) groups=1001(wpadmin),27(sudo)
Explanation: Reads identity for target user without switching sessions. Use case: Audit admin role assignment.
3. Get numeric UID only
id -u wpdev
Expected output:
1003
Explanation: Prints UID only, ideal for scripts. Use case: Map files to owner IDs in backup tooling.
4. Get numeric primary GID
id -g wpdev
Expected output:
1003
Explanation: Returns primary group numeric ID.
Use case: Validate default group before bulk chown.
5. Print all group names only
id -Gn wpdev
Expected output:
wpdev www-data
Explanation: Cleaner display of supplementary groups. Use case: Human-readable permission review.
6. Confirm www-data membership in script
id -Gn wpdev | tr ' ' '\n' | grep -qx www-data && echo "member"
Expected output:
member
Explanation: Uses exact-match membership check. Use case: Deployment preflight gate.
7. Compare effective vs real user after sudo
sudo sh -c 'echo "effective=$(id -u) real=$(id -ru)"'
Expected output:
effective=0 real=0
Explanation: Shows identity context under privileged shell.
Use case: Diagnose script behavior under sudo.
8. Inspect web daemon identity
id www-data
Expected output:
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Explanation: Displays canonical web-server account identity. Use case: Verify expected owner/group target for WordPress files.
Common Mistakes & Troubleshooting
| Problem | Cause | Fix |
|---|---|---|
| :-- | :-- | :-- |
id: USER: no such user | Typo or deleted account | Verify with getent passwd USER |
| Group changes not visible | User session has stale group cache | Re-login or run newgrp GROUP then recheck with id -Gn USER |
| WordPress writes fail despite expected group | Directory owner/mode still wrong | Run sudo chown -R www-data:www-data /var/www/html && sudo chmod -R g+rwX /var/www/html |
| Confusion between UID and username | Numeric output interpreted as names | Use id -un USER and id -gn USER for explicit names |
| Script matches partial group names | Using loose grep patterns | Use exact check: id -Gn USER | tr ' ' '\\n' | grep -qx GROUP |
Best Practices
- Check identity before permission changes: Run
id USERbeforechown,chmod, or deploy scripts. - Prefer exact membership checks in automation: Use tokenized matching, not substring grep.
- Keep role boundaries explicit: Avoid accounts that need both broad
sudoand routine web-write access. - Audit numeric mappings periodically: UID/GID drift causes subtle cross-host permission bugs.
- Pair
idwithgroupsandgetent: Confirm both account identity and directory-level policy.
Hands-On Practice
Task: Validate Identity Before a Plugin Deployment
- Inspect
id wpadmin,id wpdev, andid deployerand compare group memberships. - Confirm only required users are in
www-databefore updating/var/www/html/wp-content/plugins. - Challenge: Create a shell check that exits non-zero when deploy user has
sudoor lackswww-data, then run it in your deployment pipeline.
Connection to Other Concepts
- groups: Provides a quick membership view when full UID/GID detail is not needed.
- usermod: Changes group assignments and shell/expiry values that you then verify with
id. - sudo: Alters execution identity context;
idconfirms who commands run as. - adduser: Creates the account whose identity you validate with
id.
Visual Learning Diagram
What's Next: Proceed to passwd — Control Password and Expiry Policy to manage authentication lifecycle for each account.