1. Overview
Each user has an identifier (UID) and a name in Linux.
In this quick tutorial, we’ll explore how to find the user’s name by a given UID.
2. Parsing the /etc/passwd File
In Linux, the /etc/passwd file stores the user information, such as the user’s name, UID, group id (GID), user’s home directory, and user’s shell. We can get the username by parsing the /etc/passwd file.
Let’s see a passwd file as an example:
$ cat /etc/passwd
...
http:x:33:33:http:/srv/http:/bin/false
uuidd:x:68:68:uuidd:/:/sbin/nologin
dbus:x:81:81:dbus:/:/sbin/nologin
nobody:x:99:99:nobody:/:/bin/false
kent:x:1000:1000::/home/kent:/bin/zsh
git:x:999:999:git daemon user:/:/bin/bash
mldonkey:x:998:998:Mldonkey daemon user:/var/lib/mldonkey:/bin/false
...
As we can see in the example above, each entry in the passwd file is a record with colon-separated fields. Next, let’s pick the mldonkey user as the example to understand the structure of the entries in the passwd file:
mldonkey:x:998:998:Mldonkey daemon user:/var/lib/mldonkey:/bin/false
1 |2| 3 | 4 | 5 | 6 | 7
- 1 – Username
- 2 – Password, usually, we’ll see an ‘x‘ character there. It means the password is encrypted.
- 3 – UserID (UID)
- 4 – GroupID (GID)
- 5 – User description: A short description of the user. It’s an optional field. For example, the user kent in the example doesn’t have a description.
- 6 – User’s home directory
- 7 – User’s default shell: /sbin/nologin or /bin/false indicates logging in is disabled for the user.
Now that we understand the record structure in the passwd file, our problem is to search in the passwd file and find the 3rd field (UID) that’s equal to the given value and print the first field.
The awk command is good at processing column-based data. So, let’s find the username of UID 1000 using awk:
$ awk -F':' -v uid=1000 '$3 == uid { print $1 }' /etc/passwd
kent
The awk command’s pretty straightforward. We first tell awk to process each record in the passwd file using “*:*” as the field separator. Then, we only print the first field if the third field equals the variable uid‘s value.
Similarly, we can change the uid variable’s value to find other usernames:
$ awk -F':' -v uid=998 '$3 == uid { print $1 }' /etc/passwd
mldonkey
$ awk -F':' -v uid=99 '$3 == uid { print $1 }' /etc/passwd
nobody
3. Using the getent Command
The getent command allows us to get the entries from various “databases”. Here “databases” indicate different important configurations, such as passwd, hosts, networks, protocols, and so on.
The syntax to use the getent command’s pretty simple:
getent database [key ...]
Of course, as we want to search UID and username, we’ll use passwd as the database.
The key can be either UID or username:
$ getent passwd kent
kent:x:1000:1000::/home/kent:/bin/zsh
$ getent passwd 1000
kent:x:1000:1000::/home/kent:/bin/zsh
As we can see, getent outputs the entire entry it finds. If we want only one field from the result, we need to parse the getent output.
We’ve learned that the first field in a passwd entry indicates the username. Therefore, we can use the cut command to extract the username:
$ getent passwd 1000 | cut -d':' -f1
kent
$ getent passwd 998 | cut -d':' -f1
mldonkey
Alternatively, we can use other commands, such as awk or sed, to get the first field:
$ getent passwd 1000 | awk -F':' '{ print $1 }'
kent
$ getent passwd 99 | sed 's/:.*//'
nobody
4. Conclusion
In this short article, we first learned the structure of the /etc/passwd file. Then, we explored how to get the username by a given UID.