What To Do if Numeric ID is Shown Instead of Username

As you know, every file in your Unix OS belongs to some user and some group. It is very easy to confirm the ownership of any file because user id and group id which own the file are always linked to the file. However, sometimes you can’t tell which user owns the file, and today I’m going to explain why. It’s a rather lengthy post and a complicated matter, so please leave questions or comments to help me polish this article off.

Files and directories ownership in Unix

If you look at any file using ls command, you will see an output like the one shown below – it reveals file access permissions, user and group id of the owner, the modification timestamp and the file name itself:

ubuntu$ ls -l /tmp/myfile
-rw-r--r-- 1 greys admin 0 Jan 6 03:51 /tmp/myfile

In this example, the /tmp/myfile file belongs to me, hence the username is greys. It also belongs to my default (primary) Unix group – admin.

Similarly, ownership of any file or any directory can be confirmed for every object in available filesystems. Here’s just a few more examples, these are the standard system files belonging to root:

ubuntu$ ls -ald /etc /etc/passwd
drwxr-xr-x 91 root root 4096 Jan 6 03:51 /etc
-rw-r--r-- 1 root root 1481 Jan 6 03:51 /etc/passwd

Why numeric IDs are sometimes shown instead of username or groupname

Sometimes though, you will look at a file and instead of the username you will see a numeric ID:

ubuntu# ls -al /tmp/file
-rw-r--r-- 1 1006 root 0 Jan 6 03:51 /tmp/file

The reason numberic ID (1006 in the example above) is shown instead of a username is because your system doesn’t recognize this ID – it can’t be associated to any username known to your Unix OS.

There are a few possible scenarios for this to happen, but most likely the user has been removed since the file was created. Naturally, deleting any User doesn’t automatically mean removing every single file belonging to such a user, that’s why the files stay but can no longer be associated with the existing user. All they have to show is the user ID which once owned the file.

How to find the missing username using user id

Unfortunately, there are no easy ways to recover the username (or any other user-specific information) based on a misterious user ID some of your files might have. There are a few things can try though.

1. Try other Unix systems in your environment

It can be the case that Unix account was a local one automatically created by your system administrators. There’s still a chance the same uid exists on other systems. Log into a few of them and verify if they have a user with the same user id (read this post for more information: How to Find Out user id):

ubuntu$ getent passwd 1006
newowner:x:1006:1006::/home/newowner:/bin/sh

The same tip applies in case of more mature environments where Unix systems don’t have local users, but instead rely on NIS or LDAP for accessing user accounts information.

If your system for whatever reason can’t access the centralized storage for users, you will experience the same symptoms – most of files belonging to users will appear to have numeric IDs instead of usernames. Most likely though, you’ll have more important problems in this case – like not being able to log in as anything else but root (which is an administrative account always created locally on each system).

2. Look at home directories and their owners

When a new user is added to Unix system, it usually gets a home directory assigned to it. Creating a home directory is not a default behaviour at times, but it’s a good practice and so there’s a very high probability that the user you’re looking for had a home directory. Removing home directories isn’t usually done at the same time when a user is removed, so there’s also a good chance that even though the user isn’t found anymore, the home directory is still there.

What you should be looking for is a home directory which belongs to the same user id which some of the unidentified files of yours belong to.

Simply do an ls command under /home directory and see if any of the directories there appear to have numeric IDs instead of usernames:

ubuntu# ls -ald /home/\*
drwxr-xr-x 2 ftp nogroup 4096 May 22 2007 /home/ftp
drwxr-xr-x 11 greys greys 4096 Dec 13 19:56 /home/greys
drwxr-xr-x 2 1006 admin 4096 Jan 6 04:23 /home/mike

As you can see, sometimes you might get lucky – the directory is there, and since most home directories usually have the same name as the username which owns them, you can deduct that the username of the user id 1006 was “mike”. You can now recreate Mike’s account and it will be immediately reflected for all the files owned by user id 1006:

ubuntu# ls -ald /home/mike
drwxr-xr-x 2 1006 admin 4096 Jan 6 04:23 /home/mike
root@simplyunix:~# useradd -u 1006 mike
root@simplyunix:~# ls -ald /home/mike /tmp/file
drwxr-xr-x 2 mike admin 4096 Jan 6 04:23 /home/mike
-rw-r--r-- 1 mike root 0 Jan 6 03:51 /tmp/file

3. Look at other users known to your system

Sometimes users are created in batches, and you can guess who the user was by looking which users were created before and after. All you have to do is to use the same getent passwd approach for user ids which are smaller or larger than the one you want to identify.

Another way to user other users’ information to your advantage is to verify which groups they belong to and to then query the groups to see if they have any members not currently known to your system. This will only work for NIS/LDAP groups, not local ones. What could happen is that even though a user was removed, the username is still listed in a few NIS groups.

That’s it for today. Hope this post helps you in your investigations, and stay tuned for more!

See also

  • Adding users in Unix
  • How to list groups a Unix user belongs to
  • How to find out user ID



Keep Learning

Follow me on Facebook, Twitter or Telegram:
Recommended
I learn with Educative: Educative
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets