Right, let’s get the existential stuff out of the way. Before you can start bossing the system around, you need to answer the most fundamental question in a multi-user environment: “Who am I?” and “What am I allowed to do?” It sounds philosophical, but the answers are brutally practical. You’re not a beautiful and unique snowflake to the kernel; you’re just a number. A user ID (UID). Let’s meet the tools that translate that number back into a name and tell you what teams you’re on.

The id Command: Your Full ID Card

Forget whoami for a second. id is the workhorse here. It doesn’t just tell you who you are; it tells you what you are, in exhaustive detail. Running it with no arguments is like asking for your full profile.

$ id
uid=1000(alice) gid=1000(alice) groups=1000(alice),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),122(lpadmin),133(lxd),134(sambashare)

Let’s break down this little masterpiece of an identity crisis:

  • uid=1000(alice): This is you. Your user ID. UID 1000 is almost always the first non-root user created on a system, a convention so strong it’s basically a rule. The kernel uses the number (1000); the utilities mostly use the name (alice) to be friendly.
  • gid=1000(alice): This is your primary group. Every user has one. When you create a file, this is the group it’s assigned to by default. It’s often named the same as your user, which is a nice, clean setup for a personal machine.
  • groups=...: Here’s the good stuff. This is the list of all supplementary groups you’re a member of. This is the mechanism that grants you additional privileges beyond your primary group. Want to use sudo? You need to be in the sudo group. Want to administer printers? That’s lpadmin. This list is why you can do things your primary group alone wouldn’t allow.

You can also be nosy and check someone else’s ID.

$ id bob
uid=1001(bob) gid=1001(bob) groups=1001(bob),100(users)

See? Bob isn’t in the sudo group. Poor Bob. This is also how you check if a user exists without grepping through /etc/passwd.

The whoami Command: For When You Forget

whoami does exactly one thing, and it does it well: it prints your effective username. That’s it. It’s the equivalent of looking at your own driver’s license photo—quick, simple, and rarely surprising.

$ whoami
alice

Its sheer simplicity is its strength. It’s fantastically useful in scripts where you just need a clean, guaranteed username as output. Why type id -un when whoami is right there? It’s a classic Unix tool: do one thing, do it perfectly.

The groups Command: Just Your Team List

If id gives you your full bio, groups just prints your team roster. It lists all the groups your user belongs to, but only by name, not ID.

$ groups
alice adm cdrom sudo dip plugdev lpadmin lxd sambashare

By default, it shows the groups for the current user, but you can, again, be nosy.

$ groups bob
bob : users

Honestly, I barely use this. id gives me more information in a similarly readable format. But it’s here, it works, and some old-school admins have a fondness for it.

Why This All Matters: The Effective vs. Real UID Trap

Here’s where we move from theory to trench warfare. The commands above show your effective identity—the user and groups you’re currently operating as. But this isn’t always the whole story.

Linux has a concept of Real and Effective UIDs. Normally, they’re the same. But when you run a program with the Setuid bit (like sudo or passwd), the program starts with the effective permissions of the owner of the binary (often root), not you.

The id command has flags to reveal this distinction, and you should know them.

# Show real ID (who you logged in as)
$ id -ur
1000

# Show effective ID (who you're acting as)
$ id -u
1000

# Now run a command as root...
$ sudo su

# And check again from the new shell
# id -ur  # Still 1000, you're still 'alice' at the core
# id -u   # Now 0, because you're effectively root!

This is the cornerstone of privilege escalation. You sudo a command, and your effective UID becomes 0 (root) for the duration of that process, granting it god-like powers. The id command is your truth-teller, cutting through the abstraction to show you what the kernel actually sees. Always, always think about which UID a process is running with. It’s the difference between deleting a file and deleting the entire filesystem. No pressure.