[AceJohnny2]

> It turns out that id gets this information from the /etc/passwd and /etc/group files.

    $ strace -e open id 1000   
    open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
    open("/etc/group", O_RDONLY|O_CLOEXEC)  = 3

Well, by default yes. But if your system is configured to use NIS/YP or LDAP (through NSS/Name Service Switch), then these files won't have all the information (though they'll likely have a few, it's important to have local fallbacks in case of network issues!)

A more generic tool is 'getent', which will query all the underlying databases for you. For example: "getent passwd" or "getent group".

Nevertheless, using strace to get a first approximation is an excellent exercise :)

[LukeShu]

The problem isn't really that they used strace+id, it's that they abbreviated the output a bit too much. A better clipping would have been:

    $ strace -e open id 1000   
    ...
    open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
    ...
    open("/usr/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
    ...
    open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
    open("/etc/group", O_RDONLY|O_CLOEXEC)  = 3
    ...

Where nsswitch.conf informs it how to look up the information; the default on most systems being

    passwd: files
    group: files

which tells it to the functions in /usr/lib/libnss_files.so to access the "passwd" (user) and "group" databases. libnss_files.so uses /etc/passwd and /etc/group respectively for these.