kazmax - Home Server on Linux

Linux Users And Groups

Linux is able to be accessed by multiple users to a single computer at the same time, you can also manage the plurality of users.

This section explains users and groups.

Last Update : December 02, 2018

Linux Users And Groups Contents

  1. "System Administrator", "General User" and "System Account"
    • System Administrator
    • General User
    • System Account
  2. Group

1. "System Administrator", "General User" and "System Account"

The user's management unit is called an account.
The term account is used like "Create user account", "Delete account".

In addition to the account used by humans, there is an account to use for a specific application.
For accounts that humans use, it is necessary to clearly distinguish between the accounts used by system administrators and the accounts used by users who use the system.

System Administrator

The account used by the system administrator (system administrator) is the user name "root", and it is called the root user, the super user, etc.
The root user has powerful privileges and can do most things on the OS (except SELinux).
Even files that are important to the system can be easily deleted. It is better not to use the root user at times other than administrative work.

General User

The account used by the human who uses the system is called a general user.
It is called with an account name other than the name "root", and there are restrictions on the commands that can be used.

How to check your account ID and belonging group
[foo@localhost ~]$ id
uid=500(foo) gid=501(bar) groups=501(bar),502(bar2)
↑ The user name is foo, and the group to which it belongs is bar.

The account is managed by the value of the user ID in the system.
"uid" means the user ID.
"gid" means the group ID.
If it belongs to more than one group, "groups" is followed by the group name.

System Account

Linux has an account that exists for a specific application.
While the operating system is running, various applications (various services such as Apache and DB) are executed internally, but these applications are always executed by some account.

In this way, the account that runs a specific application inside the system is called "system account". Since "system account" is not used directly by humans, it is necessary to prevent login.

2. Group

Linux has the function of "group", accounts can be handled logically collectively.
If you give a file permission to write to a specific group, all users belonging to that group will have the right to write to that file.

Also, it is possible for one account to belong to more than one group.

How to check the group to which you belong

[foo@localhost ~]$ groups
bar bar1 bar2← It means that you belong to "bar" group, "bar1" group, "bar2" group.