Managing Users Part 1

Under Linux, every file and program must be owned by a user. Each user has a unique identifier called a user ID (UID). Each user must also belong to at least one group, a collection of users established by the system administrator. Users may belong to multiple groups. Like users, groups also have unique identifiers called group IDs (GIDs).

The accessibility of a file or program is based on its UIDs and GIDs. A running program inherits the rights and permissions of the user who invokes it. (SetUID and SetGID, discussed in “Understand SetUID and SetGID Programs” later in this module, create an exception to this rule.) Each user’s rights can be defined in one of two ways: a normal user or the root user. Normal users can access only what they own or have been given permission to run; permission is granted because the user either belongs to the file’s group or because the file is accessible to all users. The root user is allowed to access all files and programs in the system, whether or not root owns them. The root user is often called a superuser.

If you are accustomed to Windows, you can draw parallels between that system’s user management and Linux’s user management. Linux UIDs are comparable to Windows SIDs (system IDs), for example. In contrast to Windows NT, you may find the Linux security model maddeningly simplistic: either you’re root or you’re not. Normal users cannot have root privileges in the same way normal users can be granted administrator access under NT. You’ll also notice the distinct absence of Access Control Lists (ACLs) in Linux. Which system is better? Depends on what you want and whom you ask.

In this module, we will examine the technique of managing users for a single host. Managing users over a network will be discussed in Module 19. Let’s begin by exploring the actual database files that contain information about users. From there we’ll examine the system tools available to manage the files automatically.