User Accounts

Every Ubuntu installation typically contains three types of account: the super user, the day-to-day user, and the system user. Each type is important in its own right, and you must know the responsibilities of each. Without working together, Ubuntu would have a hard time doing anything!

All users must have accounts on the system. Ubuntu uses the /etc/passwd file to hold information on user accounts. Each user, regardless of type, has a one-line entry of account information stored in the /etc/passwd text file. Each account entry contains a username (used for logging in), a password field containing an x (as passwords are actually contained in /etc/shadow), a user ID (UID), and group ID (GID). The fifth field contains optional human ID information, such as real name, office location, phone number, and so on. The last two fields are the location of the user's home directory and the user's default login shell. See the "The Password File" section later in this chapter for more information.

Like other Linux distributions, Ubuntu makes use of the established UNIX file ownership and permission system. Each file (which can include directories and even devices) can be assigned one or more of read, write, and/or execute permissions. These can be assigned further to the owner, a member of a group, or anyone on the system. File security is drawn from combining ownership and permissions. The system administrator (most commonly referred to as the super user) has total responsibility to make sure that users have proper UIDs and GIDs and to ensure that sensitive files (which can include important system files) are locked down using file permissions. Regardless of how many system administrators are present on the system, there can only be one root user. This is the user who has access to everything and can grant or take away any privileges on the system. The root user has a user ID of 0 and a group ID of 0, making it unique among all other users on the system.

The root user can use any program, manipulate any file, go anywhere in the file system, and do anything within the Ubuntu system. For reasons of security, that kind of raw power should be given only to a single trusted individual.

It is often practical for that power to be delegated by the root user to other users. This delegation is referred to as an elevation of privileges, and these individuals are known as super users because they enjoy the same powers that root enjoys. This approach is normally used only on large systems in which one person cannot effectively act as the system administrator.

Was this article helpful?

0 0

Post a comment