Types of Users in Linux Explained with Accounts

A user account is a systematic way to track and monitor the use of system resources. Each user account has two unique identifiers: a username and a UID.

Username

A username is a text string. When you add a new user account, you must select a unique username for the user account. A username is flexible. If required, you can change it. When you choose a username, it must be unique. Two user accounts cannot use the same username.

UID

A UID (User ID) is a unique numeric ID. Similar to the username, you can choose a particular UID for the user account. If you do not select a UID for the user account, Linux automatically assigns a unique ID. If you manually select a custom UID, you must choose a unique UID. Two user accounts can not use the same UID.

Types of user accounts

Based on the security privileges and roles, there are five types of user accounts on Linux: - root, super, sudo, regular, and service. Let us understand these account types in detail.

The root user account

It is the primary user account. It has the highest privilege. It can perform all administrative tasks and access all services. Linux automatically creates this account during the installation. Since this is the default highest privileged user account, we cannot delete it. However, if required, we can change its state to disable. This account is for administrative tasks. You should never use this account for regular tasks. When you log in using this account, Linux allows you to access all configuration files, processes, and services. You can edit or delete any configuration file and start or stop any service. This free flow of access poses several security risks. You may intentionally or accidentally update or delete a configuration file that can corrupt the entire operating system. To prevent users from unnecessarily using this account for regular tasks, many distros, such as Ubuntu and Debian, keep this account disabled.

Superuser accounts

A superuser account has less privilege than a root account. However, it has all the necessary privileges to manage the system configuration files and services. You can promote any regular account as a superuser account. After promoting a regular user account as a superuser account, you can use it to perform all system management-related tasks. RHEL allows us to lock the root account and add a superuser account during the installation. After the installation, to convert a regular account into a superuser account, you can add it to the wheel group. The wheel group is the default group of superusers.

Sudo user accounts

A sudo user account is a regular user account. Linux distros that keep the root account disabled use this account to authenticate user access. This account prevents scripts from automatically changing configuration files and controlling services. If a user wants to change a system configuration file, start or stop a service, or modify a system setting, he must authenticate his action by typing his password. This precaution prevents users from accidentally changing system settings or configuration files.

Regular user accounts

Regular user accounts have moderate and customizable privileges. You can use a regular user account to perform all routine tasks, such as creating files or directories and running scripts. A regular account can access or update only the files or directories created by him. He cannot change or delete other users' files. However, administrators can allow specific user accounts to access particular files.

The service accounts

All services running on the system need service accounts. Linux uses service accounts to track and monitor the use of the system resources by the services. Service accounts are only for services and processes. We can not use them to perform routine tasks.

User management systems

There are two ways to manage the user accounts: centralized and standalone.

In centralized management, a centralized server system manages all user accounts. It uses a directory service such as LDAP or ADS for user management and authentication. The local system sends the user's login information to the server system. The server system authenticates the user.

In standalone management, the local system manages user accounts. It uses text files to save user accounts and related information. It uses locally stored data to authenticate users.

Conclusion

Linux has five types of user accounts. These types are the root user accounts, superuser accounts, sudo user accounts, regular user accounts, and service accounts. Each type has different privileges.