CoursesLinux essentialsUsers, groups & sudo

Accounts: passwd, shadow, groups

How Linux knows who you are.

Beginner12 min · lesson 17 of 25

Linux identifies every user by a number — the UID — and every group by a GID; the names you see are just a friendly mapping. UID 0 is special: it is root, the superuser, who bypasses all permission checks. Everyone else is a normal user, and system services run as their own dedicated low-privilege users (www-data, postgres) so that a compromised service is not a compromised machine. Understanding this account model is understanding who can do what.

terminal
$ id # who am I? my UID, GID, and groups
uid=1000(deploy) gid=1000(deploy) groups=1000(deploy),27(sudo),999(docker)
$ id root
uid=0(root) gid=0(root) groups=0(root) # UID 0 = the all-powerful superuser
$ whoami
deploy

passwd and shadow

User accounts live in two files. /etc/passwd lists every account — username, UID, GID, home directory, and login shell — and is world-readable (it holds no secrets). The actual password hashes live in /etc/shadow, which is readable only by root, so ordinary users cannot even see the hashes to attack them. A service account that should never log in has its shell set to /usr/sbin/nologin, which quietly refuses interactive logins.

terminal
$ grep deploy /etc/passwd
deploy:x:1000:1000:Deploy User:/home/deploy:/bin/bash
# │ │ │ │ │ └ login shell
# │ │ │ │ └ home directory
# │ │ │ └ GID the "x" means the hash is in /etc/shadow
# │ │ └ UID
$ sudo grep www-data /etc/passwd | cut -d: -f7
/usr/sbin/nologin # a service account that cannot log in interactively

Creating and managing accounts

You add users with useradd/adduser, put them in groups with usermod -aG, and remove or lock them when they leave. The security-relevant habits: give each human their own named account (never a shared login), add people to the sudo/wheel group only if they need admin rights, and disable or delete accounts promptly when someone leaves — a lingering active account is a standing way in.

One human, one account — never share logins
Shared accounts (a common "admin" everyone uses, or several people using root) destroy accountability: when something happens, the logs say "admin did it" and you cannot tell who. Every person gets their own named account, escalates with sudo (which records who ran what), and shared or generic interactive logins are disabled. Attribution is a prerequisite for every other security control — you cannot investigate what you cannot attribute.