Types of users on a Linux system

Information about users and groups are stored in several text files within the /etc/ directory. The /etc/passwd file contains a list of users. Each line is separated into fields by colon (':') characters. The fields from left to right are the username, the encrypted password (x), user ID (UID), group ID (GID), GECOS (the field is optional and is used to store extra information such as the user's full name), the absolute path to the user's home directory (such as /home/mihael/), and the program automatically launched whenever a user logs in (this is usually a command interpreter often called a shell). Here is an example of a /etc/passwd line.


There is a risk involved in storing everyone's password in /etc/passwd because the file is readable. Therefore, the /etc/shadow file is readable only by the root user and contains password for each user. Each line is separated into fields by colon characters. The fields from left to right are the username, the encrypted password, the number of days since January 1, 1970 (also called the epoch) that the password was last changed, the minimum number of days before password can be changed, the number of days before a password change is required, the number of days before password expiration during which the user is warned of the expiration, the number of days before the account will is disabled after a password expires, the date (the number of days since the epoch) since the user account has been disabled, and a reserved field. Here is an example line of a /etc/shadow for user mihael.

mihael:$6$YkFgOHylWzvL1VDQ$iUXFmCBypGZNCWRh0j8P0mffcFXoQqKEWjZgPYIxg6aW7lull1NmNvcZtAVRg5mbsEaGoMoj Pgd7xDyBp5fi51:18324:0:99999:7:::

Each user can be a member of one or more groups. The /etc/group file contains a list of groups, each on a separate line. Each line is a four field, separated by colon characters. The fields from left to right are the name of the group, group password (if x is in this field, then group password is being used), group ID (GID), and a list of the users belonging to the group, separated by comma. Here is an example line from /etc/group.


To print user and group information for the specified user, or for the current user, you can execute the id command.

$ id
uid=1000(mihael) gid=1000(mihael) groups=1000(mihael),24(cdrom),25(floppy),29(audio),30(dip),44(video),46 (plugdev),109(netdev)

To print only the group ID for the specified user

$ id -g

To print all group IDs for the specified user

$ id -G
1000 24 25 29 30 44 46 109

last through /var/log/wtmp and displays a list of all users logged in and out since that file was created.

$ last
mihael tty1 Tue Mar 3 11:38 still logged in
reboot system boot 4.19.0-8.amd64 Tue Mar 3 11:37 still running

wtmp begins Tue Mar 3 11:37:14 2020

One or more usernames can be given, in which case last will show only the entries matching those arguments.

$ last mihael
mihael tty1 Tue Mar 3 11:38 still logged in

who shows users who are currently logged in.

$ who
mihael tty1 2020-03-03 11:38

w displays information about the users currently on the machine and their procceses. The header shows the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5 and 15 minutes. The entries displayed for each user are login name, the tty name, the remote host, login time, idle time, JCPU (time used by all processes), PCPU (time used by the current process), and the command line of their current process.

$ w
12:45:28 up 1:08, 1 user, load average: 0.00, 0.00, 0.00
mihael tty1 - 11:38 0.00s 0.13s 0.00s w

Logging in to the system as the root user allows you to execute commands as the administrator. It is not recommended to login as the root user directly. Because using the root account is potentially dangerous, you should only execute commands as root if administrative privileges are needed. The sudo command offers administrative access to users. When users precede a command with sudo, they are prompted for their own password. Then, once authenticated, the administrative command is executed as if by the root user. For example, you need to be the root user in order to view the /etc/shadow file.

$ sudo cat /etc/shadow
[sudo] password for mihael:

To give someone administrative privileges, edit the sudo configuration file as the root user

$ nano /etc/sudoers

and add a line similar to the following.

mihael ALL=(ALL:ALL) ALL

When a user executes the su command, they are prompted for the root password and, after authentication, the user is the root user and has absolute administrative access to the system. It is possible to use the su command to change to any other user on the system.

$ su - root

$ su

System users are accounts generally used to run background services. System users used by services will generally use UIDs that are in the "reserved" range. One system users that is an exception to this rule is the user nobody, which has an UID of 65534. The reserved range used for service users has expanded over time. Originally, it was for UIDs between 1 and 99. Then, it expanded to be between 1 and 499. The current trend among distributions is that system users will be any account that has a UID between 1 and 999, but the range between 1 and 499 is still commonly used. Most accounts are necessary for the system to function correctly. You should not delete a system account unless you are absolutely certain that removing the account won't cause problems.