Types of users on a Linux system
Information about users and groups are stored in several text files within the
/etc/passwd file contains a list of users. Each line is separated into fields
by colon ('
:') characters. The fields from left to right are the username, the encrypted
password (x), user ID (UID), group ID (GID), GECOS (the field is optional and is used to store extra
information such as the user's full name), the absolute path to the user's home directory (such as
/home/mihael/), and the program automatically launched whenever a user logs in (this is
usually a command interpreter often called a shell). Here is an example of a
There is a risk involved in storing everyone's password in
/etc/passwd because the file is
readable. Therefore, the
/etc/shadow file is readable only by the root user and contains
password for each user. Each line is separated into fields by colon characters. The fields from left to
right are the username, the encrypted password, the number of days since January 1, 1970 (also called the
epoch) that the password was last changed, the minimum number of days before password can be changed, the
number of days before a password change is required, the number of days before password expiration during
which the user is warned of the expiration, the number of days before the account will is disabled after a
password expires, the date (the number of days since the epoch) since the user account has been disabled,
and a reserved field. Here is an example line of a
/etc/shadow for user mihael.
Each user can be a member of one or more groups. The
/etc/group file contains a list of
groups, each on a separate line. Each line is a four field, separated by colon characters. The fields from
left to right are the name of the group, group password (if x is in this field, then group password is
being used), group ID (GID), and a list of the users belonging to the group, separated by comma. Here is an
example line from /etc/group.
To print user and group information for the specified user, or for the current user, you can execute the
uid=1000(mihael) gid=1000(mihael) groups=1000(mihael),24(cdrom),25(floppy),29(audio),30(dip),44(video),46 (plugdev),109(netdev)
To print only the group ID for the specified user
$ id -g
To print all group IDs for the specified user
$ id -G
1000 24 25 29 30 44 46 109
/var/log/wtmp and displays a list of all users logged in and out
since that file was created.
mihael tty1 Tue Mar 3 11:38 still logged in
reboot system boot 4.19.0-8.amd64 Tue Mar 3 11:37 still running
wtmp begins Tue Mar 3 11:37:14 2020
One or more usernames can be given, in which case
last will show only the entries matching
$ last mihael
mihael tty1 Tue Mar 3 11:38 still logged in
who shows users who are currently logged in.
mihael tty1 2020-03-03 11:38
w displays information about the users currently on the machine and their procceses. The
header shows the current time, how long the system has been running, how many users are currently logged
on, and the system load averages for the past 1, 5 and 15 minutes. The entries displayed for each user are
login name, the tty name, the remote host, login time, idle time, JCPU (time used by all processes), PCPU
(time used by the current process), and the command line of their current process.
12:45:28 up 1:08, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
mihael tty1 - 11:38 0.00s 0.13s 0.00s w
Logging in to the system as the
root user allows you to execute commands as the administrator.
It is not recommended to login as the root user directly. Because using the root account is potentially
dangerous, you should only execute commands as root if administrative privileges are needed. The
sudo command offers administrative access to users. When users precede a command with
sudo, they are prompted for their own password. Then, once authenticated, the administrative
command is executed as if by the root user. For example, you need to be the root user in order to view the
$ sudo cat /etc/shadow
[sudo] password for mihael:
To give someone administrative privileges, edit the sudo configuration file as the root user
$ nano /etc/sudoers
and add a line similar to the following.
mihael ALL=(ALL:ALL) ALL
When a user executes the
su command, they are prompted for the root password and, after
authentication, the user is the root user and has absolute administrative access to the system. It is
possible to use the
su command to change to any other user on the system.
$ su - root
System users are accounts generally used to run background services. System users used by
services will generally use UIDs that are in the "reserved" range. One system users that is an exception to
this rule is the user nobody, which has an UID of 65534. The reserved range used for service users has
expanded over time. Originally, it was for UIDs between 1 and 99. Then, it expanded to be between 1 and
499. The current trend among distributions is that system users will be any account that has a UID between
1 and 999, but the range between 1 and 499 is still commonly used. Most accounts are necessary for the
system to function correctly. You should not delete a system account unless you are absolutely certain that
removing the account won't cause problems.