User Accounts


Every Ubuntu installation typically contains three types of account: the super user, the day-to-day user, and the system user. Each type is important in its own right, and you must know the responsibilities of each. Without working together, Ubuntu would have a hard time doing anything!

All users must have accounts on the system. Ubuntu uses the /etc/passwd file to hold information on user accounts. Each user, regardless of type, has a one-line entry of account information stored in the /etc/passwd text file. Each account entry contains a username (used for logging in), a password field containing an x (as passwords are actually contained in /etc/shadow), a user ID (UID), and a group ID (GID). The fifth field contains optional human ID information, such as real name, office location, phone number, and so on. The last two fields are the location of the user's home directory and the user's default login shell. See the "The Password File" section later in this chapter for more information.

Like other Linux distributions, Ubuntu makes use of the established UNIX file ownership and permission system. Each file (which can include directories and even devices) can be assigned one or more of read, write, and/or execute permissions. These can be assigned further to the owner, a member of a group, or anyone on the system. File security is drawn from combining ownership and permissions. The system administrator (most commonly referred to as the super user) has total responsibility to make sure that users have proper UIDs and GIDs and to ensure that sensitive files (which can include important system files) are locked down using file permissions. Regardless of how many system administrators are present on the system, there can only be one root user. This is the user who has access to everything and can grant or take away any privileges on the system. The root user has a user ID of 0 and a group ID of 0, making it unique among all other users on the system.

The root user can use any program, manipulate any file, go anywhere in the file system, and do anything within the Ubuntu system. For reasons of security, that kind of raw power should be given only to a single trusted individual.

It is often practical for that power to be delegated by the root user to other users. This delegation is referred to as an elevation of privileges, and these individuals are known as super users because they enjoy the same powers that root enjoys. This approach is normally used only on large systems in which one person cannot effectively act as the system administrator.

Note

As explained in other chapters, Ubuntu differs from other Linux distributions in that it uses the sudo command to allow normal users to execute system administration tasks. If you want to enable the root account, it is just a matter of entering sudo passwd root for a prompt to enter a new password for the root account. On the other hand, if you want to be able to use a root terminalthat is, not worry about entering sudo in front of every commandyou should enter sudo -i to get the familiar # prompt. After you have finished carrying out your work, just issue the exit command to return to normal user status. Where you see the # prompt throughout this chapter, it means that you should run the command as root, so use one of the above methods to allow you to run the commands as needed.


A regular user is someone who logs on to the system to make use of it for nonadministrative tasks such as word processing or email. These users do not need to make systemwide changes or manage other users. However, they might want to be able to change settings specific to them (for instance, a desktop background). Of course, depending on how draconian the root user is, regular users might not even be able to do that!

The super user grants privileges to regular users by means of file and directory permissions (as covered in Chapter 5, "First Steps with Ubuntu"). For example, if the super user does not want you to change your settings in ~/.profile (the ~ is a shell shortcut representing your home directory; see Chapter 15, "Automating Tasks"), root can alter the permissions so that you may read from, but not write to, that file.

Caution

Because of the potential for making a catastrophic error as the super user (using the command rm -rf /* is the classic example, but do not ever try it!), always use your system as a regular user and become root only temporarily to do sysadmin duties. While you are on a multiuser system, consider this advice an absolute rule; if root were to delete the wrong file or kill the wrong process, the results could be disastrous for the business. On your home system, you can do as you please, and running as root makes many things easier, but less safe. In any setting, however, the risks of running as root are significant.


The third type of user is the system user. The system user is not a person, but rather an administrative account that the system uses during day-to-day running of various services. For example, the system user named xfs owns the X11 font server and all the associated files. Only itself and root can have access to these filesno one else can access or make changes to these files. System users do not have a home directory or password, nor do they permit access to the system through a login prompt.

You will find a list of all the users on a system in the /etc/passwd file. Ubuntu refers to these users as the standard users because they are found on every Ubuntu computer as the default set of system (or logical) users provided during the initial installation. This "standard" set differs among Linux distributions.

User IDs and Group IDs

A computer is, by its very nature, a number-oriented machine. It identifies users and groups by numbers known as the user ID (UID) and group ID (GID). The alphabetic names display on your screen just for the your ease of use.

As previously mentioned, the root user is UID 0. Numbers from 1 through 499 and 65,534 are the system, or logical, users. Regular users have UIDs beginning with 1,000; Ubuntu assigns them sequentially beginning with this number.

With only a few exceptions, the GID is the same as the UID. Those exceptions are system users who need to act with root permissions: sync, shutdown, halt, and operator.

Ubuntu creates a private GID for every UID of 1,000 and greater. The system administrator can add other users to a GID or create a totally new group and add users to it. Unlike Windows NT and some UNIX variants, a group cannot be a member of another group in Linux.

File Permissions

As you learned in Chapter 5, permissions are of three types: read, write, and execute (r, w, x). For any file or directory, permissions can be established in three categories: user, group, and global. In this section, we focus on group permissions, but there is a highlight of the commands used to change the group, user, or access permissions of a file or directory:

  • chgrp Changes the group ownership of a file or directory

  • chown Changes the owner of a file or directory

  • chmod Changes the access permissions of a file or directory

These commands, which modify file ownerships and permissions, can be used to model organizational structures and permissions in the real world onto your Ubuntu system (see the next section, "Managing Groups"). For example, a human resources department can share health-benefit memos to all company employees by making the files readable (but not writable) by anyone in an accessible directory. On the other hand, programmers in the company's research and development section, although able to access each other's source code files, would not have read or write access to HR pay-scale or personnel files (and certainly would not want HR or marketing poking around R&D).

These commands are used to easily manage group and file ownerships and permissions from the command line. It is essential that you know these commands because sometimes you might have only a command-line interface to work with; perhaps some idiot system administrator set incorrect permissions on X11, for example, rendering the system incapable of working with a graphical interface.

User Stereotypes

As is the case in many professions, exaggerated characterizations (stereotypes or caricatures) have emerged for users and system administrators. Many stereotypes contain elements of truth mixed with generous amounts of hyperbole and humor and serve to assist us in understanding the characteristics of and differences in the stereotyped subjects. The stereotypes of the "luser" and the "BOFH" (users and administrators, respectively) also serve as cautionary tales describing what behavior is acceptable and unacceptable in the computing community.

Understanding these stereotypes allows you to better define the appropriate and inappropriate roles of system administrators, users, and others. You can find the canonical reference to these terms in the alt.sysadmin.recovery FAQ at http://www.ctrl-c.liu.se/~ingvar/asr/overview.html.




Ubuntu Unleashed
Ubuntu Unleashed 2011 Edition: Covering 10.10 and 11.04 (6th Edition)
ISBN: 0672333449
EAN: 2147483647
Year: 2006
Pages: 318

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net