Because Unix is a multiuser system, it is quite normal to have many users (also called user accounts ) on your computer. You could even have hundreds if your computer is being used as a server that many people can access, perhaps to retrieve their e-mail.
To help manage system security, Unix uses groups to organize several users together so that you can grant file access to all of them. A user is always a member of at least one group and may be a member of many groups. Think of how employees in a company might be organizedeveryone has access to the e-mail system, but only certain people in the accounting department have access to financial information. Thus, the people in accounting are members of two different groups for security purposes: They are members of group "staff" and also group "finance."
Every single file and directory on a Unix machine is owned by one user and one group. When a file is created, its ownership and permissions are based on the user who created it.
A file starts its existence under the ownership of the user who created it and within one of the groups that user belongs to (usually the user's primary group for more on groups, see the following section, and the entries for 2775 and 2000 in Tables 8.3 and 8.4, respectively). The file also has a set of permissions assigned to it, based on the umask of the user; the umask defines which permissions are not granted (or are "masked out") for files you create (review "Changing your umask " in Chapter 7, "Configuring Your Environment with Unix").
Every user account on a Unix system has a name and a number. The name is what Mac OS X calls your short name . In the Unix world, this short name is variously referred to as your login name , your user name , and frequently simply user. The number is referred to as the user ID , or uid.
Every user account on a Unix system belongs to at least one group . Like users, groups have both names and ID numbers . A Unix group contains a list of users. As we mentioned, users are frequently members of more than one group. The group's ID number is often referred to as the gid . See Chapter 11, "Introduction to System Administration," to learn how to add users to a group.
In some Unix systems (including Mac OS X 10.4 Tiger) a new group is normally created when you create a new user account. The new group has the same name as the user's user name, and the gid number is the same as the new uid number. The new user will be the only member of this user private group . The group ownership on users' home directories will be their user private group. On other Unix systems (and Mac OS X before 10.3), new user accounts typically all belong to a single group and their home directories have that group ownership. On Mac OS X before 10.4 this would be the staff group.
Seeing all the users and groups on your system
Even if you created only one account when you installed Mac OS X, you still have more than a dozen "users" on your system. This is because Unix has a number of special user accounts that are never intended to be directly used by any human. These other "users" exist so that system files and processes may be owned and operated with differing sets of privileges. There are also a number of groups that exist for the same purpose.
To see a list of all the users on your system:
Figure 8.2 shows the meanings of the most important entries. Notice the primary group ID entry. Every user is a member of at least one group, called his or her primary group .
Figure 8.2. Diagram showing the important parts of each line in the output from nidump passwd .
To see a list of all the groups on your system:
It is very easy to see which groups a particular user belongs to.
To see which groups you belong to:
To see which groups another user belongs to: