The concept of users and file ownership was explained in Chapter 15, but let's take a few minutes to recap and elaborate on some important points.
Each person who wishes to use SUSE Linux must have a user account. This will define what that user can and cannot do on the system, with specific reference to files. Because SUSE Linux is effectively one large file system, with even hardware devices seen as individual files (see Chapter 15), this means that user permissions lie at the heart of controlling the entire system. They can limit which user has access to which hardware and software, and therefore control access to various PC functions.
Each user also belongs to a group. Groups have the same style of permissions as individual users. Accessing a file can be denied to a user, depending on that person's group membership.
As in real life, a group can have many members and can be based around various interests. In a business environment, this might mean that a group is created for members of the accounting department, for example, or for the human resources department. By changing the permissions on files created by the group members, each group can have files only that group's members can access (although, as always, the root user can access all files).
On a default SUSE Linux system with just a handful of users, the group concept might seem somewhat redundant. However, the concept of groups is fundamental to the way SUSE Linux works and cannot be avoided. Even if you don't make use of groups, SUSE Linux still requires your user account user to be part of one.
In addition to actual human users, the SUSE Linux system has its own set of user and group accounts. Various programs that access hardware resources or particular sets of files normally use these. Setting up system users and groups in this way makes the system more secure and easier to administer.
The root user has power over the entire system. Root can examine any file and configure any piece of hardware. Root also belongs to its own unique group, also called root.
Because of its power, the root user can cause a lot of accidental damage, so it's rare for anyone to log in as root. Instead, you can switch to root user temporarily from an ordinary user account using the su command.
Although we talk of user and group names, these are only used for the end user's benefit. SUSE Linux uses a numerical system to identify users and groups. These are referred to as user IDs (UIDs) and group IDs (GIDs), respectively.
For various reasons, under SUSE Linux, all the GID and UID numbers under 1000 are reserved for the system to use. This means that the first non-root user created on a system during installation will probably be given a UID of 1000. In addition, any new groups created after installation are numbered from 1000 upwards, although the default group that standard users are added to by default has a GID of 100.
UID and GID information isn't important during everyday use, and most commands used to administer users and file permissions understand the human-readable usernames. However, knowing UIDs and GUIDs can prove useful when you're undertaking more complicated system administration.