The Linux Social Structure: Users and Groups
Meet the residents of your Linux system. Understand the hierarchy of User IDs (UIDs), from the all-powerful Root user to background System accounts and human developers. Learn how Groups enable collaborative security.
User Accounts and Groups: Who Lives on Your System?
Linux is built for collaboration. Even a simple personal laptop is technically "inhabited" by dozens of different accounts. If you open a web browser, that browser might be talking to a "User" that represents the audio driver, or a "User" that represents the network interface.
Understanding how Linux categorizes these accounts is essential for security. If you give a regular user too much power, they can destroy the system. If you give a system service too little power, it can't do its job.
In this lesson, we will explore the three main types of users and how Groups act as the "Clubs" that determine who can share what.
1. The Three Tiers of Users
Linux doesn't distinguish between users based on their names, but based on their UID (User ID) numbers.
I. The Root User (UID 0)
The "Superuser." Root is the absolute ruler of the system. Root can read any file, delete any process, and bypass any security restriction.
- The Rule: Never log in as Root for daily work. Use
sudoinstead.
II. System Users (UID 1 - 999)
These are not real people. They are "Service Accounts" created so that programs can run with limited privileges.
- Example:
www-data(runs the web server),mysql(runs the database),ssh(handles remote logins). - Security Bonus: If a hacker hijacks the web server running as
www-data, they can't delete your system files becausewww-datadoesn't have those permissions.
III. Human Users (UID 1000+)
These are real people who log into the system. On most modern distros, the first user created starts at UID 1000.
2. Groups: The Power of Association
A Group is a collection of users. A user can belong to many groups at once.
If you have a folder called /projects/secret_api, you don't want to list every individual developer who can access it. Instead, you:
- Create a Group called
developers. - Give the
developersgroup access to the folder. - Add the relevant users to that group.
graph TD
Root[Root User - UID 0] --> System[System Users - 1-999]
System --> Human[Human Users - 1000+]
subgraph Groups
SudoGroup[Group: sudo - Allows Admin access]
DevGroup[Group: developers - Project access]
WebGroup[Group: www-data - Web server access]
end
UserSudeep[User: sudeep] --> SudoGroup
UserSudeep --> DevGroup
UserAlice[User: alice] --> DevGroup
UserAlice --> WebGroup
3. The ID Command: Checking your Identity
You can see your own UID and the groups you belong to by simply typing id.
id
# Output: uid=1000(sudeep) gid=1000(sudeep) groups=1000(sudeep),4(adm),27(sudo),110(lxd)
4. Primary vs. Secondary Groups
Every user has exactly ONE Primary Group (usually with the same name as the user). This is the group assigned to any new file the user creates. Everything else is a Secondary Group.
5. Practical: Finding Your System's "Citizens"
Let's look at the master list of users. Don't worry—we'll dive deep into the format of this file in Lesson 3.
# See all users logged into the system
who
# See all accounts that exist on the system (even if logged out)
cut -d: -f1 /etc/passwd | less
6. Example: A User Compliance Audit (Python)
If you are a security officer, you need to ensure that there are no "Mystery" users with high privileges. Here is a Python script that scans the local user database and flags any user (other than root) with a UID of 0.
import pwd
def security_user_audit():
"""
Checks the local password database for high-privilege anomalies.
"""
suspicious_users = []
service_accounts = []
humans = []
# pwd.getpwall() retrieves all users from /etc/passwd
for user in pwd.getpwall():
username = user.pw_name
uid = user.pw_uid
# Check for multiple 'roots'
if uid == 0 and username != 'root':
suspicious_users.append(username)
# Categorize others
if 1 <= uid < 1000:
service_accounts.append(username)
elif uid >= 1000:
humans.append(username)
return suspicious_users, len(service_accounts), humans
if __name__ == "__main__":
suspicious, service_count, humans = security_user_audit()
print("--- Linux User Security Audit ---")
print(f"Human Accounts: {len(humans)}")
print(f"Service Accounts: {service_count}")
if suspicious:
print(f"\n[!!! ALERT !!!] Suspicious ID 0 accounts found: {suspicious}")
else:
print("\n[OK] No unauthorized UID 0 accounts detected.")
print(f"\nHuman Users: {', '.join(humans)}")
7. Professional Tip: Use Groups for Shared Folders
Never chmod a file to 777 so two people can work on it. Instead:
- Create a group:
sudo groupadd project-x - Add both users:
sudo usermod -aG project-x user1 - Change group of the folder:
sudo chgrp project-x /shared/folder - Set group write permission:
chmod g+w /shared/folder
8. Summary
User management is the fundamental layer of Linux security.
- UID 0 is the Root user (God mode).
- System Users (1-999) keep the services isolated.
- Human Users (1000+) are the actual developers/admins.
- Groups are the best way to handle shared permissions at scale.
In the next lesson, we will learn how to Create, Delete, and Modify these users using the management commands.
Quiz Questions
- Why do we bother having "System Users" like
www-datainstead of just running everything as Root? - How can you find out which groups a specific user (like
alice) belongs to? - What is the UID of the root user on every Linux system?
Continue to Lesson 2: User and Group Management—useradd, usermod, and groupadd.