AfricanPearl

3 Types of Accounts in Linux/Unix

3 Types of Accounts in Linux/Unix

Rita Zannu's photo
Rita Zannu
·

9 min read

Featured on Hashnode

Introduction

Hi there, I am just getting started with Linux, within a few days I have tried using Ubuntu (Debian family) and CentOS (Red hat family) distros. I call it testing the waters :) and I am pleased to announce to you that this is my first article.

So, here is what I noticed when I started going through the basics of Linux, I have been able to understand that there are three types of account that can be created on a Linux operating system, which are:

  • Root account
  • User account
  • Service account

What is a Root account?

In simple terms, a root account is considered to be a user or an account with the most privileges, who has access to all commands and files in a Linux operating system. It is also referred to as a superuser or an account with all administrative rights, usually used to perform system-level administrative tasks.

So, How is a Root account created???

A root account is automatically provisioned when you create a user account during the installation of the operating system. Once the user account is created, you can access the root account with the command below:

$ su -

After logging in to the root account, it looks like:

vagrant@vagrant-ubuntu-trusty-64:~$  su -
Password:
root@vagrant-ubuntu-trusty-64:~#

The su command allows you to run commands with substitute user and group ID, if an argument "- username" did not come after the su command, the system assumes you are referring to the root. You use the exit command to leave the root account.

root@vagrant-ubuntu-trusty-64:~# exit
logout
vagrant@vagrant-ubuntu-trusty-64:~$

linux.PNG

The root signifies that it is a root user while the hostname is vagrant-ubuntu-trusty-64. One wonderful thing to note about a root account, its User Identification Number (UIN) is always 0. You can use cat /etc/passwd command to find user(root in this case) information.

vagrant@vagrant-ubuntu-trusty-64:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
...

image.png

Now, can you create another root account? The answer is no but there is a solution. We can create a user account and grant root privileges to that user. Yipee!!! Let's go for a tea break ;).

What is a User account?

A user account is an account created during the installation of the operating system, it is considered a normal account that has less permission on files, and fewer privileges or activities to be carried out, compared to a root account. More than one user account can be created on one operating system and specific tasks, permission, and privileges can be given to them. This ability helps the system administrator to ensure privacy and security to files and also provides accountability for file management.

How a User account is created

A user account is usually created on installation of the OS, other account creation can be done after logging in to the system. It can be created using two commands;

$ adduser

and

$ useradd

The adduser is used to create a new user account while setting up a home directory, other directories, and account files automatically. While useradd is a low-level utility that creates a new user without setting up home directory of the user account except specified with -m.

Creating a user account using adduser

vagrant@vagrant-ubuntu-trusty-64:~$ sudo adduser celine
Adding user 'celine' ...
Adding new group 'celine' (1003) ...
Adding new user 'celine' (1003) with group 'celine' ...
Creating home directory '/home/celine' ...
Copying files from '/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
changing the user information for celine
....
Is the information correct? [Y/n]

Creating a user account using useradd:

vagrant@vagrant-ubuntu-trusty-64:~$ sudo useradd helen
vagrant@vagrant-ubuntu-trusty-64:~$

You will notice home directory and other files were not created when we created helen user using the useradd command. For every account created, there is always a primary group ID allocated to the account.

Remember I talked about creating a user account and granting root privileges, this can be done by adding the user to the sudo group. Using user account celine, let's grant celine root privileges.

vagrant@vagrant-ubuntu-trusty-64:~$ usermod -aG sudo celine

The usermod command means user modify, it is used to change properties or attributes of an existing user account while -aG means add to group. The user account UID usually starts from >999, notice the third line in the command line above, '1003' is allocated to the user group 'celine'. Now you know how to grant a user account privileges. Hurray!!! Time to move on to the last type of account.....

The Service Account

A Service account is an account that is usually created and configured by a package manager during the installation of service software. It is used for running and managing services on the system. It is also called a system account and by convention, they do not have the usual type of login shell other accounts make use of instead uses /usr/sbin/nologin as its login shell and there is no access to this shell. The UID of a service account usually ranges from 0>service account<1000 ie, it takes a number between 1 and 999. Service accounts do not have most privileges a root account has.

Example of a service account:

gdm:x:42:42::/var/lib/gdm:/sbin/nologin

A service account can also be created using a user account using the useradd command with -r to indicate it is a service account.

vagrant@vagrant-ubuntu-trusty-64:~$ useradd -r newservice

To confirm the service account has been created

vagrant@vagrant-ubuntu-trusty-64:~$ tail /etc/passwd
.....
newservice:x:988:982::/home/newservice:/bin/bash

Notice the output has a bash shell, this is because the service account was created using a user account but you will notice the UID is between the normal range for a service account.

Conclusion

Now I believe I have been able to clearly distinguish the various types of accounts in a linux operating system. A root account cannot be created by a user but root privileges can be given to a user account while a service account has a specific set of privileges to run and manage service on the system.

I do hope this article has been able to shed more light on the use of these accounts, on my next article I will discuss what happens behind the scene when a regular user is created, follow me to get a notification. If this article has been helpful in any way please do not hesitate to give a thumbs up.

Do you have contributions or questions to make regards this article? Feel free to give your feedback in the comment section and I will be happy to answer any question... Expect me soon, do stay safe out there, lots of love.

Linuxlinux-basicslinux for beginnersunixGeneral Programming