Accounts & Groups

2008 Oct 18


To login to a linux or unix system a user must have an account. Every process runs with the permissions set up with an acoount. Accounts are created and managed using the /etc/passwd file, which contains one line per account on the system. Each of these lines is a a series of colon separted fields, e.g.:

ftp:*:8:11:FTP User:/home/ftp:
These fields (left to right) are :

Any user can read the passwd file, it is world readable but not write it. Because of this some systems do not have the encrypted password in the file but put them in a shadow password file called /etc/shadow or /etc/secure. Only users with superuser (root) privileges can access the shadow password file.


To simplify managing the permission, users can be assigned to groups and these groups can have permissions set. All groups are in the file /etc/group which has one line for each group defined on the system, e.g.:

These colon separated fields (left to right) are :

There is a special user called root, also called the super-user, who has the maximum (or all) privileges on the system - the ability to read, write, alter any setting, execute any file or program. The UID of root is 0, the actual name does not have to be root but its UID must be 0. Multiple users can have UID 0.