User Roles in Linux
Linux is a multi-user operating system. Each user has specific permissions and roles.
Types of Users:
a. Root User
- The superuser with full control over the system.
- Can read, write, and execute any file.
- Username:
root - Home directory:
/root - Use with caution — root can break the system.
b. Regular User
- Created by the system admin or during OS installation.
- Limited privileges.
- Can only access their own files and some shared resources.
c. System Users
- Created by the OS for services (e.g.,
nobody,www-data,mysql). - Usually have no login access.
- Run background services (daemons).
User Identification
Each user has:
- Username – e.g.,
john - UID (User ID) – Unique number, root is
0 - GID (Group ID) – Group membership
- Home directory – e.g.,
/home/john - Shell – e.g.,
/bin/bash
User info is stored in:
/etc/passwd
/etc/shadow # stores encrypted passwordsSudo – Superuser Do
What is sudo?
- Allows authorized users to run commands as root or another user.
- Safer than logging in as root directly.
- Tracks and logs actions for security.
Syntax
sudo commandExample
sudo apt update- Runs the
apt updatecommand with root privileges.
Granting Sudo Access
Only users in the sudo group (or wheel group in some distros) can use sudo.
Add a user to sudo group (Ubuntu/Debian)
sudo usermod -aG sudo usernameOn RedHat/CentOS/Fedora
sudo usermod -aG wheel usernameConfiguration File
/etc/sudoers – Defines who can use sudo and how.
Edit safely using:
sudo visudoExample line:
john ALL=(ALL:ALL) ALLjohncan run all commands as any user on any host.
Run as Another User
Use -u option:
sudo -u username commandExample:
sudo -u postgres psqlSecurity Tips
- Avoid logging in as
rootdirectly. - Use
sudofor elevated tasks only. - Log files:
/var/log/auth.logor/var/log/secure - Limit
sudoaccess using groups or command restrictions.
Last updated on