Understanding users, groups, and basic permissions
65
UsersUsers area way of providing security limits to people as well as programs running in a system. There
are three types of users Regular users: Assigned to individuals to perform their job. They have restrictions applied to them
The superuser: Also referred to as root. This is the main administrative account in the system
and has full access to it System users: These are user accounts usually assigned to running processes or daemons to limit their reach within the system. System users are not intended for logging into the system.
Users have a number called the UID that the system uses to internally identify each one of them.
We previously used the whoami command to reveal which user we were working with, but to get more information here, we will use the id command:
[user@rhel-instance
]$ iduid=1000(user) gid=1000(user) groups=1000(user),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023We can also check the information related to other
user accounts in the system, even to get info about root:
[user@rhel-instance
]$ id rootuid=0(root) gid=0(root) groups=0(root)Now, let’s take a look at the information we have received for user by running id uid=1000(user): The UID is the numeric identifier of the user in the system. In this case, it is 1000. Identifiers of 1,000 and above are used in RHEL for regular users, whereas 999 and below are reserved for system use gid=1000(user): The group ID is the numeric identifier for the principal group assigned to the user groups=1000(user),10(wheel): These are the groups
that the user belongs to, in this case, user with ab Group ID (
GID) of 1000 and wheel with a GID of 10. The wheel user group is a special one. It is used in RHEL and many other systems as the group for users that can become administrators by using the sudo tool (which we will explain later context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023: This is the SELinux context for the user. It will define several restrictions
in the system by using SELinux (which will be explained in greater depth in Chapter 10, Keeping Your System Hardened with SELinux).
Basic Commands and Simple Shell Scripts
66
ID-related data is stored in the system in the /etc/passwd file. Please note that this file is very sensitive and is better managed by using the tools related to it. If we want to edit it, we will do so by using vipw, a tool that will ensure (among other things) that only one admin is editing the file at anyone time. The /etc/passwd file contains the info of each user per line. This is the line for user:
user:x:1000:1000:user:/home/user:/bin/bash
Each
field is separated by a colon, :, in each line. Let’s review what they mean user The username assigned to the user x The field for the encrypted password. In this case, it shows as x because it has moved to /
etc/shadow, which is not directly accessible to regular users, to make the system more secure 1000 (the first one The UID value 1000 (the second one The GID value user A description of the account /home/user: The home directory assigned to the user. This will be the
default directory or folder, if you prefer) that the user will work on and where their preferences will be stored /bin/bash: The
command interpreter for the user. Bash is the default interpreter in RHEL. Other alternatives, such as tcsh, zsh, or fish are available to be installed in RHEL.
Share with your friends: 
