Users and groups

Table of Contents

Understanding Users and Groups on Linux

Linux is a multi‑user system: many different people (or system components) can use it at the same time, each with their own identity and permissions. Those identities are represented as users and organized into groups.

This chapter focuses on what users and groups are, how they’re represented inside the system, and how to inspect them from the command line. Actual commands for creating and removing users or managing them centrally are covered in other chapters.

User Accounts: More Than Just a Login

A user account represents an identity on the system. You usually log in as some user, like alice, bob, or root.

Each user has:

A username: a human‑readable name, e.g. alice.
A User ID (UID): a numeric ID that the kernel actually uses.
A primary group: the main group that owns files created by this user.
A home directory: usually /home/username.
A login shell: the program started when the user logs in (e.g. /bin/bash).

The OS internally cares about numeric IDs (UIDs), not names. Names are mapped to numbers using system databases (like /etc/passwd and /etc/group).

Types of Users

On most Linux systems, you’ll find three broad categories:

Root user

Username: root
UID: 0
Has full system privileges; not restricted by normal file permissions.
Used for system administration tasks.

Regular (human) users

UIDs usually start at 1000 (sometimes 500 on older systems).
Used by real people to log in, run programs, and own personal files.

System/service users

Often have UIDs below 1000 (distribution‑specific).
Do not usually log in interactively.
Used for running services (like www-data, postgres, mail), so those services can have separate permissions and ownership.

You can see these different users by listing the system’s user database.

Inspecting Users With `/etc/passwd`

User information is stored (at least partially) in /etc/passwd. Despite the name, this file does not hold actual passwords anymore; it holds user account metadata.

View it with:

cat /etc/passwd

Each line represents one user, with fields separated by ::

username:x:UID:GID:comment:home_directory:login_shell

For example:

alice:x:1000:1000:Alice Example,,,:/home/alice:/bin/bash

Breakdown:

alice — username
x — placeholder indicating the real (hashed) password is stored elsewhere (usually /etc/shadow)
1000 — UID
1000 — primary GID (Group ID)
Alice Example,,, — comment field (often the user’s full name)
/home/alice — home directory
/bin/bash — login shell

You can also use helper commands:

id — show your own IDs and groups

id

id username — show IDs and groups for a specific user

  id alice

What Is a Group?

A group is a collection of users. Groups provide a way to give a set of permissions to multiple users at once.

Examples:

sudo — users allowed to run commands as root using sudo.
audio — users allowed to access audio devices.
docker — users allowed to manage Docker without sudo.

A user can belong to:

One primary group — associated with file ownership when they create new files (by default).
Zero or more supplementary (secondary) groups — used for access control (e.g. audio, video, sudo).

The kernel internally works with Group IDs (GIDs), numeric identifiers similar to UIDs.

Inspecting Groups With `/etc/group`

Group information is stored in /etc/group. View it with:

cat /etc/group

Each line has the format:

group_name:x:GID:user_list

Example:

sudo:x:27:alice,bob

Breakdown:

sudo — group name
x — historical password field (not used on most systems)
27 — GID
alice,bob — comma‑separated list of members with this as a supplementary group

Note: a user’s primary group usually appears only by UID/GID mapping and not necessarily in this member list. For example, if alice has primary group alice (GID 1000), you might see:

alice:x:1000:

with an empty member list, because the primary group is recorded in /etc/passwd for that user.

Viewing Your Groups

To see what groups you belong to:

groups

To see groups for a specific user:

groups username

or, more detailed:

id username

Example output:

$ id alice
uid=1000(alice) gid=1000(alice) groups=1000(alice),27(sudo),29(audio)

This tells you:

UID: 1000
Primary GID: 1000 (alice)
Supplementary groups: sudo, audio

Primary vs Supplementary Groups in Practice

Understanding primary vs supplementary groups is important for file permissions (covered elsewhere), but the core idea is:

The primary group is usually used as the group owner for new files you create.
Supplementary groups determine additional permissions you have when accessing existing files or devices.

Example scenario:

User alice has:

primary group: alice
supplementary groups: sudo, audio

When alice creates a file in her home directory, it typically gets:

owner: alice
group: alice

If a sound device is owned by group audio, alice can use it because she’s in the audio group, even though it’s not her primary group.

You can see ownership on files using ls -l:

ls -l somefile

Output example:

-rw-r----- 1 alice audio 1234 Dec 12 10:00 song.mp3

Here, alice is the owner, and the group is audio. Any user in the audio group can access it according to the group permissions.

System Ranges for UIDs and GIDs

Different ID ranges are used to distinguish system users/groups from regular ones. Exact ranges vary between distributions, but a typical pattern is:

0 — root
1–999 — system users and groups (services, daemons)
1000 and above — regular human users and their default groups

You can see the configured ranges in /etc/login.defs (read‑only for now):

grep -E 'UID_MIN|UID_MAX|GID_MIN|GID_MAX' /etc/login.defs

This controls the default ranges used when new users and groups are created.

Naming Conventions and Good Practices

When working with users and groups:

Usernames:

Usually lowercase.
Avoid spaces and special characters; stick to a–z, 0–9, -, _.
Often match email or organizational naming schemes, e.g. j.smith, jsmith.

Group names:

Also usually lowercase, descriptive of their purpose: developers, audio, sudo.
Many distributions create a user‑private group with the same name as the user (alice:alice), which becomes that user’s primary group.

As a beginner, you’ll mostly just inspect existing users and groups, and be added to important groups like sudo by an administrator or during installation.

Common Commands for Exploring Users and Groups

While user/group creation and removal are discussed in another chapter, you should know how to explore what’s already there.

Show Current User

whoami

Show Your Identity and Groups

id

Example:

uid=1000(alice) gid=1000(alice) groups=1000(alice),27(sudo),29(audio)

Show All Logged‑In Users

who

or:

Show All Users (From `/etc/passwd`)

cut -d: -f1 /etc/passwd

Show All Groups

cut -d: -f1 /etc/group

See Entry for a Specific User or Group

Using getent (works even with network/user directories):

User info:

  getent passwd alice

Group info:

  getent group sudo

These commands are safer than directly parsing /etc/passwd or /etc/group on systems that use centralized authentication (LDAP, NIS, etc.), since getent will include remote accounts as well.

How Users and Groups Relate to Permissions

Users and groups matter because Linux file permissions are based on three categories:

User — the owner of a file.
Group — users who share the file’s group.
Others — everyone else.

Each category can have different permissions ($r$, $w$, $x$). The user and group attached to a file determine who is treated as the owner and who is treated as a group member. Those mechanics are covered in detail in later sections, but remember:

Every process runs as a particular user (and set of groups).
The kernel checks that user’s UID/GIDs against the file’s owner and group to decide access.

Understanding user and group identities is the foundation for understanding permissions and ownership.

Comments

Please login to add a comment.

Don't have an account? Register now!