All users must have accounts on the system. Fedora uses the /etc/passwd file to hold information on user accounts. Each user, regardless of type, has a one-line entry of account information stored in the /etc/passwd text file.
Each account entry contains a username (used for logging in), a password field containing an x (as passwords are actually contained in /etc/shadow), a user ID (UID), and a group ID (GID). The fifth field contains optional human ID information, such as real name, office location, phone number, and so on. The last two fields are the location of the user's home directory and the user's default login shell. See the section "The Password File" later in this chapter for more information.
Like other Linux distributions, Fedora makes use of the established UNIX file ownership and permission system. Each file (which can include directories and even devices) can be assigned one or more of read, write, and/or execute permissions. These can be assigned further to the owner, a member of a group, or anyone on the system. File security is drawn from combining ownership and permissions. The system administrator (most commonly referred to as the super user) has total responsibility to make sure that users have proper UIDs and GIDs, and to ensure that sensitive files (which can include important system files) are locked down using file permissions. You'll learn more about permissions in the section "Managing Permissions."
Regardless of how many system administrators are present on the system, there can only be one root user. This is the user who has access to everything, and can grant or take away any privileges on the system. The root user has a UID of 0 and a GID of 0, making it unique among all other users on the system. The root user can use any program, manipulate any file, go anywhere in the file system, and do anything within the Fedora system. For reasons of security, that kind of raw power should be given to only a single trusted individual.
It is often practical for that power to be delegated by the root user to other users. This delegation is referred to as an elevation of privileges, and these individuals are known as super users because they enjoy the same powers that root enjoys. This approach is normally used only on large systems in which one person cannot effectively act as the sole system administrator.
On your Fedora system, when you log in as root, you are root or the super user. In this chapter, the terms root, super user, system administrator, and sysadmin are used interchangeably, although they need not all refer to a single person.
A regular user is someone who logs on to the system to make use of it for nonadministrative tasks such as word processing or email. These users do not need to make systemwide changes, nor do they have to manage any other users. However, they might want to be able to change settings that are specific to them (for instance, a desktop background). Of course, depending on how draconian the root user is, regular users might not even be able to do that!
The super user grants privileges to regular users by means of file and directory permissions. (Those are covered in the section entitled "Managing Permissions.") For example, if the super user does not want you to change your settings in ~/.profile (the ~ is a shell shortcut representing your home directory), root can alter the permissions so that you may read from, but not write to, that file.
Because of the potential for making a catastrophic error as the super user (using the command rm -rf /* is the classic example, but do not ever try it!), always use your system as a regular user and become root only temporarily to do sysadmin duties. While you are on a multiuser system, consider this advice an absolute rule; if root were to delete the wrong file or kill the wrong process, the results could be disastrous for the business. On your home system, you can do as you please and running as root makes many things easier, but less safe. In any setting, however, the risks of running as root full time are significant. (In case you're wondering, the above command would completely wipe your entire file system, leaving you with nothing but a red face!)
The third type of user is the system user. The system user is not a person, but rather an administrative account that the system uses during day-to-day running of various services. For example, the system user named apache owns the Apache Web Server and all the associated files. Only it and root can have access to these files — no one else can access or make changes to these files. System users do not have a home directory or password, nor do they permit access to the system through a login prompt.
You will find a list of all the users on a system in the /etc/passwd file. Fedora refers to these users as the standard users because they are found on every Fedora computer as the default set of system (or logical) users provided during the initial installation. This "standard" set differs among Linux distributions.
Adding New Users
The command-line approach to adding any user is actually quite simple and can be accomplished on a single line. In the example shown here, the sysadmin uses the useradd command to add the new user bernice. The command adduser (a variant found on some UNIX systems) is a symbolic link to useradd, so both commands work the same. In this example, we use the -p option to set the password the user requested; we use the -s option to set his special shell, and the -u option to specify his UID. (If we created a user with the default settings, we would not need to use these options.) All we want to do can be accomplished on one line:
# useradd bernice -p sTitcher -s /bin/bash -u 507
The sysadmin can also use the graphical interface that Fedora provides, as shown in Figure 10.1. It is accessed as the Users and Groups item from the System Settings menu item. Here, the sysadmin is adding a new user to the system where user bernice uses the bash command shell.
FIGURE 10.1 Adding a new user is simple. The GUI provides a more complete set of commands for user management than for group management.
These are the steps we used to add the same account as shown in the preceding command, but using the graphical User Manager graphical interface:
1. Launch the Fedora User Manager graphical interface by clicking the Users and Groups menu item found in the System, Administration.
2. Click the Add User button to bring up the Add User dialog window.
3. Fill in the form with the appropriate information, as described in the first paragraph in this section.
4. Click the drop-down Login Shell menu to select the bash shell.
5. Check the Specify User ID box to permit access to the UID dialog.
6. Using the arrows found in the UID dialog, increment the UID to 5413.
7. Click OK to save the settings.
Note that the user is being manually assigned the UID of 549 because that is her UID on another system machine that will be connected to this machine. Because the system only knows her as 549 and not as bernice, the two machines would not recognize bernice as the same user if two different UIDs were assigned.