Users and Groups

Users and Groups

Copyright(c) Management Analytics, 1995 - All Rights Reserved

Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved

Users are identified by user identifications (Uids), each of which is associated with an integer in the range of 0 to a system specified maximum. We will use Uids and the integers associated with them interchangeably whenever that doesn't cause confusion. Users with Uid=0 are given superuser privileges, which allows them to act as any other user on the system. Users with Uids less than 100 are, by convention, system users, while higher Uid numbers are usually reserved for normal users.

Users are placed in groups, identified by group identities (Gids). Each Gid is associated with an integer in the range from 0 to a system specified maximum. Groups with Gid=0 are reserved for system groups. In most installations, other groups with Gid less than 100 are used for system functions, while groups with Gid over 100 are used for normal groups of users.

In order to be recognized by the system as being a given user, it is necessary to either login to the system by identifying your Uid, or change from your current Uid to another Uid. In order to prevent mistaken or malicious acts toward users, UNIX provides an authentication mechanism whereby users must authenticate their identity by providing a password to the system. UNIX transforms all passwords into an encrypted form in order to prevent attackers from exploiting copies used for comparison purposes.

Once a user is properly identified and authenticated, UNIX grants the user access all authorized information. More details of the authorization mechanism is described in a later part of this document.

Each user is associated with one or more groups. When a user is identified to the system, a default Gid is provided and the system grants access to all authorized information for that group. A user can change groups by making an operating system request. UNIX then checks its files to determine whether or not the user is an authorized member of that group, and grants all authorized access if appropriate.