What's the difference between a normal user and a system user?
Some documentation I'm going through has a boolean switch on whether or not a user is a 'system' user or a 'normal' user (defaulting to 'normal').
What is the difference between these two modes of user-ship? I don't need to learn what a user is or why you need them (even 'fake' ones), but this particular distinction isn't intuitive to me.
users
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
add a comment |
Some documentation I'm going through has a boolean switch on whether or not a user is a 'system' user or a 'normal' user (defaulting to 'normal').
What is the difference between these two modes of user-ship? I don't need to learn what a user is or why you need them (even 'fake' ones), but this particular distinction isn't intuitive to me.
users
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
add a comment |
Some documentation I'm going through has a boolean switch on whether or not a user is a 'system' user or a 'normal' user (defaulting to 'normal').
What is the difference between these two modes of user-ship? I don't need to learn what a user is or why you need them (even 'fake' ones), but this particular distinction isn't intuitive to me.
users
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
Some documentation I'm going through has a boolean switch on whether or not a user is a 'system' user or a 'normal' user (defaulting to 'normal').
What is the difference between these two modes of user-ship? I don't need to learn what a user is or why you need them (even 'fake' ones), but this particular distinction isn't intuitive to me.
users
users
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
edited 2 days ago
Sean Allred
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
asked Jun 21 '13 at 14:58
Sean AllredSean Allred
7723716
7723716
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn't to show system accounts (the UIDs under which daemons and other automatic processes run) there.
Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 100
SYS_UID_MAX 499
and
# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
2
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
add a comment |
The main difference is the purpose of the account, so it's primarily a useful distinction for administrators and auditors. There are a few technical differences — from the adduser documentation:
System users will be created with no aging information in
/etc/shadow, and their numeric identifiers are chosen in theSYS_UID_MIN–SYS_UID_MAXrange, defined in/etc/login.defs, instead ofUID_MIN–UID_MAX(and their GID counterparts for the creation of groups).
As far as I can tell (I don't know Puppet), the difference from Puppet's perspective is whether it passes the -r option to adduser.
For a broader perspective, see Is it possible to "hide" an account from /etc/passwd?
edited Apr 13 '17 at 12:36
Community♦
1
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
On CentOS: Althoughuseradd --system foousercreates no home directory for that user as per the man page ofuseradd(8)(which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new userfoouseris given as the nonexistent/home/foouserin/etc/passwd.
– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down fromSYS_UID_MAX, generally 1000, so we have UID 998 for example for thefoouser.
– David Tonhofer
Dec 31 '18 at 9:50
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f80277%2fwhats-the-difference-between-a-normal-user-and-a-system-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn't to show system accounts (the UIDs under which daemons and other automatic processes run) there.
Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 100
SYS_UID_MAX 499
and
# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
2
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
add a comment |
That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn't to show system accounts (the UIDs under which daemons and other automatic processes run) there.
Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 100
SYS_UID_MAX 499
and
# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
2
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
add a comment |
That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn't to show system accounts (the UIDs under which daemons and other automatic processes run) there.
Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 100
SYS_UID_MAX 499
and
# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn't to show system accounts (the UIDs under which daemons and other automatic processes run) there.
Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:
# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN 1000
UID_MAX 60000
# System accounts
SYS_UID_MIN 100
SYS_UID_MAX 499
and
# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN 1000
GID_MAX 60000
# System accounts
SYS_GID_MIN 100
SYS_GID_MAX 499
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
answered Jun 21 '13 at 15:05
Hauke LagingHauke Laging
56k1285135
56k1285135
2
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
add a comment |
2
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
2
2
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
It's worth noting that Debian and others will have system rules hidden to most (such as in PAM rules governing system auth choices) which distinguish based on whether UIDs are above 1000 or less than. Choose your UIDs carefully.
– Dave
Nov 11 '15 at 6:24
add a comment |
The main difference is the purpose of the account, so it's primarily a useful distinction for administrators and auditors. There are a few technical differences — from the adduser documentation:
System users will be created with no aging information in
/etc/shadow, and their numeric identifiers are chosen in theSYS_UID_MIN–SYS_UID_MAXrange, defined in/etc/login.defs, instead ofUID_MIN–UID_MAX(and their GID counterparts for the creation of groups).
As far as I can tell (I don't know Puppet), the difference from Puppet's perspective is whether it passes the -r option to adduser.
For a broader perspective, see Is it possible to "hide" an account from /etc/passwd?
edited Apr 13 '17 at 12:36
Community♦
1
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
On CentOS: Althoughuseradd --system foousercreates no home directory for that user as per the man page ofuseradd(8)(which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new userfoouseris given as the nonexistent/home/foouserin/etc/passwd.
– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down fromSYS_UID_MAX, generally 1000, so we have UID 998 for example for thefoouser.
– David Tonhofer
Dec 31 '18 at 9:50
add a comment |
The main difference is the purpose of the account, so it's primarily a useful distinction for administrators and auditors. There are a few technical differences — from the adduser documentation:
System users will be created with no aging information in
/etc/shadow, and their numeric identifiers are chosen in theSYS_UID_MIN–SYS_UID_MAXrange, defined in/etc/login.defs, instead ofUID_MIN–UID_MAX(and their GID counterparts for the creation of groups).
As far as I can tell (I don't know Puppet), the difference from Puppet's perspective is whether it passes the -r option to adduser.
For a broader perspective, see Is it possible to "hide" an account from /etc/passwd?
edited Apr 13 '17 at 12:36
Community♦
1
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
On CentOS: Althoughuseradd --system foousercreates no home directory for that user as per the man page ofuseradd(8)(which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new userfoouseris given as the nonexistent/home/foouserin/etc/passwd.
– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down fromSYS_UID_MAX, generally 1000, so we have UID 998 for example for thefoouser.
– David Tonhofer
Dec 31 '18 at 9:50
add a comment |
The main difference is the purpose of the account, so it's primarily a useful distinction for administrators and auditors. There are a few technical differences — from the adduser documentation:
System users will be created with no aging information in
/etc/shadow, and their numeric identifiers are chosen in theSYS_UID_MIN–SYS_UID_MAXrange, defined in/etc/login.defs, instead ofUID_MIN–UID_MAX(and their GID counterparts for the creation of groups).
As far as I can tell (I don't know Puppet), the difference from Puppet's perspective is whether it passes the -r option to adduser.
For a broader perspective, see Is it possible to "hide" an account from /etc/passwd?
edited Apr 13 '17 at 12:36
Community♦
1
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
The main difference is the purpose of the account, so it's primarily a useful distinction for administrators and auditors. There are a few technical differences — from the adduser documentation:
System users will be created with no aging information in
/etc/shadow, and their numeric identifiers are chosen in theSYS_UID_MIN–SYS_UID_MAXrange, defined in/etc/login.defs, instead ofUID_MIN–UID_MAX(and their GID counterparts for the creation of groups).
As far as I can tell (I don't know Puppet), the difference from Puppet's perspective is whether it passes the -r option to adduser.
For a broader perspective, see Is it possible to "hide" an account from /etc/passwd?
edited Apr 13 '17 at 12:36
Community♦
1
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
edited Apr 13 '17 at 12:36
Community♦
1
edited Apr 13 '17 at 12:36
Community♦
1
edited Apr 13 '17 at 12:36
Community♦
1
1
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
answered Jun 21 '13 at 15:15
GillesGilles
530k12810621590
530k12810621590
On CentOS: Althoughuseradd --system foousercreates no home directory for that user as per the man page ofuseradd(8)(which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new userfoouseris given as the nonexistent/home/foouserin/etc/passwd.
– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down fromSYS_UID_MAX, generally 1000, so we have UID 998 for example for thefoouser.
– David Tonhofer
Dec 31 '18 at 9:50
add a comment |
On CentOS: Althoughuseradd --system foousercreates no home directory for that user as per the man page ofuseradd(8)(which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new userfoouseris given as the nonexistent/home/foouserin/etc/passwd.
– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down fromSYS_UID_MAX, generally 1000, so we have UID 998 for example for thefoouser.
– David Tonhofer
Dec 31 '18 at 9:50
On CentOS: Although
useradd --system foouser creates no home directory for that user as per the man page of useradd(8) (which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new user foouser is given as the nonexistent /home/foouser in /etc/passwd.– David Tonhofer
Dec 31 '18 at 9:50
On CentOS: Although
useradd --system foouser creates no home directory for that user as per the man page of useradd(8) (which says: Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created.), the home directory of the new user foouser is given as the nonexistent /home/foouser in /etc/passwd.– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down from
SYS_UID_MAX, generally 1000, so we have UID 998 for example for the foouser.– David Tonhofer
Dec 31 '18 at 9:50
Additionally, the UID is selected by counting down from
SYS_UID_MAX, generally 1000, so we have UID 998 for example for the foouser.– David Tonhofer
Dec 31 '18 at 9:50
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f80277%2fwhats-the-difference-between-a-normal-user-and-a-system-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
