Skip to content

Lesson 6: Users and Groups

Add intro about this being a theory lesson - take time to learn etc

We've talked about users before. To recap, modern desktop operating systems support multiple users, and all of them have a sandbox in the form of a personal Home folder.

On the CLI, regular users have read and write access to their Home folder, and not much else. In other words, they lack permission (or privileges) to modify (or sometimes even read) system configuration files, peek into other users' folders and install software.

Of course, there is a lot more to learn about users, groups and privileges -- this lesson covers some beginner and intermediate level concepts.

Regular vs root user

In any modern desktop OS, unless explicitly configured, every user has Administrator rights--you can install or remove software, configure the OS to their liking, and even peek into other users' folders--all you need to do is (maybe) enter your password and click Yes on a scary looking dialog box.

Traditionally, in CLI land, things weren't always like this. There was a division -- regular (unprivileged) users and a separate root account (sometimes called the super user, or simply su), with its own password and Home folder. Only the root user was allowed to change system configuration or install/remove additional software.

If your user wasn't allowed to access the root account or you didn't know the root password, too bad for you.

You can still in theory configure a separate root account, but these days, there's a better way to do Admin tasks.

The new way: privilege escalation

One unintended side effect of logging in to the root account was that you could forget you were in God Mode and inadvertently run a potentially destructive command.

To remedy this, instead of first logging in as root, you use the system as a regular user, then use the sudo command (think "do as super user") whenever you want to change system configuration or install new software. This is called privilege escalation.

What's the point? You're still running the same commands and can still blow up your system with a wrong command, you might ask.

Good question. The difference is, mistakenly running a rm -r /home command while logged in as root will delete everyone's Home folder (including your own), and the other users will be very upset with you.

If you run the same command as a regular user, you'll get a stern warning from the system that you don't have the necessary privileges to do this, and everyone's data stays intact.

If you still want to make everyone hate you, you'll explicitly have to use sudo in front of the command--sudo rm -r /importantstuff--and enter your password. The same goes for modifying or deleting system files, creating new users, and installing software.