Users and Groups

• The system converts your username to a particular user ID, and from then on it's only the user ID that counts.
• You can control access to a file or other resource by associating it with a particular user ID.
• Sometimes, you want to share a resource among multiple users.
• Linux doesn't allow you to associate multiple user IDs with a file, so you can't just create a list of all the people to whom you want to give access and attach them all to the file.
• You can, however, create a group. Each group is assigned a unique number, called a group ID, or GID. Every group contains one or more user IDs.
• A single user ID can be a member of lots of groups, but groups can't contain other groups.
• Like users, groups have names. Also like usernames, however, the group names don't really matter; the system always uses the group ID internally.
• You can associate only one group with a resource.

  $ id
  

• One user account is very special. This user has user ID 0 and usually has the username root. The root user can do just about anything.
• Lots of special operations can be performed only by processes running with root privilege.
• The trouble with this design is that a lot of programs need to be run by root because a lot of programs need to perform one of these special operations. If any of these programs misbehaves, chaos can result.
• There's no effective way to contain a program when it's run by root; it can do anything. Programs run by root must be written very carefully.