Users
A user on Unix-like systems does not necessarily correspond to a human person who logs in and types commands, although it sometimes does. A user is simply a named entity that can own files and run commands with certain permissions and that may or may not have permission to read or modify other users' files. It's very common, for sound security reasons, to run each service on a system with its own user account. This simply means that the service runs with the identity and permissions of that user.
For example, a web server will often run as the www-data
user, which exists solely to own files the web server needs to read and write. This limits the danger of a security breach via the web server, because the attacker would only have the www-data
user's permissions, which are very limited, rather than the root
user's, which can modify any aspect of the system. It is generally a bad idea to run services exposed to the public Internet as the root
user. The service user should have only the...