Understanding users and groups
When it comes to a server, users are very important—without users to serve, then there's no real need for a server in the first place. The subject of user management itself within the world of IT is in and of itself quite vast. Entire books have been written on individual methods of authentication, and entire technologies (such as Lightweight Directory Access Protocol, or LDAP) exist around it. In this chapter, we'll look at managing users that exist locally to our server, and the groups that help define what they are able to do.
Since Ubuntu Server is a distribution of Linux, it adopts the Unix-style of managing user accounts, groups, and permissions. Although our focus is on Ubuntu, many of the same commands around user management that you'll learn in this chapter will apply to other platforms as well. There are commands that allow you to add, remove, and change users, as well as commands that allow you to alter permissions.
Users in the context of a server refer to who (or what) is able to use the server. For example, you may have an accountant named Susan, or an IT administrator named Haneef, who both need to access the server. Perhaps Susan only needs access to a file share directory for accounting-related files, and Haneef might have more access to the server as a system administrator. The user accounts we create on our server will represent the actual people that will use it.
Groups allow us to segregate access to be specific to a role. As we'll learn later, files and directories have user and group assignments. When combined with permissions, we'll be able to manage what our users are able to do with our server.
Users aren't always people, though. We also have system users on our server that applications and running processes might use for background or automated tasks. An example of this might be a backup job, and you may have a backup user that runs a task in the background to facilitate some sort of file copy task that copies important files to another place. You don't have to worry about system-related users for now, just know that they exist. You'll see more examples of this as we go through the book.
More advanced organizations may have a central login server, such as Active Directory (AD) or standard LDAP. There are also others aside from those, as well. In this book, we won't cover those technologies, but just keep in mind that central authentication servers are a possibility for your organization, should you choose to explore them.
The most powerful user of all, though, is root
. This special user gives us the most control, but as you'll see in the next section, that comes with risks.