All access to the system is achieved via accounts, and all processes are run by users,
so user and account management are of integral importance on FreeBSD systems.
Every account on a FreeBSD system has certain information associated with it to
identify the account.
User name
The user name as it would be typed at the login: prompt.
User names must be unique across the computer; you may not have two users with the same
user name. There are a number of rules for creating valid user names, documented in passwd(5); you would
typically use user names that consist of eight or fewer all lower case characters.
Password
Each account has a password associated with it. The password may be blank, in which
case no password will be required to access the system. This is normally a very bad idea;
every account should have a password.
User ID (UID)
The UID is a number, traditionally from 0 to 65535[1], used to uniquely identify the user to the system.
Internally, FreeBSD uses the UID to identify users--any FreeBSD commands that allow you
to specify a user name will convert it to the UID before working with it. This means that
you can have several accounts with different user names but the same UID. As far as
FreeBSD is concerned these accounts are one user. It is unlikely you will ever need to do
this.
Group ID (GID)
The GID is a number, traditionally from 0 to 65535[1], used to uniquely identify the primary group that the
user belongs to. Groups are a mechanism for controlling access to resources based on a
user's GID rather than their UID. This can significantly reduce the size of some
configuration files. A user may also be in more than one group.
Login class
Login classes are an extension to the group mechanism that provide additional
flexibility when tailoring the system to different users.
Password change time
By default FreeBSD does not force users to change their passwords periodically. You
can enforce this on a per-user basis, forcing some or all of your users to change their
passwords after a certain amount of time has elapsed.
Account expiry time
By default FreeBSD does not expire accounts. If you are creating accounts that you
know have a limited lifespan, for example, in a school where you have accounts for the
students, then you can specify when the account expires. After the expiry time has
elapsed the account cannot be used to log in to the system, although the account's
directories and files will remain.
User's full name
The user name uniquely identifies the account to FreeBSD, but does not necessarily
reflect the user's real name. This information can be associated with the account.
Home directory
The home directory is the full path to a directory on the system in which the user
will start when logging on to the system. A common convention is to put all user home
directories under /home/username or /usr/home/username. The user would store their personal files
in their home directory, and any directories they may create in there.
User shell
The shell provides the default environment users use to interact with the system.
There are many different kinds of shells, and experienced users will have their own
preferences, which can be reflected in their account settings.
There are three main types of accounts: the Superuser, system users,
and user accounts. The Superuser account, usually called
root, is used to manage the system with no limitations on
privileges. System users run services. Finally, user accounts are used by real people,
who log on, read mail, and so forth.
It is possible to use UID/GIDs as large as 4294967295, but such IDs can cause serious
problems with software that makes assumptions about the values of IDs.