From the beginning, Linux has been designed as a multiuser system: Any
number of users can simultaneously work on one machine. These users can
connect to the system via different terminals or network connections. Usually
users need to log in to the system before starting a session. Personal
information and individual desktop configuration are stored separately for any
user.
7.1.1 Distinct User Roles
Among the users working on a machine, Linux distinguishes between
different kinds of user roles: you can log in to a Linux machine as
normal
user or as superuser (administrator),
traditionally called root in Linux. The superuser has privileges which
authorize him to access all parts of the system and to execute administrative
tasks: He has the unrestricted capacity to make changes to the system and has
unlimited access to all files. If you are logged in as a normal user you lack
these privileges. User and root can of course be the same physical
person but acting in different roles.
The root user account is always created on your Linux system
by default — during installation you are therefore requested to
specify a password for root. Which other users can log in to your
system depends on the method of authentication you choose during installation
(see Section 1.14.6, Users).
For your daily work, you usually log in to your system as normal user.
Performing some administrative tasks or running certain programs such as
YaST require root permissions. You can easily switch from
your normal account to root and back to your normal user account
after accomplishing the administrative task. How to do so in a shell is
described in Section 8.4, Becoming Root. If you are
working with a graphical user interface you are usually prompted to enter the
root password when necessary. Closing the application which
required root permissions results in withdrawal of the
root privileges: you automatically switch back to your normal user
account.
While this concept might not look very appealing at first, it adds
to security. A user without root privileges cannot damage the
entire system. Any damage caused is strictly limited to the user's own
account and data. Any operation executed with root privileges may
potentially harm the entire system. Anyone intending to harm a running Linux
system must gain root privileges first. This is why it is much
harder to create viruses for Linux systems. They must overcome the root
barrier first.
7.1.2 Groups
Every user in a Linux system belongs at least to one group. A group, in
this case, can be defined as a set of connected users with certain collective
privileges. Groups are usually defined according to functional roles or the data
and resources the members of the group need to access. When a new user
account is created on your system, the user is usually assigned to a default,
primary group. The system administrator can change this primary group or
assign the user to an additional group, if necessary.