Differences between privileged accounts and normal accounts in Linux

Source: Internet
Author: User
Tags mail account
Article Title: differences between privileged accounts and normal accounts in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

In Linux, accounts can be divided into privileged accounts and common accounts. In fact, this is very much like Microsoft's Role in the operating system. There are many predefined roles in the Microsoft operating system, but in the Linux operating system, there are only two types of users. As a Linux system administrator, you must understand the differences between the two accounts. And precautions for future use.

Generally, after the Linux system is installed, the system automatically creates a privileged account, namely, root. If you need to deploy other applications on the Linux operating system, I suggest you recreate an account. If you want to deploy a mailbox server on a Linux operating system, you 'd better create a mail account. Use this account to log on to the system and perform related operations. This is definitely not a single action. This is mainly because the root account is very different from the ordinary account. This is mainly reflected in the following aspects.

I. Restrictions on disk space.

Generally, the root account has the highest permissions for the operating system, and there is usually no disk space limit. Even if the disk quota is set for other users, the root account is not limited in this regard. By default, normal users can only have the permission to store files in their home directories. Therefore, you can limit the disk space by means of disk quotas. In some cases, it is very important to limit the disk space.

Because Linux is a multi-user operating system. Multiple application services may be deployed simultaneously on the same Linux operating system. Deploy the email server and file server at the same time. They use two different account names for deployment. Then the system administrator can set disk quotas for them separately to prevent all hard disk space from being eroded by an application due to viruses or other reasons, and thus another service is also on the machine. If both services are deployed with the root account or one of the services runs with the root account, the disk space cannot be limited. For example, if you deploy the email server with a root account, if the email server is infected with viruses (or some clients have viruses) and spam is sent, it is very likely that the system management is not aware of the problem, the disk space is exhausted. This causes the server to crash. If the sub-account is used for deployment, the mailbox server will crash at most, without affecting the operation of the file server and the root account, and there is room for saving.

Therefore, no matter how many applications are deployed on the Linux operating system, it is best to separate the root account from the common account. Generally, the Root account is only used for management, rather than for other purposes. Only in this way can the disk quota be realized.

2. Ensure relatively independent environment variables.

The Linux operating system is similar to the Windows operating system. environment variables include user environment variables and general environment variables. USER environment variables are only valid for current users, while general environment variables are valid for users in the entire operating system. Sometimes, when deploying network applications, you must make the environment variables relatively independent. The environment variable (user environment variable) created under a user is invalid when it reaches another account. Therefore, you can create multiple accounts to ensure the independence of environment variables between different accounts. For example, to deploy an ERP application in a Linux operating system, the database server and the ERP application server are composed of two parts, which are mutually independent and interrelated. The system administrator usually sets two common accounts to deploy the two applications. This method saves personal environment variables for each application. Therefore, when multiple applications are deployed on the same computer, they can work independently without mutual interference.

If you deploy these applications under the same account, you need to set many environment variables. If you set them in one account, errors may occur and conflicts may occur. To create a relatively independent working environment for some applications, we recommend that you do not use the root account to deploy these applications. In addition, it is best to create a common account for each application for management to ensure the independence of environment variables.

3. Convenient backup of user files.

The Root Account and the Common Account have different home directories. The Master Directory of the privileged user root is/root, while that of the common user is/home/account name. This setting is very useful in Linux. For example, in Linux, there are two users: privileged users and ordinary employees. Generally, a normal account can only save its files, emails, and so on in its home directory. You only need to back up the home directory of this employee account to back up your private files. By backing up the user's home directory, even if the operating system is paralyzed or the employee changes the computer, only the files in the home directory need to be restored, then the user can have the same working environment. Therefore, it is very useful to separate the directories of privileged users from those of normal users.

In addition, the home directories of different users are relatively independent. For example, A and B are created in the system. In the/home/directory under the root directory of the operating system, there will be two directories, A and B. By default, user A only has the permission to manipulate directory A, and user B only has the permission to operate on directory B. That is to say, each account can only operate files in its own directory. Therefore, when multiple users share the same host, each user has a private folder to prevent files from being accidentally modified or deleted by others.

[1] [2] Next page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.