RHEL account Summary 1: Account type, rhel account summary category

RHEL account Summary 1: Account type, rhel account summary category

An account is used to record data of a single user or multiple users. Every legal user in RHEL must have an account to use RHEL.

There are two types of accounts on RHEL:

• User Account: used to store data of a single user. You can also use a user account to store data of a specific user.
• Group Account: used to store information of multiple users. Each group account can record data of a group of users.

In the RHEL system, up to 4294967296 user accounts can be created for each account. In other words, a RHEL system can have up to 4.2 billion user accounts and more than 4.2 billion group accounts.

We can classify all RHEL accounts according to the following two methods.

1. Account view

2. Account Functions

The following describes the two account classification methods.

I,Based on the account location

　　The range of account data that can be used is different when it is stored in different places. The scope of use of accounts is called field of view. Depending on the storage location and field of view of the account, we can distinguish between the local account and the domain account.

Account data stored in the local hard disk is called the local account. The use scope of the local account is limited to the RHEL system created by the account. If the use range is exceeded, such as calling other computers, the local account cannot be used.

The advantage of a local account is that it is easy to use. You can directly create a local account without additional settings;

The disadvantage is that it is not extensible. For an environment with hundreds of RHEL systems, to create jacky as a local account, you have to create a jacky account in each RHEL; in the future, if you want to modify the data of jacky, You have to modify each jacky account.

2. domain account

You can also build a large number of computers into a domain, and then create account data on a RHEL in the domain, and use certain communication protocols (such as NIS, Kerberos, or LDAP) share your account. When other computers need to obtain account data, they can call these shared accounts through the network. This type of account is called a domain account.

The advantage of a domain account is its scalability. In a large-scale environment, using a domain account can save time for account management;

However, the biggest drawback is that you must create a "Domain" environment before configuring a domain account.

The concepts and management methods of the local account will be introduced later.

II , According to the account function

Whether it is a local account or a domain account, we can divide them into two categories according to the function:

• User Account

All user accounts can be classified by function into two categories:

1. superuser

Super Users have complete control capabilities in Linux. You can use super users to read or write any files on the system, install or delete software and hardware, start or stop services, even shut down and stop the execution of the system.

Generally, you can log on with a Super User account only in the management system. We strongly recommend that you "do not Log On As a Super User unless necessary".

The name of a Super User is usually root, and its UID must be 0.

Note: As long as the UID is 0, it is considered a Super User, regardless of whether the name is root.

2. Common users

All other user accounts except super outdoor users are classified as common users. We can divide it into two categories:

A. System Account

This type of account is only available to the system. When executing certain software (such as Apache), you need to provide an ordinary user account. The accounts created to meet these software requirements are called system accounts. The UID of system users is limited to 1 ~ In the range of 499.

B. Real users

Real users are the accounts used to log on to the system. The allocated UID ranges from 500 ~ In the range of 4294967295.

• Group Account

Group accounts are divided into three categories by function:

1. Super User Group

The root group is called a Super User Group. The GID of the Super User Group is 0. It is a member of the Super User Group and does not have the right to manage the system.

2. System Group

Like the system account, the system group is used by the system itself or a software. The GID range is 1 ~ In the range of 499.

3. User-defined group

The GID range for user-defined groups is 500 ~ 4294967293. There is also a private group in the user-defined group.

A user private group is a group with the same name as the user account and is the main group of the user. When you create a new user account, RHEL automatically creates a private group for the user.