What’s the difference between a normal user and a system user?

by

Some documentation I’m going through has a boolean switch on whether or not a user is a ‘system’ user or a ‘normal’ user (defaulting to ‘normal’).

What is the difference between these two modes of user-ship? I don’t need to learn what a user is or why you need them (even ‘fake’ ones), but this particular distinction isn’t intuitive to me.

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

That is not a technical difference but an organizational decision. E.g. it makes sense to show normal users in a login dialog (so that you can click them instead of having to type the user name) but it wouldn’t to show system accounts (the UIDs under which daemons and other automatic processes run) there.

Thus a border is defined or rather two ranges for the UIDs for the two groups. In openSUSE the file /etc/login.defs contains these lines:

# Min/max values for automatic uid selection in useradd
#
# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
# UIDs for dynamically allocated administrative and system accounts.
# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
# allocated user accounts.
#
UID_MIN                  1000
UID_MAX                 60000
# System accounts
SYS_UID_MIN               100
SYS_UID_MAX               499

and

# Min/max values for automatic gid selection in groupadd
#
# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
# GIDs for dynamically allocated administrative and system groups.
# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
# allocated groups.
#
GID_MIN                  1000
GID_MAX                 60000
# System accounts
SYS_GID_MIN               100
SYS_GID_MAX               499

Method 2

The main difference is the purpose of the account, so it’s primarily a useful distinction for administrators and auditors. There are a few technical differences — from the adduser documentation:

System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the SYS_UID_MINSYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MINUID_MAX (and their GID counterparts for the creation of groups).

As far as I can tell (I don’t know Puppet), the difference from Puppet’s perspective is whether it passes the -r option to adduser.

For a broader perspective, see Is it possible to “hide” an account from /etc/passwd?


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x