This section breaks down the different user types you are likely to encounter on Linux-based systems.
The root account is the system administrator account. It is important to note that what makes the root account special is the UID of 0. Any user with a UID of 0 is a full system administrator. As a security note, when you’re performing audits, look for any user with a UID of 0, as this is a common hacking technique.
Any account with a UID of 1000 or higher is considered a standard or regular user account. People are normally assigned standard user accounts so they can log in to the system and perform tasks.
A typical Linux system will have many service user accounts. These service user accounts typically have UID values under 1000, making it easy for an administrator to recognize these as special accounts.
Some of these service accounts are often referred to as “daemon accounts” because they are used by daemon-based software. Daemons are programs that run in the background, performing specific system tasks.
Other service accounts may exist to provide features for the operating system. For example, the “nobody” account is used to apply permissions for files that are shared via NFS (Network File System).
Additionally, if you add new software to the system, more users might be added because software vendors make use of both user and group accounts to provide controlled access to files that are part of the software.