Linux by itself has no accounts, but each distribution introduces its own. Additionally, different services (daemons) add their own accounts as well. All local accounts can be found in the /etc/passwd file. Common accounts that you will find among various distros include:
- root—superuser account that can do anything
- adm—used for diagnostics and monitoring
- mail—handles email. Used by sendmail and postfix daemons
- news—used for Usenet news
- www-data—default website user
- nobody—assigned by the NFS daemon to a mounted NFS share whose owner is not a local user
- sshd—used for unprivileged operations by the SSH daemon
- lp—used for the printer system
- ftp—used for anonymous FTP access
- uucp—controls ownership of serial ports
It is possible to add accounts to the root group. It is more likely, however, that accounts get admin privilege by being listed in the /etc/sudoers file. Accounts listed in this group can run commands as root. You can use various commands to find accounts and their privilege level on Linux.
To Do This Action: | Run This Command: |
See all local accounts | cat /etc/passwd |
See all password hashes | sudo cat /etc/shadow |
Search for a particular account | grep jason /etc/passwd |
See who has UID 0 (root) | getent passwd 0 |
See who is in the root group | getent group root |
See who is in the wheel group (able to run the su command to change to root) | getent group wheel |
See who is in the adm group (able to monitor the system and read log files) | getent group adm |
See who is in the admin group (an administrative group in older distributions) | getent group admin |
See who has the right to run the su command | sudo cat /etc/sudoers |