Linux was designed from the start as a multi-user system. Its user and group model is the bedrock of security across cloud VMs, containers, and on-premises servers. Understanding it well helps you avoid both security misconfigurations and accidental lockouts.
The Root User
root is the superuser — UID 0 — with unrestricted access to every file, process, and configuration on the system. On cloud VMs, you typically connect as a non-root user (ubuntu, ec2-user, admin) and use sudo for privileged tasks.
whoami # show current username
id # show UID, GID, and group memberships
id alice # show info for another usersudo — Controlled Privilege Escalation
sudo (Super User Do) lets authorised users run specific commands as root without logging in as root. It logs every command run with it, providing an audit trail.
sudo apt update # run apt as root
sudo systemctl restart nginx
sudo -i # open root shell (use carefully)
sudo -u alice command # run as a different user
# Edit sudoers configuration (always use visudo — it validates syntax)
sudo visudoThe sudoers file (/etc/sudoers) format:
# Allow alice to run all commands as root
alice ALL=(ALL:ALL) ALL
# Allow deploy group to restart nginx without password
%deploy ALL=(ALL) NOPASSWD: /bin/systemctl restart nginxManaging Users
sudo useradd -m -s /bin/bash alice # create user with home dir and bash shell
sudo useradd -r -s /sbin/nologin www-data # create system user (no login)
sudo passwd alice # set or change password
sudo usermod -aG sudo alice # add alice to sudo group
sudo usermod -aG docker alice # add to docker group
sudo usermod -s /bin/zsh alice # change shell
sudo userdel alice # delete user (keep home dir)
sudo userdel -r alice # delete user and home directoryManaging Groups
sudo groupadd developers # create a group
sudo groupdel developers # delete a group
sudo gpasswd -a alice developers # add user to group
sudo gpasswd -d alice developers # remove user from group
groups alice # list alice's groups
getent group developers # show group membersUser Information Files
| File | Contents |
|---|---|
/etc/passwd | User accounts (username, UID, GID, home, shell) |
/etc/shadow | Hashed passwords (readable by root only) |
/etc/group | Group definitions and memberships |
/etc/sudoers | Sudo permissions |
cat /etc/passwd | grep alice
# alice:x:1001:1001::/home/alice:/bin/bash
# Fields: username:password:UID:GID:comment:home:shell
getent passwd alice # same, but also works with LDAP/ADPassword Policies
sudo chage -l alice # show password expiry info
sudo chage -M 90 alice # password expires every 90 days
sudo chage -E 2026-12-31 alice # account expires on date
sudo passwd -l alice # lock account
sudo passwd -u alice # unlock accountPrinciple of Least Privilege
A core security principle: grant each user or process only the permissions it needs, nothing more. In practice:
- Don't run web servers as root — use dedicated service users like
www-dataornginx. - Use
NOPASSWDsudo rules only for specific, safe commands — notALL. - Audit group memberships regularly:
getent group docker,getent group sudo. - Disable or lock unused accounts:
sudo passwd -l olduser. - Use SSH keys instead of passwords for remote access.
Congratulations — You've Completed Linux Basics
You now have a working understanding of the core Linux concepts that underpin every cloud platform, container runtime, and DevOps tool. From the filesystem and terminal to permissions, processes, packages, networking, and user management — these are skills you'll use every day in cloud work.
The next step is to apply this knowledge in a real environment and then practice certification-style questions to test your understanding under exam conditions.