Linux "Extra User"

[guix21]

In most resources they say that these are the only user types in Linux.

Superuser (root)
System User
Normal User

However, I've been hearing rumors about some Linux distributions have a fourth user type and it can have the capability of a superuser.

Is this true? If yes, what is it, what Linux distributions is it available and how can it be created?

Sorry, I'm just a newbie and recently grew fond and curious since I installed Fedora on my other PC.

[coopstah13]

I have never heard of what you are talking about.

Perhaps you mean some distros these days come with sudo enabled by default for the user you install with?

[SkittleLinux18]

I have heard of something similar to what you're describing. A couple years back, someone was explaining to me about a half dozen viruses written for linux, and one of them was written to create a superuser account so it could modify system core files. But from what I understood, the virus was primarily written to attack servers, even though it definitely would work on a standard desktop. I don't remember the name of the virus, I just remember that it was one of the "dreaded ones" that all linux users fear.

[Cabhan]

I've never done it, but I believe that you are able to create multiple users with the same UID. Because the superuser is actually defined by its UID (0), and not its username, I remember once reading that you can create essentially "sub-admin" users, who are not root, but who have superuser access. However, in these days of sudo, I don't believe this is still a useful technique.

[Computerphile]

In most resources they say that these are the only user types in Linux.

Superuser (root)
System User
Normal User

However, I've been hearing rumors about some Linux distributions have a fourth user type and it can have the capability of a superuser.

Is this true? If yes, what is it, what Linux distributions is it available and how can it be created?

Sorry, I'm just a newbie and recently grew fond and curious since I installed Fedora on my other PC.

I have no idea whether or not this has anything to do with your initial question, but it made me think of a old Wikipedia article I came across a while back. Worth reading.
en.wikipedia.org/wiki/Nobody_%28username%29

[Siddly]

I have heard of something similar to what you're describing. A couple years back, someone was explaining to me about a half dozen viruses written for linux, and one of them was written to create a superuser account so it could modify system core files. But from what I understood, the virus was primarily written to attack servers, even though it definitely would work on a standard desktop. I don't remember the name of the virus, I just remember that it was one of the "dreaded ones" that all linux users fear.

I've been using Unix for the last 33 years and Linux since the first kernel was put of for ftp.
The virus vendors have often put out scare stories and rumours about Linux viruses, also that when Linux reached a certain mass it would attract the virus writers.
All this assumes Linux (and Unix), because the average user runs it on a PC, it must be vulnerable to viruses.
The bulk of the internet infrastructure is based on Linux and if it were vulnerable, what a target that would present.
Windows and DOS before it has no security infrastructure built-in and that's why the plethora of anti-virus companies exist.
Anti-virus for Linux exists so that Linux machines can deal with the Windows viruses and not pass them on to vulnerable Windows PC's. I have had infected emails from Windows, they just won't open because they were attempting some illegal operation.
Linux viruses - It's pure hogwash.
.
You wouldn't remember the name simply because it never existed and you can't name a single user who was affected or infected in the 20 years Linux has been around.
To think that IBM, Boeing, Western Airlines, Disney, USPS, BA, the Royal Air Force, Amazon, Wall Street, stock exchanges around the world, and most of the other corporations using Linux in their critical systems would tolerate Linux if it were virus prone -- NO WAY!

Back to the topic -- there is one root and as many normal users as are needed.
sudo ( Super User Do) permits authorised users to have root access or to execute a command as another user, su permits an authorised user to login as root or as a another user.
chroot is used to set up a user with a restricted set of commands and that user exists in a "chroot jail" - no escape possible. They can only execute the set of commands they are specifically set up to use, so if you set up a user only to use "ls", then "ls" is the only command available to that user.
They are many security layers that can protect files and directories from unauthorised access - "man setfacl" for an explanation, then there is SElinux (by the US NSA), apparmor, Tomoyo, SMACK and others based around filesystems - all provided inside the kernel. There are also the permissions bits that restrict access to files and directories.

[Mudgen]

I've never done it, but I believe that you are able to create multiple users with the same UID. Because the superuser is actually defined by its UID (0), and not its username, I remember once reading that you can create essentially "sub-admin" users, who are not root, but who have superuser access. However, in these days of sudo, I don't believe this is still a useful technique.

I do it all the time, and they're not "sub-admin" (to my thinking), they are root analogues that for all intents and purposes are root. The only significant difference is that they have their own home folder and thus their own .bashrc, etc. Security auditors don't like it, but it allows you to give and revoke root access without having to change the actual root password every time an admin leaves.

But these days the auditors are pushing for all uid 0 actions to be done via sudo, which they think can be remote logged and blacklisted from getting an actual root shell. Not as long as vi/vim (e.g) have a shell escape, they can't. And if they blacklist me out of vim, I'm retiring.

[dE_logics]

Effectively there're no 'type' of users. User's rights are usually defined by what group he's he. Only the root user is special. You can add any user to the root group.

[voidpointer69]

GHW - You just gave the game away! I have used exactly that technique on several occasions when need dictated. Also "sudo csh" (showing my age there).

All that you have been told here is the truth. There is one root user. All others are ordinary users who, at root's discretion, can be given various privileges over and above other users.

Root can do this in various ways. The configuration of "sudo" is one, making the user a member of more privileged groups is another.

There is an awful lot of FUD out there vis-a-vis GNU/Linux - all of it BS.

Enjoy this world.

Cheers - VP

[clowenstein]

GHW - You just gave the game away! I have used exactly that technique on several occasions when need dictated. Also "sudo csh" (showing my age there).

For information about turning off the shell escape in vi/vim read

Code:

 man sudoers

Look for the section titled

Code:

 PREVENTING SHELL ESCAPES