Every computer on earth has a gatekeeper. You’ve met it — it’s the login screen. But have you ever wondered how the computer actually decides what you can and can’t do once you’re in?
Whether you’re on your home laptop, SSHing into a Linux server, or configuring AWS — there is one mental model powering all of it. Learn it once. Use it everywhere for the rest of your career.
What is an Identity?
An identity is anything that can take an action on a computer system. It’s the answer to the question: “Who is doing this?”
An identity isn’t just a person. It can be:
| Type | Example | What It Does |
|---|---|---|
| Human User | shekhar, root, alice | You — the person typing commands |
| Service Account | www-data, mysql, nginx | Programs that run as their own “user” |
| Process | Your browser, a cron job | Every running program inherits an identity |
| Machine Identity | An EC2 instance, a Kubernetes pod | Cloud resources that need to call APIs |
Every action on a computer is performed by an identity.
When nginx serves a web page, it runs as the www-data user. When your cron job deletes old logs, it runs as root (or whoever scheduled it). When you run sudo apt install, you temporarily borrow root’s identity.
There is no action without an actor. That actor is an identity.
The Three Building Blocks
1. Users — The Individual Identity
A user is a unique named identity, represented by two things:
- A username (human-readable):
shekhar,root,www-data - A UID (User ID): a unique number the OS actually uses.
shekharmight be UID1001.rootis always UID0.
shekhar = the name YOU see
1001 = the number the COMPUTER seesroot is the superuser. UID 0. The master key.
Root can do anything: read any file, kill any process, delete the entire OS.
The first rule of being a SysAdmin: never work as root unless absolutely necessary. Use it → do the task → exit. Treat it like live electricity.
2. Groups — The Team Identity
A group is a collection of users. Instead of setting permissions for every user individually, you set them for a group — and every user in the group automatically inherits those permissions.
Real-world example:
- Group
developers→ has read/write access to/var/www/html - You add
alice,bob, andcharlieto thedevelopersgroup - All three can now edit the website — without touching individual permissions
This is exactly how companies manage access: “Add them to the marketing group” means they instantly get all marketing system permissions.
3. Permissions — The Rules
A permission is a rule that says: “What can this identity DO with this resource?”
The classic Linux permission model answers three questions:
- Who? — User (owner), Group, or Others (everyone else)
- What? — Read (r), Write (w), Execute (x)
- To what? — A file, directory, or device
-rwxr-xr--
│││└─ Others: read only
│││
││└── Group: read and execute
││
│└─── Owner: read, write, execute
│
└──── File type (- = regular file)This Model Is Everywhere
Here’s the important realization: you will see this same model in every IT environment you ever work in — just with different names:
| Concept | Linux | Windows / AD | AWS IAM |
|---|---|---|---|
| User | Linux user (useradd) | AD User Account | IAM User |
| Group | Linux group (groupadd) | AD Security Group | IAM Group |
| Permission | chmod, file permissions | NTFS permissions, GPO | IAM Policy (JSON) |
| Superuser | root (UID 0) | Administrator / Domain Admin | Root Account + Admin Role |
| User Database | /etc/passwd + /etc/shadow | Active Directory (LDAP) | IAM User List |
| Service Account | www-data, mysql user | Service Account | IAM Role (for EC2, Lambda) |
When your manager says “add him to the AD security group”, they mean the same thing as “add him to the Linux group” — just on a Windows domain.
When AWS says “attach this IAM policy”, they mean the same thing as chmod on Linux — just in JSON.
One concept. Infinite environments.
Hands-On: Discover Your Own Identity
Right now, on your Linux or macOS machine, you have an identity. Let’s look at it.
Step 1: See who you are
Print your current username — the identity you're running as
- •This shows the username of the current session
- •If you ran 'sudo su' earlier, this might show 'root'
- •Always good to check before running dangerous commands
Step 2: See your full identity (UID, GID, all groups)
Show your full identity: UID, primary GID, and all group memberships
- •uid=1000(shekhar) — your User ID and username
- •gid=1000(shekhar) — your primary Group ID
- •groups= — every group you're a member of. This determines all your permissions.
- •If you see 'sudo' in your groups list, you can run commands as root
Step 3: See what groups a user belongs to
List all groups that the user 'shekhar' belongs to (replace with any username)
- •Each group name represents a set of permissions
- •'sudo' group = can use sudo
- •'docker' group = can run Docker commands without sudo
- •'www-data' group = can modify web server files
Step 4: View all users on the system
Show all users, their UIDs, and their login shell (or /usr/sbin/nologin for service accounts)
- •Users with /usr/sbin/nologin or /bin/false are service accounts — they can't log in interactively
- •UIDs 0-999 are typically system/service accounts
- •UIDs 1000+ are typically real human users
- •The 'nobody' user (UID 65534) is used when minimal permissions are needed
Hands-On Challenge
Try this sequence on your own Linux system:
- Run
whoami— note your username - Run
id— find your UID and list your groups - Run
cat /etc/passwd | grep your-username— see your full user entry - Run
ls -la /home/— notice how each home directory is owned by a different user - Bonus: Run
sudo cat /etc/shadow— this is where hashed passwords are stored. Only root can read it. This is the permission system protecting your passwords.
Key Takeaways
- An identity is anything that takes an action — humans, services, programs, cloud resources.
- Every user has a UID — the computer uses numbers, not names.
- Groups let you manage permissions at scale — set it once, it applies to everyone in the group.
- The model is universal — Linux users/groups, Windows AD, AWS IAM — same foundation, different syntax.
- Root (UID 0) is the master key — treat it like live electricity. Use when needed, exit immediately after.
- Every running process inherits an identity —
nginxisn’t “just running”, it runs ASwww-data.
The mental model that powers 100% of IT access control — from your home PC login screen to AWS IAM policies managing billion-dollar infrastructure. The same Users → Groups → Permissions → Resources pattern appears everywhere.
Next Steps in This Series
- Linux Users & Groups: Complete Guide — Create and manage users/groups with
useradd,groupadd,usermod - File Permissions: Visual Guide — Master
chmod,chown, and therwxpermission bits in depth - sudo & The Sudoers File — Learn controlled privilege escalation and the sudoers configuration
Test Your Knowledge
Take a quick 5-question quiz to check your understanding.