Account Security Demo #1 (UID 0)

The course is part of this learning path

Linux Security and Hardening
Start course

In this course, you'll learn about account security in Linux including pluggable authentication modules (PAM), password security, account access controls, and account types.

Learning Objectives

  • Learn about PAM and how to configure pluggable authentication modules
  • Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
  • Learn how to enforce good password security practices on your Linux systems
  • Learn how to make an account's password expire, how to expire an account itself, and how to lock and unlock accounts
  • Understand how to monitor log files and use intrusion detection systems
  • Learn about multi-factor authentication and how it can be implemented in Linux

Intended Audience

This course is intended for anyone who wants to understand how to secure their Linux systems.


To get the most out of this course, you should already have a good working knowledge of Linux. If you want to brush up on your Linux skills, consider taking our Learn Linux in 5 Days learning path first.


First let's look at the first entry in the Etsy password file. There are several fields in the Etsy password file, each separated by a colon. The first field is the account name, which is root. The second field is the password field. When it has an X in it like it does here, that means the password is stored in the Etsy shadow file. The next field is the UID of the account, which is zero. This is what is used by the OS. It will translate this UID into the account name for the sake of us humans, but it acts on the UID. Let me show you. I'm going to create an account called Jim. I'm going to set a password for Jim here. I'll switch to that account and you can see that it's just another account on the system. And it's nothing special. If I run the who am I command, it shows that yep, I'm Jim. So I'll go ahead and exit out of this account. So if I were to set the UID of Jim to be zero then that account would act just like the root account. Let me do that real quick. Come down here to the gym account. And instead of 1003, we'll place zero in the UID slot. So now I'm going to switch users to Jim. So look at what just happened. Look at the prompt. I have a root prompt. The system treats the account exactly like the root account because it has a UID of zero. Let me show you the UID real quick. Again, ID is equal to zero so it thinks it's the root account. And if I say, who am I? It says you're root because UID zero is associated with the root account. So it's extremely important that only one account have a UID of zero on a Linux system. And that account should be the root account. Here's the command you could run to print out all the accounts on a system that have a UID of zero. We'll use awk dash F dash capital F stands for field separator. Since Etsy password is made up of several fields separated by a colon we'll use dash capital F with a colon. Go ahead and start the awk commands here. And what this does is if the third field represented by dollar three is equal to zero, then we'll print that line. Here you can see that there are two accounts with a UID of zero. Let me go ahead and remove the UID of zero from the Jim account. And I'll rerun that command. And you can see that this is what we expect to happen. Only one account, the root account has a UID of zero.

About the Author
Jason Cannon
Founder, Linux Training Academy
Learning Paths

Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.