Not all account types are created the same. In this video, you’ll learn the differences between the different account types found in your operating system.
<< Previous Video: Access Control Technologies Next: Account Management >>
If you’re using your computer to watch this video right now, you’re probably using a user account. This is an account that’s on your computer that is associated with an individual. This is usually behind the scenes, associating your name with a very specific identification number for the operating system.
Most of our modern operating systems allow multi-user, so you can log out of the computer, someone else can log in with their credentials, and they would gain access to only the files and resources that are associated to them. This means that you can store files on the same system, but only the authorized users would have access to the files that belong to them.
A user account is also one that has limited access to the operating system. This means that the applications that you use on your user account do not have access to the full operating system of your computer. And ideally, this is the account type most people are going to use on your computer, and it will be the account type that most of your user community will use on a day to day basis.
A shared account, or a generic account, is one that may be used by more than one person. For example, many operating systems will provide a guest account or an anonymous log in that you could use to gain access to that operating system. One of the biggest challenges with using these shared or generic accounts is that you don’t know exactly who’s logging on, and anyone who logs onto the system using this shared or generic account would have exactly the same access to the system as everyone else who’s logging in with that same account.
This also adds another layer of complexity for password management. If you change the password for shared account, everyone who uses that shared account now needs to be informed of the password change. And ultimately, this could cause problems, as people are writing down passwords and storing them insecurely for use later. The best practice for almost every situation is not to use these types of accounts on your system, and instead to have an individual account for every person who’s going to use that system.
You may not realize it, but the computer you’re using probably has some service accounts configured on it. These are internal accounts used by the operating system or used by services that are offered by the operating system. You might see service accounts being used to run a web server or a database server. And almost always, these accounts are configured to be run only on the local computer. Someone is not able to log in interactively to the operating system using these service accounts.
When you use these service accounts you can then set up different types of access permissions for the different services. For example, a web server might have access to a certain number of files on the operating system, and this may be very different than a database server that’s running on that same system. Some of these service accounts don’t require authentication, but others do have a username and password. So you’ll need to define what policies are in place to update or change these service accounts over time.
As a system administrator you probably have access to a privileged account. This would be an administrator account, or root account, depending on the operating system that you’re using. These accounts usually have complete access to the operating system. If you need to manage hardware, install applications, or install device drivers, you’re probably using a privileged account to do that.
A best practice for privileged account is to only use this account when it’s needed. During your normal day to day operations you would use your normal user account. Because of the access associated with this account, you want to be sure that it’s highly secured. You would probably use multiple factors of authentication and have constant password changes to make sure that nobody gains access to this privileged account.