hackfaq-3.html
80cd9b52d135236cd6414fb07b25298c10e196e7d5c39a94fb5980a41aff2ca9
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.6">
<TITLE>The Hack FAQ: Account Basics</TITLE>
<LINK REL="next" HREF="hackfaq-4.html">
<LINK REL="previous" HREF="hackfaq-2.html">
<LINK REL="contents" HREF="hackfaq.html#toc3">
</HEAD>
<BODY BGCOLOR="black" VLINK="gray" TEXT="white" LINK="gray" HLINK="red">
<A HREF="hackfaq-4.html">Next</A>
<A HREF="hackfaq-2.html">Previous</A>
<A HREF="hackfaq.html#toc3">Contents</A>
<HR>
<H2><A NAME="accountbasics"></A> <A NAME="s3">3. Account Basics</A></H2>
<P>This section deals with the basics regarding computer accounts.
<P>
<H2><A NAME="ss3.1">3.1 What are accounts?</A>
</H2>
<P>Accounts are a way of identifying users to a computer system. Other terms you may see or here are
user IDs, IDs, logins, or some other variant. Most systems when initially accessed will require you to provide
an account name, and will usually require you follow up with a password. Not knowing a password sucks, but
not knowing a valid account name sucks more.
<P>Account names are usually something either very common, such as a part of the user's name (like <CODE>tshimomura</CODE>
or <CODE>kmitnick</CODE>), part of a user's function (like <CODE>dbadmin</CODE> or <CODE>webmaster</CODE>), or sometimes kind of
goofy, like employee numbers (like <CODE>u121</CODE>), or something made up (like <CODE>up-uat</CODE> or <CODE>imnsho</CODE>).
Usually if you can find out one or two regular user account names, it might be possible to guess additional
names -- particularly if employee numbers or account numbers are used.
<P>Accounts can usually be divided up into four categories -- god, special, regular, and guest. A god account can usually
do anything system-wise, from adding more users to changing anybody's password to complete system reconfiguration.
As a hacker, this is typically your objective. Special accounts are usually either accounts used by the system
itself or accounts that fulfill some type of administrative roll without full god access. Regular accounts are
simply that -- the accounts used by regular users for their normal tasks. And guest accounts are accounts designed
for anyone to use -- these are usually there as a convenience for those who do not have a regular account on the
system. A good example of this is anonymous ftp. Typically guest accounts have fairly restrictive access to the
system, especially on publicly accessible systems.
<P>
<H2><A NAME="ss3.2">3.2 What are groups?</A>
</H2>
<P>Groups are simply groupings of users. They are primarily used to ease system administration. For example,
instead of having to assign access to a new hard drive to the forty accounting users, an admin just has to
assign the accounting group the access. Even special privileges can often be assigned by group, such as the
ability to manage a set of programs or system functions like printing.
<P>Most modern systems allow accounts to belong to more than one group.
<P>
<P>
<HR>
<A HREF="hackfaq-4.html">Next</A>
<A HREF="hackfaq-2.html">Previous</A>
<A HREF="hackfaq.html#toc3">Contents</A>
</BODY>
</HTML>