How it works...
Generally, different users and groups will have specific uses, deliberately segregated so that they're not too powerful in their own right. If you've got a multi-tenanted system (which is very rare these days) with more than one person logging on to do their day-to-day work, you want to make sure that person can't make life harder for everyone else, by doing something silly like overwriting the logs on the box.
You might solve this issue by putting all human users in one group, and while allowing them their own users with limited access, you could then give the group access to things such as shared directories and applications they might need to use.
Processes have the option to drop their privilege, though not all will do ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access