What is the UID 1000 user “ubuntu” for?

I’ve noticed that every new linode install of Ubuntu creates a new user at first boot. SSHing in to the new creation with root expecting to create a new regular user, I was surprised to find out that there was already a regular user “ubuntu” at UID=1000.
Am I missing something? Is this something that is designed by either Ubuntu or Linode to be the norm? If so for what reason is this implemented the way it is and where is this implementation documented? (I’ve searched but haven’t found out anything mentioning it)
I’ve also tried logging in as user “ubuntu” but realize I don’t have a password for it. (root password doesn’t work and it isn’t a user I created meaning no way I know the intended password)
If someone knows what’s going on, I would appreciate it if someone could enlighten me!

3 Replies

@x-wing --

This is pretty common…lots of packages available for install do this as well. For example, apt(8) creates the user _apt. Installing spamassassin(1p) creates the user debian-spamd (at least on Debian/Ubuntu it does…). Typically, these accounts are created without passwords but the login shell is set to /usr/sbin/nologin…so that prevents you from logging in at a terminal even if you knew the password.

A process can "login" using the setuid(2)/setgid(2) system calls to set its UID/GID. Before the process can do that, it has to find out what the UID/GID are. This is usually done with the getpwnam(3) system call. You have to supply an account name to this call for it to do it's job and return the UID/GID you want. Making an entry in /etc/passwd is the way to make all this work. This is a way to use the Linux privilege/permission system to "sandbox" a process in case it decides to "go rogue" (especially during testing). The scheme is not nefarious…it's good manners.

Canonical is no different… ubuntu is an account that Canonical puts on your system for its own purposes. Unfortunately, one of Canonical's purposes is running spyware & adware on your system. Canonical claims that all this was turned off by default at Ubuntu 16.04:


However, IMHO, Mark Shuttleworth & Canonical are about as trustworthy as the serpent trying to get Eve to take a bite of the apple. I don't use Ubuntu because of this. YMMV.

Regardless, the existence of one regular user on a Linux system does not preclude you from creating another one.

-- sw

Thank you. I was thinking along that line but wanted confirmation. You've made it much more clear for me regarding the issue. Again thank you for putting my mind at ease.
Also I'm trying to further my study in both Debian and Ubuntu, thanks for your input re: Ubuntu :-)

@x-wing --

Except for the Canonical GUI junk based on GNOME, Debian & Ubuntu are nearly the same. There are some other minor differences with respect to installing/upgrading releases but you would expect that because of the differences in the two release models.

Debian's releases are much less frequent than Ubuntu's. Debian's unstable release is always code-named "Sid". Ubuntu is a fork of Sid at the time of the Ubuntu release. After the fork, the Ubuntu folks go to work getting the unstable Sid in shape to become "Groggy Gamecock"…or whatever the chosen name is. Sometimes a different kernel version is added during this time. Most of the time (not always) changes are fed back upstream.

-- sw


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct