User accounts are used by real users,
service accounts are used by system, services such as web servers, mail transport agents, databases etc. By convention, and only by convention, service accounts have user IDs in the low range, e.g. < 1000 or so. Unless for UID 0, service accounts don't have any special privileges. Service accounts may - and typically do - own specific resources, even device special files, but they don't have superuser-like privileges.
Service accounts can be created like ordinary user accounts (e.g. using useradd).