rhl39.htm

来自「linux的初学电子书」· HTM 代码 · 共 1,340 行 · 第 1/4 页

<HTML>

<HEAD>

<TITLE>Red Hat Linux Unleashed rhl39.htm </TITLE>

<LINK REL="ToC" HREF="index-1.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/index.htm">

<LINK REL="Index" HREF="htindex.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/htindex.htm">

<LINK REL="Next" HREF="rhl40.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/rhl40.htm">

<LINK REL="Previous" HREF="rhl38.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/rhl38.htm"></HEAD>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#800080">

<A NAME="I0"></A>

<H2>Red Hat Linux Unleashed rhl39.htm</H2>

<P ALIGN=LEFT>

<A HREF="rhl38.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/rhl38.htm" TARGET="_self"><IMG SRC="purprev.gif" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/purprev.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Previous Page"></A>

<A HREF="index-1.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/index.htm" TARGET="_self"><IMG SRC="purtoc.gif" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/purtoc.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="TOC"></A>

<A HREF="rhl40.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/rhl40.htm" TARGET="_self"><IMG SRC="purnext.gif" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/purnext.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Next Page"></A>


<HR ALIGN=CENTER>

<P>

<UL>

<UL>

<UL>

<LI>

<A HREF="#E68E332" >The Superuser Account</A>

<LI>

<A HREF="#E68E333" >User Accounts /etc/passwd</A>

<UL>

<LI>

<A HREF="#E69E442" >User Names</A>

<LI>

<A HREF="#E69E443" >Passwords</A>

<LI>

<A HREF="#E69E444" >User ID</A>

<LI>

<A HREF="#E69E445" >Group ID</A>

<LI>

<A HREF="#E69E446" >Comments</A>

<LI>

<A HREF="#E69E447" >Home Directory</A>

<LI>

<A HREF="#E69E448" >Login Command</A></UL>

<LI>

<A HREF="#E68E334" >Default System User Names</A>

<LI>

<A HREF="#E68E335" >Adding Users</A>

<LI>

<A HREF="#E68E336" >Deleting Users</A>

<LI>

<A HREF="#E68E337" >Groups</A>

<UL>

<LI>

<A HREF="#E69E449" >Default System Groups</A>

<LI>

<A HREF="#E69E450" >Adding a Group</A>

<LI>

<A HREF="#E69E451" >Adding a User to New Groups</A>

<LI>

<A HREF="#E69E452" >Deleting a Group</A></UL>

<LI>

<A HREF="#E68E338" >The su Command</A>

<LI>

<A HREF="#E68E339" >Summary</A></UL></UL></UL>

<HR ALIGN=CENTER>

<A NAME="E66E39"></A>

<H1 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>39</B></FONT></CENTER></H1>

<BR>

<A NAME="E67E39"></A>

<H2 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>Users and Logins</B></FONT></CENTER></H2>

<BR>

<P>All access to a Linux system is through a user account. Every user must be set up by the system administrator, with the sole exception of the root account (and some system accounts that users seldom, if ever, use). While many Linux systems only have one 
user, that user should not use the root account for daily access. Most systems allow several users to gain access, either through multiple users on the main console, through a modem or network, or over hard-wired terminals. Knowing how to set up and manage 
user accounts and their associated directories and files is an important aspect of Linux system administration.

<BR>

<P>This chapter looks at the the following subjects:

<BR>

<UL>

<LI>The root (superuser) account

<BR>

<BR>

<LI>How to create new users

<BR>

<BR>

<LI>The files a new user requires

<BR>

<BR>

<LI>What is a group of users

<BR>

<BR>

<LI>Managing groups

<BR>

<BR>

</UL>

<BR>

<A NAME="E68E332"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>The Superuser Account</B></FONT></CENTER></H3>

<BR>

<P>When the Linux software is installed, one master login is created automatically. This login, called root, is known as the superuser because there is nothing the login can't access or do. While most user accounts on a Linux system are set to prevent the 
user from accidentally destroying all the system files, for example, the root login can blow away the entire Linux operating system with one simple command. Essentially, the root login has no limitations.

<BR>

<BLOCKQUOTE>

<BLOCKQUOTE>

<HR ALIGN=CENTER>

<BR>

<NOTE>The sheer power of the root login can be addictive. When you log in as root you don't have to worry about file permissions, access rights, or software settings. You can do anything at anytime. This power is very attractive to newcomers to the 
operating system, who tend to do everything while logged in as root. It's only after the system has been damaged that the root login's problems become obvious: There are no safeguards! As a rule, you should only use the root login for system maintenance 
functions. Do not use the superuser account for daily usage!</NOTE>

<BR>

<HR ALIGN=CENTER>

</BLOCKQUOTE></BLOCKQUOTE>

<P>The root login should be kept only for those purposes where you really need it. It's a good idea to change the login prompt of the root account to clearly show that you are logged in as root, and hopefully you will think twice about the commands you 
issue when you use that login. You can change the login prompt with the PS environment variable, discussed in <A HREF="rhl13.htm" tppabs="http://202.113.16.101/%7eeb%7e/Red%20Hat%20Linux%20Unleashed/rhl13.htm">Chapter 13</A>, &quot;Shell Programming.&quot; If you are on a standalone system and you destroy the entire file system, it's 
only you that is inconvenienced. If you are on a multiuser system and you insist on using root for common access, you will have several very mad users after you when you damage the operating system.

<BR>

<P>So after all those dire warnings, the first thing you should do on a new system is create a login for your normal daily usage. Set the root password to something other users of the system (if there are any) will not easily guess, and change the password 
frequently to prevent snooping.

<BR>

<P>You can also create special logins for system administration tasks that do not need wide-open access, such as for tape backups. You can set a login to have root read-only access to the entire file system, but not the potential for damage. This lets you 
back up the system properly, but not erase the kernel by accident. Similar special logins can be set up for e-mail access, gateways to the Internet, and so on. Think carefully about the permissions each task requires and create a special login for that 
task&#151;your system will be much more secure and have less chance of accidental damage.

<BR>

<P>To be precise, the superuser account doesn't have to be called root. It can have any name. The superuser account is always defined as the account with a user ID number of zero. User ID numbers are defined in the /etc/passwd file.

<BR>

<BR>

<A NAME="E68E333"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>User Accounts </B><B>/etc/passwd</B></FONT></CENTER></H3>

<BR>

<P>Even if you are the only user on your Linux system, you should know about user accounts and managing users. This is because you should have your own account (other than root) for your daily tasks. You therefore need to be able to create a new user. If 
your system lets others access the operating system, either directly or through a modem, you should create user accounts for everyone who wants access. You may also want a more generic guest account for friends who just want occasional access.

<BR>

<P>Every person using your Linux system should have his or her own unique user name and password. The only exception is a guest account, or perhaps an account that accesses a specific application, such as a read-only database. By keeping separate accounts 
for each user, your security is much tighter, and you have a better idea of who is accessing your system and what they are doing. A one-to-one correspondence between users and accounts makes tracking activities much easier.

<BR>

<P>All the information about user accounts is kept in the file /etc/passwd. The /etc/passwd file should be owned only by root and have the group ID set to zero (usually root or system group, as defined in the /etc/group file). The permissions of the 
/etc/passwd file should be set to allow write access only by root, but all others can have read access. (We deal with groups and permissions later in this section.) The lines in the /etc/passwd file are divided into a strict format:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">username:password:user ID:group ID:comment:home directory:login command</FONT></PRE>

<P>This format can best be seen by looking at a sample /etc/passwd file. The /etc/passwd file created when a Linux system is newly installed is shown in Listing 39.1.

<BR>

<P>

<FONT COLOR="#000080"><B>Listing 39.1. The </B><B>/etc/passwd</B><B> file created when Linux is first installed.</B></FONT>

<BR>

<PRE>

<FONT COLOR="#000080">root::0:0:root:/root:/bin/bash

bin:*:1:1:bin:/bin:

daemon:*:2:2:daemon:/sbin:

adm:*:3:4:adm:/var/adm:

lp:*:4:7:lp:/var/spool/lpd:

sync:*:5:0:sync:/sbin:/bin/sync

shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown

halt:*:7:0:halt:/sbin:/sbin/halt

mail:*:8:12:mail:/var/spool/mail:

news:*:9:13:news:/usr/lib/news:

uucp:*:10:14:uucp:/var/spool/uucppublic:

operator:*:11:0:operator:/root:/bin/bash

games:*:12:100:games:/usr/games:

gopher:*:13:30:gopher:/usr/lib/gopher-data:

ftp:*:14:50:ftp user:/home/ftp:

nobody:*:-1:100:nobody:/dev/null:</FONT></PRE>

<P>Each line in the /etc/passwd file is composed of seven fields, separated by a full colon. If there is nothing to be entered in a field, the field is left blank, but the colons are retained to make sure each line has seven fields (which also means each 
line will have six colons). The seven fields (from left to right on each line) are:

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

user name

</FONT>