lsg16.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->













<LINK REL="ToC" HREF="index.htm">



<LINK REL="Index" HREF="htindex.htm">



<LINK REL="Next" HREF="lsg17.htm">









<A NAME="I0"></A>



<H2>Linux System Administrator's Survival Guide lsg16.htm</H2>



<P ALIGN=LEFT>



















<HR ALIGN=CENTER>



<P>



<UL>



<UL>



<UL>



<LI>



<A HREF="#E68E87" >Understanding the Superuser Account</A>



<LI>



<A HREF="#E68E88" >Establishing User Accounts</A>



<UL>



<LI>



<A HREF="#E69E112" >User Names</A>



<LI>



<A HREF="#E69E113" >Passwords</A>



<LI>



<A HREF="#E69E114" >User ID</A>



<LI>



<A HREF="#E69E115" >Group ID</A>



<LI>



<A HREF="#E69E116" >Comments</A>



<LI>



<A HREF="#E69E117" >Home Directory</A>



<LI>



<A HREF="#E69E118" >Login Command</A></UL>



<LI>



<A HREF="#E68E89" >Understanding Default System User Names</A>



<LI>



<A HREF="#E68E90" >Adding Users</A>



<LI>



<A HREF="#E68E91" >Deleting Users</A>



<LI>



<A HREF="#E68E92" >Using Groups</A>



<UL>



<LI>



<A HREF="#E69E119" >Understanding Default System Groups</A>



<LI>



<A HREF="#E69E120" >Adding a Group</A>



<LI>



<A HREF="#E69E121" >Adding a User to New Groups</A>



<LI>



<A HREF="#E69E122" >Deleting a Group</A></UL>



<LI>



<A HREF="#E68E93" >Using the su Command</A>



<LI>



<A HREF="#E68E94" >Summary</A></UL></UL></UL>



<HR ALIGN=CENTER>



<A NAME="E66E19"></A>



<H1 ALIGN=CENTER>



<CENTER>



<FONT SIZE=6 COLOR="#FF0000"><B>Chapter 16</B></FONT></CENTER></H1>



<BR>



<A NAME="E67E22"></A>



<H2 ALIGN=CENTER>



<CENTER>



<FONT SIZE=6 COLOR="#FF0000"><B>Users and Logins</B></FONT></CENTER></H2>



<BR>



<P>All access to a Linux system is through a user account. Every user account must be set up by the system administrator, with the sole exception of the root account (and some system accounts that users seldom, if ever, use). Although many Linux systems only have one user, that user should not use the root account for daily access. Most systems allow several users to gain access, either through multiple users on the main console, through a modem or network, or over hard-wired terminals. Knowing how to set up and manage users accounts and their associated directories and files is an important aspect of Linux system administration.



<BR>



<P>This chapter looks at the root login, which is the most powerful user account there is. From there, the chapter examines several aspects of setting up new user accounts on your Linux system. This chapter also looks at groups and how they are involved in the Linux system.



<BR>



<BR>



<A NAME="E68E87"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Understanding the Superuser Account</B></FONT></CENTER></H3>



<BR>



<P>When you install the Linux software, one master login is created automatically. This login, called root, is known as the superuser because there is nothing the login can't access or do. Although most user accounts on a Linux system are set to prevent the user from accidentally destroying all the system files, for example, the root login can blow away the entire Linux operating system with one simple command. The root login has no limitations.



<BR>



<P>The sheer power of the root login can be addictive. When you log in as root you don't have to worry about file permissions, access rights, or software settings. You can do anything at anytime. This power is very attractive to newcomers to the operating system, who tend to do everything while logged in as root. It's only after the system has been damaged that the root login's problem becomes obvious&#151;there are no safeguards! As a rule, you should only use the root login for system maintenance functions. Do not use the superuser account for daily usage!



<BR>



<P>The root login should be kept only for those purposes where you really need it. Change the login prompt of the root account to clearly show that you are logged in as root, and think twice about the commands you issue when you use that login. If you are on a stand-alone system and you destroy the entire filesystem, only you are inconvenienced. If you are on a multiuser system and insist on using root for common access, you will have several very mad users after you when you damage the operating system.



<BR>



<P>So after all those dire warnings, the first thing you should do on a new system is create a login for your normal daily usage. Set the root password to something other users of the system (if there are any) will not easily guess, and change the password frequently to prevent snooping.



<BR>



<P>You also can create special logins for system administration tasks that do not need wide-open access, such as tape backups. You can set a login to have root read-only access to the entire filesystem to decrease the potential for damage. This login lets you back up the system properly, but prevents you from erasing the kernel by accident. Similar special logins can be set up for e-mail access, gateways to the Internet, and so on. Think carefully about the permissions each task requires and create a special login for that task; your system will be much more secure and have less chance of accidental damage.



<BR>



<P>The most important thing to note is that the superuser account doesn't have to be called root, although this account is created automatically as root when Linux installs itself. In theory, this account can have any name, but the name root is almost always used. The superuser account is always defined as the account with a user ID number of zero. User ID numbers are defined in the /etc/passwd file.



<BR>



<BR>



<A NAME="E68E88"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Establishing User Accounts</B></FONT></CENTER></H3>



<BR>



<P>Even if you are the only user on your Linux system, you should know about user accounts and managing users. You need to know how to establish a user account because you should have your own account (other than root) for your daily tasks. If your system lets others access the operating system, either directly or through a modem, you should create user accounts for everyone who wants access. You may also want a more generic guest account for friends who just want occasional access.



<BR>



<P>Every person using your Linux system should have their own unique user name and password. The only exception is a guest account or perhaps an account that accesses a specific application such as a read-only database. By keeping separate accounts for each user, your security is much tighter, and you have a better idea of who is accessing your system and what the user is doing. A one-to-one correspondence between users and accounts makes tracking activities much easier.



<BR>



<P>The file /etc/passwd contains all the information about user accounts. The /etc/passwd file should be owned only by root and should have its group ID set to zero (which usually indicates a root or system group, as defined in the /etc/group file). Set the permissions of the /etc/passwd file to allow write access by root only; all other accounts can have read access. (Groups and permissions are dealt with later in this section.) The lines in the /etc/passwd file are divided into a strict format:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">username:password:user ID:group ID:comment:home directory:login command</FONT></PRE>



<P>To understand this format, look at a sample /etc/passwd file. The following /etc/passwd file is created when a Linux system is newly installed:



<BR>



<PRE>



<FONT COLOR="#000080">root::0:0:root:/root:/bin/bash



bin:*:1:1:bin:/bin:



daemon:*:2:2:daemon:/sbin:



adm:*:3:4:adm:/var/adm:



lp:*:4:7:lp:/var/spool/lpd:



sync:*:5:0:sync:/sbin:/bin/sync



shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown



halt:*:7:0:halt:/sbin:/sbin/halt



mail:*:8:12:mail:/var/spool/mail:



news:*:9:13:news:/usr/lib/news:



uucp:*:10:14:uucp:/var/spool/uucppublic:



operator:*:11:0:operator:/root:/bin/bash



games:*:12:100:games:/usr/games:



man:*:13:15:man:/usr/man:



postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash



nobody:*:-1:100:nobody:/dev/null:



ftp:*:404:1::/home/ftp:/bin/bash</FONT></PRE>



<P>Each line in the /etc/passwd file is composed of seven fields separated by a colon. If nothing is to be entered in a field, the field is left blank, but the colons are retained to make sure each line has seven fields (which also means each line will have six colons). The seven fields (from left to right on each line) are as follows:



<BR>



<UL>



<UL>



<P>The user name is a unique identifier for the user.



<BR>



</UL></UL>



<UL>



<UL>



<P>The password is the user's password (encrypted).



<BR>



</UL></UL>



<UL>



<UL>