ch41.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


 

<UL>

	<LI><A HREF="#Heading1">- 41 -</A>

	<UL>

		<LI><A HREF="#Heading2">Users</A>

		<UL>

			<LI><A HREF="#Heading3">The Superuser Account</A>

			<LI><A HREF="#Heading4">WARNING</A>

			<LI><A HREF="#Heading5">User Accounts: /etc/passwd</A>

			<LI><A HREF="#Heading6">Listing</A>

			<LI><A HREF="#Heading7">41.1. The /etc/passwd file created when Linux is first installed.</A>

			<UL>

				<LI><A HREF="#Heading8">User Names</A>

				<LI><A HREF="#Heading9">Passwords</A>

			</UL>

			<LI><A HREF="#Heading10">NOTE</A>

			<UL>

				<LI><A HREF="#Heading11">User ID</A>

				<LI><A HREF="#Heading12">Group ID</A>

				<LI><A HREF="#Heading13">Comments</A>

				<LI><A HREF="#Heading14">Home Directory</A>

				<LI><A HREF="#Heading15">Login Command</A>

			</UL>

			<LI><A HREF="#Heading16">Default System User Names</A>

			<LI><A HREF="#Heading17">Adding Users</A>

			<LI><A HREF="#Heading18">CAUTION</A>

			<LI><A HREF="#Heading19">Deleting Users</A>

			<LI><A HREF="#Heading20">Groups</A>

			<LI><A HREF="#Heading21">Listing</A>

			<LI><A HREF="#Heading22">41.2. The default /etc/group file.</A>

			<UL>

				<LI><A HREF="#Heading23">Default System Groups</A>

				<LI><A HREF="#Heading24">Adding a Group</A>

				<LI><A HREF="#Heading25">Adding a User to New Groups</A>

				<LI><A HREF="#Heading26">Deleting a Group</A>

			</UL>

			<LI><A HREF="#Heading27">The su Command</A>

			<LI><A HREF="#Heading28">Summary</A>

		</UL>

	</UL>

</UL>



<P>

<HR SIZE="4">



<H2 ALIGN="CENTER"><A NAME="Heading1<FONT COLOR="#000077">- 41 -</FONT></H2>

<H2 ALIGN="CENTER"><A NAME="Heading2<FONT COLOR="#000077">Users</FONT></H2>

<P><I>by Tim Parker</I></P>

<P>IN THIS CHAPTER</P>



<UL>

	<LI>The Superuser Account 

	<P>

	<LI>User Accounts: /etc/passwd 

	<P>

	<LI>Default System User Names 

	<P>

	<LI>Adding Users 

	<P>

	<LI>Deleting Users 

	<P>

	<LI>Groups 

	<P>

	<LI>The su Command  

</UL>



<P><BR>

All access to a Linux system is through a user account. Every user must be set up

by the system administrator, with the sole exception of the root account (and some

system accounts that users seldom, if ever, use). While many Linux systems only have

one user, that user should not use the root account for daily access. Most systems

allow several users to gain access, either through multiple users on the main console,

through a modem or network, or over hard-wired terminals. Knowing how to set up and

manage user accounts and their associated directories and files is an important aspect

of Linux system administration.</P>



<P>This chapter looks at the the following subjects:



<UL>

	<LI>The root (superuser) account

	<P>

	<LI>How to create new users

	<P>

	<LI>The files a new user requires

	<P>

	<LI>What is a group of users

	<P>

	<LI>Managing groups

</UL>



<H3 ALIGN="CENTER"><A NAME="Heading3<FONT COLOR="#000077">The Superuser Account</FONT></H3>

<P>When the Linux software is installed, one master login is created automatically.

This login, called root, is known as the superuser because there is nothing the login

can't access or do. While most user accounts on a Linux system are set to prevent

the user from accidentally destroying all the system files, for example, the root

login can blow away the entire Linux operating system with one simple command. Essentially,

the root login has no limitations.



<DL>

	<DT></DT>

</DL>





<DL>

	<DD>

<HR>

<A NAME="Heading4<FONT COLOR="#000077"><B>WARNING:</B> </FONT>The sheer power

	of the root login can be addictive. When you log in as root you don't have to worry

	about file permissions, access rights, or software settings. You can do anything

	at anytime. This power is very attractive to newcomers to the operating system, who

	tend to do everything while logged in as root. It's only after the system has been

	damaged that the root login's problems become obvious: There are no safeguards! As

	a rule, you should only use the root login for system maintenance functions. Do not

	use the superuser account for daily usage!

<HR>



</DL>



<P>The root login should be kept only for those purposes where you really need it.

It's a good idea to change the login prompt of the root account to clearly show that

you are logged in as root, and hopefully you will think twice about the commands

you issue when you use that login. You can change the login prompt with the <TT>PS</TT>

environment variable, discussed in Chapter 13, &quot;Shell Programming.&quot; If

you are on a standalone system and you destroy the entire file system, it's only

you that is inconvenienced. If you are on a multiuser system and you insist on using

root for common access, you will have several very mad users after you when you damage

the operating system.</P>



<P>So after all those dire warnings, the first thing you should do on a new system

is create a login for your normal daily usage. Set the root password to something

other users of the system (if there are any) will not easily guess, and change the

password frequently to prevent snooping.</P>

<P>You can also create special logins for system administration tasks that do not

need wide-open access, such as for tape backups. You can set a login to have root

read-only access to the entire file system, but not the potential for damage. This

lets you back up the system properly, but not erase the kernel by accident. Similar

special logins can be set up for e-mail access, gateways to the Internet, and so

on. Think carefully about the permissions each task requires and create a special

login for that task--your system will be much more secure and have less chance of

accidental damage.</P>

<P>To be precise, the superuser account doesn't have to be called root. It can have

any name. The superuser account is always defined as the account with a user ID number

of zero. User ID numbers are defined in the <TT>/etc/passwd</TT> file.

<H3 ALIGN="CENTER"><A NAME="Heading5<FONT COLOR="#000077">User Accounts: /etc/passwd</FONT></H3>

<P>Even if you are the only user on your Linux system, you should know about user

accounts and managing users. This is because you should have your own account (other

than root) for your daily tasks. You therefore need to be able to create a new user.

If your system lets others access the operating system, either directly or through

a modem, you should create user accounts for everyone who wants access. You may also

want a more generic guest account for friends who just want occasional access.</P>

<P>Every person using your Linux system should have his or her own unique user name

and password. The only exception is a guest account, or perhaps an account that accesses

a specific application, such as a read-only database. By keeping separate accounts

for each user, your security is much tighter, and you have a better idea of who is

accessing your system and what they are doing. A one-to-one correspondence between

users and accounts makes tracking activities much easier.</P>

<P>All the information about user accounts is kept in the file <TT>/etc/passwd</TT>.

The <TT>/etc/passwd</TT> file should be owned only by root and have the group ID

set to zero (usually root or system<TT> </TT>group, as defined in the <TT>/etc/group

file</TT>). The permissions of the <TT>/etc/passwd</TT> file should be set to allow

write access only by root, but all others can have read access. (We deal with groups

and permissions later in this section.) The lines in the <TT>/etc/passwd</TT> file

are divided into a strict format:<FONT COLOR="#0066FF"></FONT>

<PRE><FONT COLOR="#0066FF">username:password:user ID:group ID:comment:home directory:login command

</FONT></PRE>

<P>This format can best be seen by looking at a sample <TT>/etc/passwd</TT> file.

The <TT>/etc/passwd</TT> file created when a Linux system is newly installed is shown

in Listing 41.1.

<H3 ALIGN="CENTER"><A NAME="Heading6<FONT COLOR="#000077">Listing <A NAME="Heading741.1.

The /etc/passwd file created when Linux is first installed.</FONT><FONT COLOR="#0066FF"></FONT></H3>

<PRE><FONT COLOR="#0066FF">root::0:0:root:/root:/bin/bash

bin:*:1:1:bin:/bin:

daemon:*:2:2:daemon:/sbin:

adm:*:3:4:adm:/var/adm:

lp:*:4:7:lp:/var/spool/lpd:

sync:*:5:0:sync:/sbin:/bin/sync

shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown

halt:*:7:0:halt:/sbin:/sbin/halt

mail:*:8:12:mail:/var/spool/mail:

news:*:9:13:news:/usr/lib/news:

uucp:*:10:14:uucp:/var/spool/uucppublic:

operator:*:11:0:operator:/root:/bin/bash

games:*:12:100:games:/usr/games:

man:*:13:15:man:/usr/man:

postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash

nobody:*:-1:100:nobody:/dev/null:

ftp:*:404:1::/home/ftp:/bin/bash

</FONT></PRE>

<P>Each line in the <TT>/etc/passwd</TT> file is composed of seven fields, separated

by a full colon. If there is nothing to be entered in a field, the field is left

blank, but the colons are retained to make sure each line has seven fields (which

also means each line will have six colons). These are the seven fields (from left

to right on each line): 

<TABLE BORDER="0">

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT"><TT>user name</TT> </TD>

		<TD ALIGN="LEFT">A unique identifier for the user. </TD>

	</TR>

	<TR ALIGN="LEFT" rowspan="1">

		<TD ALIGN="LEFT"><TT>password</TT> </TD>