ch06.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

	sets up and maintains the Linux system. The amount of work involved in system administration

	varies from system to system. A full-time system administrator may be required in

	an office for powerful machines that have many users, peripheral units such as printers

	and tape drives, and are connected to a network. Your Linux system will not require

	that level of dedication! System administration, because it deals with sensitive

	matters such as creating or deleting log-ins, requires superuser privileges. These

	privileges are provided by the <TT>root</TT> login. So, the sys-tem administrator

	is an actual person wielding superuser powers gained by logging in as <TT>root</TT>.

	

<HR>



</DL>



<H4 ALIGN="CENTER"><A NAME="Heading12<FONT COLOR="#000077">Your First Login</FONT></H4>

<P>After all the cautions about using the <TT>root</TT> login, we're going to have

you log in as <TT>root</TT>. Because <TT>root</TT> is the only authorized login on

a newly installed Linux system, this is unavoidable. Also, we will be performing

a couple of important procedures that require <TT>root</TT> privileges. However,

after this first login, we will create a user ID that can prevent accidental damage

to the operating system.</P>

<P>At the login prompt</P>

<PRE><FONT COLOR="#0066FF">darkstar login:

</FONT></PRE>

<P>type</P>

<PRE><FONT COLOR="#0066FF">root

</FONT></PRE>

<P>and press the Enter key. After installation, the <TT>root</TT> login has no password,

so you are not prompted for one.



<DL>

	<DT></DT>

</DL>





<DL>

	<DD>

<HR>

<A NAME="Heading13<FONT COLOR="#000077"><B>NOTE: </B></FONT>Linux is case-sensitive

	(as are all UNIX versions). A capital <TT>R</TT> is, to Linux, a completely different

	letter from a lowercase <TT>r</TT>. When you type Linux commands, you must use the

	proper case or Linux will not understand them. The majority of Linux commands are

	typed in lowercase. This includes the login <TT>root</TT>; if you type <TT>Root</TT>

	or <TT>rOoT</TT>, Linux will reject the login. There is a curious exception, though.

	If you type the login <TT>IN ALL CAPITALS</TT>, the system will accept it--but from

	then on, everything on your screen will be in capital letters! This is left over

	from the days when some terminals only had uppercase letters. Although these terminals

	are now all gone or in museums, the login program retains this historical curiosity.

	

<HR>



</DL>



<P>After you have logged in as <TT>root</TT>, the system starts up a user session

for you. At this point, you should see the following on your screen:</P>

<PRE><FONT COLOR="#0066FF">darkstar login: root

Last login: Sun Dec 11 17:26:18 on tty1

Linux 2.0.0. 

You have mail.



If it's Tuesday, this must be someone else's fortune.



darkstar:~#

</FONT></PRE>

<P>Linux tells you when the login for this user was last recorded (although this

information may not appear the very first time you log in), and then provides you

with some version information. Linux also tells you that this login has a mail message

waiting to be read. Finally, if games were installed on your system, Linux gives

you a witty saying or aphorism.</P>

<P>It is always good practice to scan the line that starts with <TT>Last login</TT>,

and check that the time given is correct. This is especially important if your Linux

system is accessed by other users or connected to other systems. If the time given

does not look right, it could be that someone is using the login to break into your

system, or using your username without your permission.</P>

<P>We will read the mail message later, after taking care of some important steps.

If you are curious, the same mail message is sent by the install procedure when the

operating system is installed. It concerns registration matters for Linux.</P>

<P>Your &quot;fortune&quot; is chosen randomly from a long list, so don't expect

to see the same one shown in the previous example. If you didn't install the games

package during the Linux installation routine, you won't see a fortune. You can install

the games package at any time.</P>

<P>The final line you see on the screen is the system prompt. This tells you that

Linux is waiting for you to type in your commands--it's prompting you for input.

The system prompt also displays the following useful information:



<UL>

	<LI><TT>darkstar</TT> is the system name.

	<P>

	<LI>The <TT>~</TT> character indicates your location in the file system (explained

	in Chapter 8, &quot;File System&quot;).

	<P>

	<LI>The <TT>#</TT> character usually specifically indicates that you're logged in

	as <TT>root </TT>(although the <TT>$</TT> sign is used in some operating systems,

	which makes it difficult to quickly ascertain whether you are logged in as <TT>root</TT>

	or a regular user). According to UNIX conventions, regular user prompts are either

	<TT>%</TT> or <TT>$</TT>, depending on the shell; while <TT>#</TT> is reserved for

	<TT>root</TT>. These symbols are called shell prompts because they are used by the

	shell to prompt you for commands.

</UL>



<H3 ALIGN="CENTER"><A NAME="Heading14<FONT COLOR="#000077">Passwords</FONT></H3>

<P>In Linux (and just about all other UNIX systems) the superuser login name is <TT>root</TT>.

No matter how humble or huge the system, if you can log in as <TT>root</TT>, the

system is wide open for you to do whatever you want. Obviously, letting just anyone

log in as <TT>root</TT> is unacceptable because it exposes the system to too much

potential for serious damage.</P>

<P>To prevent unauthorized access, the <TT>root</TT> login should always have a password,

and that password should be secure. You may have noticed that Linux did not ask for

a <TT>root</TT> password. That is because, on installation, the <TT>root</TT> password

is set to the null string, which is a word with no characters. With <TT>root</TT>

and any other login, Linux does not bother asking for the password if it's the null

string.</P>

<P>The null string is the least secure password there is, because anyone who knows

a valid user name (such as <TT>root</TT>) can access the system. It is up to you

to change the password. Linux lets you choose what the new password will be, and

accepts it without complaint. Unfortunately, this can lead to a false sense of security.</P>

<P>It was noticed a long time ago that users chose passwords that they could easily

remember: their dog's name, their birthday, their hometown, their spouse's name,

and so on. The problem is that these passwords were also easy to break, either through

guessing or by more sophisticated means. This led some system administrators to insist

on difficult-to-break, randomly picked passwords (such as <TT>S8t6WLk</TT>). People

could not remember these passwords at all, so they wrote them down on pieces of paper

and stuck them on their desks. Others, who were trying to break into the system,

would find these pieces of paper and gain use of that login.</P>

<P>The best passwords are ones with a combination of uppercase letters, lowercase

letters, and numbers, that are still easy to remember. <TT>Fri13th</TT>, <TT>22Skidoo</TT>,

and <TT>2Qt4U</TT> are just a few examples. These hard-to-guess passwords are known

as strong passwords, while easy-to-guess ones are called weak.</P>

<P>Of course, you should never use these exact passwords, or any other published

sample passwords, because they're so easy to guess. There are many mischievous minds

out there who, on strolling by a Linux system, might try <TT>root</TT> and <TT>Fri13th</TT>

for the fun of it. You don't want to be the one with the nightmare of getting your

system broken into.</P>

<P>For the best security, passwords should be changed every so often. Many system

administrators recommend once every two or three months as reasonable. This guards

against dictionary-based guessing attacks, and also minimizes damage in cases in

which the password has been broken but nothing has really been done with it yet.



<DL>

	<DT></DT>

</DL>





<DL>

	<DD>

<HR>

<A NAME="Heading15<FONT COLOR="#000077"><B>NOTE: </B></FONT>Don't leave your

	terminal unattended while you're logged in. The idly malicious may take the opportunity

	to make some changes to your files, or send a nasty mail message off to people you'd

	hate to alienate. Always log out or lock your terminal when you leave. 

<HR>



</DL>



<P>Of course, the amount of system security you require depends on how much access

there is to your system, and how sensitive the information found on it is. The <TT>root</TT>

password should always be a good, secure one. If nothing else, it will discourage

you from casually logging on as <TT>root</TT>, especially if you leave your user

logins with null passwords.</P>

<P>If you are using Linux at home for experimenting, much of the security worries

mentioned previously may seem silly. However, it doesn't hurt to use good security,

and the practice can be carried over to larger UNIX systems at work.</P>

<P>We must assign a password for the <TT>root</TT> login using the Linux command

<TT>passwd</TT>. The spelling of the command has its history in the development of

UNIX, when long commands, such as <TT>password</TT>, were avoided due to the number

of characters that had to be typed! To change the <TT>root</TT> password at the system

prompt, type the command <TT>passwd</TT>, and you see the following:</P>

<PRE><FONT COLOR="#0066FF">darkstar:~# passwd

Changing password for root

Enter new password:

</FONT></PRE>

<P>At the prompt, type your new, secure password. What you type is not displayed

on the screen. This keeps anyone looking over your shoulder (called &quot;shoulder

surfing&quot;) from reading the password you've entered.



<DL>

	<DT></DT>

</DL>





<DL>

	<DD>

<HR>

<A NAME="Heading16<FONT COLOR="#000077"><B>WARNING:</B> </FONT>Make sure you

	type the password slowly and carefully! If any other user's password is lost or forgotten,

	it can be reset by the <TT>root</TT> login. But, if the <TT>root</TT> password is

	lost or forgotten, you must reinstall Linux. 

<HR>



</DL>



<P>Because it's so important that passwords are entered correctly, the system double-checks

the spelling of the password for you by asking you to type it again:</P>

<PRE><FONT COLOR="#0066FF">Re-type new password:

</FONT></PRE>

<P>Again, what you type is not displayed on the screen. If your two password entries

match, you see the following:</P>

<PRE><FONT COLOR="#0066FF">Password changed.

darkstar:~#

</FONT></PRE>

<P>The password is now changed in the system's configuration files. If the two entries

do not match completely (remember, case is important), Linux gives you the message</P>

<PRE><FONT COLOR="#0066FF">You misspelled it.  Password not changed.

</FONT></PRE>

<P>and changes are not made to the password. You need to start over with the <TT>passwd</TT>

command.



<DL>

	<DT></DT>

</DL>





<DL>

	<DD>

<HR>

<A NAME="Heading17<FONT COLOR="#000077"><B>WARNING: </B></FONT>Do not forget

	your new <TT>root</TT> password! Chant it to yourself before going to sleep, if necessary.

	But don't write it down on a piece of paper and slip it under the keyboard, either!

	

<HR>



</DL>





<DL>

	<DT></DT>

</DL>





<DL>

	<DD>

<HR>

<A NAME="Heading18<FONT COLOR="#000077"><B>TIP: </B></FONT>If you want to leave

	a program right away and return to the shell prompt, try Ctrl-C (hold down the Ctrl

	key and press C; this is sometimes written as ^C). This usually terminates whatever

	program you're in (usually without ill effects), and redisplays the shell prompt.

	

<HR>



</DL>



<H3 ALIGN="CENTER"><A NAME="Heading19<FONT COLOR="#000077">Creating a New Login</FONT></H3>

<P>Now that you have assigned a password for the <TT>root</TT> account, the next

thing you should do is create a login with which you can safely explore the Linux

system and try out some of the basic commands covered in the following chapters.

Linux has a utility called <TT>adduser</TT>, which simplifies and automates the task

of adding a new user to the system. (This isn't how they did it in the good old days.

You should be glad. In the past, files had to be manually edited to add users, a

tedious and error-prone process.)</P>

<P>To create a user, at the shell prompt type <TT>adduser</TT>:</P>

<PRE><FONT COLOR="#0066FF">darkstar:~# adduser

Adding a new user. The username should be not exceed 8 characters

in length, or you many run into problems later.

Enter login name for new account (^C to quit):

</FONT></PRE>

<P>Login names are used by valid system users. You can create a login for yourself

that you will use permanently, or you can create a temporary login for exploring

the system and remove it later. Login names can be any character or number string

you want. Typically, login names bear a resemblance to the user's real name, so Joe

Smith's login name may be <TT>joe</TT>, <TT>jsmith</TT>, or <TT>joes</TT>.</P>

<P>At the <TT>adduser</TT> prompt, enter the login name that you want to create.

It is advisable to use all lowercase letters to avoid confusion. Do not exceed the

eight-character limit at this point.</P>

<P>For our example in this chapter, we'll create the user <TT>fido</TT>. (After all,

as the old joke goes, &quot;On the Internet, no one knows if you're a dog!&quot;)

Of course, you will see your choice on the screen in place of <TT>fido</TT>.</P>

<PRE><FONT COLOR="#0066FF">Enter login name for new account (^C to quit): fido

Editing information for new user [fido]

Full Name:

</FONT></PRE>

<P>The <TT>adduser</TT> utility asks a set of questions about the new user and the

type of environment to present her with when she logs in. At this prompt, you can

type the full name of the user. Uppercase and spaces are fine. This information is

not mandatory, but it is used by the system for some other tasks.</P>

<PRE><FONT COLOR="#0066FF">Full Name: Fido Dog

GID [100]:

</FONT></PRE>

<P>The system is waiting for you to provide a GID or Group ID, which is discussed

in more detail in Chapter 39, &quot;Devices.&quot; The last part of the prompt, <TT>[100]</TT>,