0390-0392.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:User Accounts and Logins</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=19 //-->
<!-- PAGES=0383-0394 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="0387-0389.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0393-0394.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-390"><P>Page 390</P></A>






<H3><A NAME="ch19_ 15">
Changing User Properties
</A></H3>




<P>There are a few commands for changing various properties of an account. The
chsh command, used to change the login command, is mentioned earlier in this chapter. In addition to it
(and the passwd -s), there are two other commands that can be used:
</P>

<TABLE WIDTH="360">
<TR><TD>
chfn
</TD><TD>
Changes the full name field (the comment field)
</TD></TR>
<TR><TD>
passwd
</TD><TD>
Changes the password
</TD></TR>
</TABLE>






<P>The superuser (root) can use these commands to change the properties of any account.
Normal users (those whose UIDs do not correspond to 0) can only change the properties of
their own account.
</P>




<H3><A NAME="ch19_ 16">
Temporarily Disabling a User
</A></H3>




<P>Sometimes it is necessary to temporarily disable a user's account. Many times you do not
want to remove it, just make it inaccessible. One of the ways that I have seen people do this is
to change the user's password. Although this works, it also causes confusion for the user,
who doesn't know what is going on.
</P>




<P>A better way of disabling the account is to change the login command set in the
/etc/passwd file. Make a special program called a
tail script:
</P>


<!-- CODE //-->
<PRE>
#!/usr/bin/tail +2
This account has been temporarily closed due to &lt;whatever reason&gt;.
Please call the system administrator at 555-1212 to discuss this situation.
</PRE>
<!-- END CODE //-->






<P>The first two characters of the first line (#!) tell the kernel that the rest of the line is a
command that needs to be run to interpret this file. (If you are accustomed to shell
programming or Perl programming, this ought to look familiar.) The
tail command outputs the last two lines of the file (which happens to be everything except the first line that executed the
program).
</P>




<P>If our friend tpowell has not logged in to his account for 90 days, the system
administrator would do something like this:
</P>


<!-- CODE //-->
<PRE>
# chsh -s /usr/local/lib/no-login/old tpowell
# su - tpowell
This account has been closed due to inactivity.
Please call the system administrator at 555-1212 to discuss this situation.
#
</PRE>
<!-- END CODE //-->





<P>By using the su command to switch to tpowell, I was able to test and make sure that I
had done the command correctly, and that it said what I wanted it to say. It
worked.
</P>




<H3><A NAME="ch19_ 17">
The Login and How to Become a Specific User
</A></H3>




<P>When logging in via a terminal, init makes sure there is a
getty program for the terminal connection. getty listens at the terminal and waits for the user to notify that he or she is ready
to
</P>

<A NAME="PAGENUM-391"><P>Page 391</P></A>






<P>log in. When it notices a user, getty outputs a welcome message
(/etc/issue), prompts for a username, and runs the
login program. The login program checks for the existence of the
/etc/nologin file. If it exists, logins are disabled. If it does not exist, the
login program gets the username as a parameter and prompts the user for the password. The password is compared
to the password on file for the user. If all of this matches up,
login starts the login command identified in the
/etc/passwd file. If it does not match up, the program will either allow
the user another chance to enter the user ID and password, or the program will terminate the
process. When init notices that the process terminated, it starts a new
getty for the terminal.
</P>





<P>After the login command is run, and assuming there is a place to send standard output,
the login program outputs the contents of
/etc/motd and checks for electronic mail. These
two steps can be turned off by placing an empty file in your home directory called
.hushlogin. This can be done with the following command:
</P>


<!-- CODE SNIP //-->
<PRE>
shell:/home/dpitts$touch .hushlogin
shell:/home/dpitts$
</PRE>
<!-- END CODE SNIP //-->






<P>The touch command says to update the file passed as a parameter with the current date
and time. If that file does not exist, it creates it with nothing in it. It is this second part that had
the desired effect.
</P>
<P>
<P>

<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
NOTE
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>



<P>If the file /etc/nologin exists, logins are disabled. This file is usually created by
shutdown. All failed login attempts are logged in the system log file
(syslog). It also logs all logins by root. Current logins are listed in the
/var/run/utmp file and logged in the /var/log/wtmp
file.
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>
</P>
The su Command
</H4>




<P>The su command (su stands for switch user) is used to switch from one user to another. If
no user is given as a parameter, the su command assumes a switch to the root user account. If
the - parameter is used, all environment variables for the user switched to are read. If not, the
environment variables of the real user are kept. The
su command switches the effective username. It does not change the actual username.
</P>




<P>If a normal user switches to another user, the system will ask for the password of the user
being switched to. If root attempts to switch to another user, the system switches to that user
without the necessary password.
</P>




<H3><A NAME="ch19_ 18">
Searching
</A></H3>




<P>Sometimes when you are on a system, it is nice to know who else is on the system. Other
times it is nice to know other information about a user, such as whether or not the user is
currently
</P>

<A NAME="PAGENUM-392"><P>Page 392</P></A>






<P>logged on the system. The next sections discuss the
who command and the finger command, lists possible reasons they are used, and explains where the information comes from.
</P>




<H5><A NAME="ch19_ 19">
who
</A></H5>




<P>The who command checks the /var/run/utmp file to create its information. The
/var/run/utmp command keeps track of who is currently logged on. Other than for mere curiosity's sake,
there are other reasons why you might care who is logged on. One possible reason is system
performance. If you are getting really bad system performance, you will probably want to see who
is logged on and what the logged-on user is doing. The
who command tells who, and the ps command tells what. Of course, to communicate with users with
write or talk, you need to know if that user is logged on.
</P>




<P>The -u parameter for who adds the column for how long it has been since that login has
been active. In the following example, there are two users. The first has not done anything for
fifteen minutes. The second, me, is currently running a command (gee, I bet it is the
who -u command).
</P>


<!-- CODE SNIP //-->
<PRE>
shell:/home/dpitts$ who -u
wsheldah  ttyp0    Sep  1 12:55 00:15 (d3.dialup.lexne)
dpitts   ttyp1    Sep  1 17:06   .   (a20.dialup.seane)
</PRE>
<!-- END CODE SNIP //-->





<P>The output is a space-delimited line with the following
elements (who -u):
</P>


<!-- CODE SNIP //-->
<PRE>
user id &lt;space&gt; terminal logged in &lt;space&gt;
Date logged in (month and day) &lt;space&gt; time logged
in &lt;space&gt; inactive time &lt;space&gt; where logged in from
</PRE>
<!-- END CODE SNIP //-->





<H5><A NAME="ch19_ 20">
finger
</A></H5>




<P>The finger command checks some system and user-defined files and reports the
information it finds. After the following example of a
finger command, the output is explained:
</P>


<!-- CODE //-->
<PRE>
shell:/home/dpitts$ finger dpitts
Login: dpitts                           Name: MCA Financial Systems
Directory: /home2/dpitts                Shell: /bin/bash
On since Mon Sep  1 17:06 (EDT) on ttyp1 from a20.dialup.seane
Mail forwarded to dpitts@seanet.com
No mail.
Plan:

David Pitts
Systems Administrator, Consultant, Author

shell:/home/dpitts$
</PRE>
<!-- END CODE //-->





<P>First, the finger command reads and interprets the
/etc/passwd file. From that file, it gives the login ID, the comment field, the home location, and the login command issued. In
addition, it checks the /var/run/utmp, and if the person is logged in, it displays how long, on
which terminal, and from where. After it gives this information, it then checks for the existence of
a .forward file. If one exists, it displays its information. Next, it checks to see if the user has
any
</P>

<P><CENTER>
<a href="0387-0389.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0393-0394.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>