626-629.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:Users and Logins</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=35//-->
<!--PAGES=626-629//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="624-626.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="629-631.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H4 ALIGN="LEFT"><A NAME="Heading10"></A><FONT COLOR="#000077">Login Command</FONT></H4>
<P>The login command is the command to be executed when login terminates. In most cases this is a shell command that is started, such as the C Shell or Bourne Shell, to provide the user with a shell environment. In some cases, it may be a single application or front-end system that restricts what the user can do. For example, the <TT>uucp</TT> login (used for email and other simple networking tasks) executes the <TT>uucp</TT> command only. If the login command field is left empty, the operating system usually defaults to the Bourne shell (although this may change depending on the manner in which the operating system is set up).</P>
<P>Many versions of Linux enable users to change their login shell with the commands <TT>chsh</TT> or <TT>passwd -s</TT>. When this command is used, the file <TT>/etc/shells</TT> is searched for a match. Only those commands in the <TT>/etc/shells</TT> file are allowed as valid entries when the user tries to change his startup shell. (You can add or remove lines in the <TT>/etc/shells</TT> file using any editor.) This helps you keep tighter security on the system. The superuser account has no restrictions on the entry in this field (or any other user&#146;s field). If your system uses the <TT>/etc/shells</TT> file, make sure it has the same file permissions and ownership as the <TT>/etc/passwd</TT> file, or a user can sneak through the system security by modifying the startup command for her login.</P>
<H3><A NAME="Heading11"></A><FONT COLOR="#000077">Default System Usernames</FONT></H3>
<P>The extract from the <TT>/etc/passwd</TT> file shown in the preceding section lists over a dozen system-dependent usernames. These all serve special purposes on the Linux system. A few of these logins are worth noting because they have specific uses for the operating system and for system administrators:</P>
<CENTER>
<TABLE WIDTH="80%"><TR>
<TD WIDTH="30%" VALIGN="TOP">root
<TD WIDTH="70%">The superuser account (UID <TT>0</TT>) with unrestricted access and owns many system files.
<TR>
<TD VALIGN="TOP">daemon
<TD>Used for system processes. This login is used only to own the processes and set their permissions properly.
<TR>
<TD>bin
<TD>Owns executables.
<TR>
<TD>sys
<TD>Owns executables.
<TR>
<TD>adm
<TD>Owns accounting and log files.
<TR>
<TD VALIGN="TOP">uucp
<TD>Used for UUCP communication access and files.
</TABLE>
</CENTER>
<P>The other system logins are used for specific purposes (<TT>postmaster</TT> for mail, and so on) that are usually self-explanatory. You should not change any of the system logins. In most cases, they have an asterisk in the password field preventing their use for entry purposes.</P>
<H3><A NAME="Heading12"></A><FONT COLOR="#000077">Adding Users</FONT></H3>
<P>There are two ways to add users to your system: Manually edit the <TT>/etc/passwd</TT> file or use an automated script that prompts you for the new user&#146;s details and writes a new line to the <TT>/etc/passwd</TT> file for you. The automated approach is handy for new system administrators who are uneasy about editing a file as important as <TT>/etc/passwd</TT> or for those occasions when you have to add several users and the risk of error is thus increased. You must modify the <TT>/etc/passwd</TT> file when you are logged in as <TT>root</TT>.</P>
<BLOCKQUOTE>
<P><FONT SIZE="-1"><HR><B>Warning:&nbsp;&nbsp;</B><BR>Before making changes to your <TT>/etc/passwd</TT> file, make a copy of it! If you corrupt the <TT>/etc/passwd</TT> file you will not be able to log in, even as <TT>root</TT>, and your system is effectively useless except in system administration mode. Keep a copy of the <TT>/etc/passwd</TT> file on your emergency floppy or boot floppy in case of problems.<HR></FONT>
</BLOCKQUOTE>
<P>To add an entry to the <TT>/etc/passwd</TT> file, use any editor that saves information in ASCII. Add the new users to the end of the file, using a new line for each user. Make sure you use a unique username and user ID (UID) for each user. For example, to add a new user called &#147;bill&#148; to the system with a UID of 103 (remember to keep UIDs sequential for convenience) and a GID of 100 (the default group), a home directory of <TT>/home/bill</TT>, and a startup shell of the Bourne shell, add the following line to the <TT>/etc/passwd</TT> file:</P>
<!-- CODE SNIP //-->
<PRE>
bill::103:100:Bill Smallwood:/home/bill:/bin/sh
</PRE>
<!-- END CODE SNIP //-->
<P>Note that we have left the password blank because you can&#146;t type in an encrypted password yourself. As soon as you have saved the changes to <TT>/etc/passwd</TT>, set a password for this account by running the following command:</P>
<!-- CODE SNIP //-->
<PRE>
passwd bill
</PRE>
<!-- END CODE SNIP //-->
<P>This command prompts you for an initial password. Set the password to something that Bill will be able to use, and ask him to change the password the first time he works on the system. Many system administrators set the initial password to a generic string (such as &#147;password&#148; or the login name) and then force the new user to change the password the first time they log in. Using generic strings is usually acceptable if the user logs in quickly, but don&#146;t leave accounts with generic login strings sitting around too long&#151;someone else may use the account.
</P>
<P>After you have added the necessary line to the <TT>/etc/passwd</TT> file, you should create the user&#146;s home directory. Once created, you must set the ownership to make that user own the directory. For the preceding example, you would issue the following commands:</P>
<!-- CODE SNIP //-->
<PRE>
mkdir /home/bill

chown bill /home/bill
</PRE>
<!-- END CODE SNIP //-->
<P>All users must belong to a group. If your system has only one group defined, then add the user&#146;s username to the line in the <TT>/etc/group</TT> file that represents that group. If the new user should belong to several groups, add the username to each group in the <TT>/etc/group</TT> file. The <TT>/etc/group</TT> file and groups in general are discussed in the &#147;Groups&#148; section later in the chapter.</P>
<P>Finally, the configuration files for the users&#146; shells should be copied into their home directory and set to allow them access for customization. For example, if you copy the Bourne shell&#146;s <TT>.profile</TT> file from another user called &#147;yvonne,&#148; you would issue the following commands:</P>
<!-- CODE SNIP //-->
<PRE>
cp /home/yvonne/.profile /home/bill/.profile

chown bill /home/bill/.profile
</PRE>
<!-- END CODE SNIP //-->
<P>You should also manually check the configuration file to ensure there are no environment variables that will be incorrectly set when the user logs in. For example, there may be a line defining the <TT>HOME</TT> environment variable or the spool directories for printer and mail. Use any ASCII editor to check the configuration file. If you are using the Korn or C shell, there are other configuration files that need to be copied over and edited. Bourne shell compatibles need only a <TT>.profile</TT>, while the C Shell and compatibles need <TT>.login</TT> and <TT>.cshrc.</TT> The Korn shell and compatibles need a <TT>.profile</TT> and usually another file with environment variables embedded in it.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="624-626.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="629-631.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>