619-621.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:Users and Logins</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=35//-->
<!--PAGES=619-621//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="../ch34/615-618.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="621-623.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H2><A NAME="Heading1"></A><FONT COLOR="#000077">Chapter 35<BR>Users and Logins
</FONT></H2>
<P><I>by Tim Parker</I></P>
<DL>
<DT><B>In This Chapter</B>
<DT>&#149;&nbsp;&nbsp; The superuser account
<DT>&#149;&nbsp;&nbsp; User accounts: /etc/ passwd
<DT>&#149;&nbsp;&nbsp; Default system usernames
<DT>&#149;&nbsp;&nbsp; Adding users
<DT>&#149;&nbsp;&nbsp; Deleting users
<DT>&#149;&nbsp;&nbsp; Groups
<DT>&#149;&nbsp;&nbsp; The su command
</DL>
<P>All access to a Linux system is through a user account. Every user must be set up by the system administrator, with the sole exception of the <TT>root</TT> account (and some system accounts that users seldom, if ever, use). While many Linux systems only have one user, that user should not use the <TT>root</TT> account for daily access. Most systems allow several users to gain access, either through multiple users on the main console, through a modem or network, or over hard-wired terminals. Knowing how to set up and manage user accounts and their associated directories and files is an important aspect of Linux system administration.</P>
<P>This chapter looks at the the following subjects:</P>
<DL>
<DD><B>&#149;</B>&nbsp;&nbsp;The <TT>root</TT> (superuser) account
<DD><B>&#149;</B>&nbsp;&nbsp;How to create new users
<DD><B>&#149;</B>&nbsp;&nbsp;The files a new user requires
<DD><B>&#149;</B>&nbsp;&nbsp;What is a group of users
<DD><B>&#149;</B>&nbsp;&nbsp;Managing groups
</DL>
<H3><A NAME="Heading2"></A><FONT COLOR="#000077">The Superuser Account</FONT></H3>
<P>When the Linux software is installed, one master login is created automatically. This login, called <TT>root</TT>, is known as the <I>superuser</I> because there is nothing the login can&#146;t access or do. While most user accounts on a Linux system are set to prevent the user from accidentally destroying all the system files, for example, the <TT>root</TT> login can blow away the entire Linux operating system with one simple command. Essentially, the <TT>root</TT> login has no limitations.</P>
<BLOCKQUOTE>
<P><FONT SIZE="-1"><HR><B>Warning:&nbsp;&nbsp;</B><BR>The sheer power of the <TT>root</TT> login can be addictive. When you log in as <TT>root</TT> you don&#146;t have to worry about file permissions, access rights, or software settings. You can do anything at anytime. This power is very attractive to newcomers to the operating system, who tend to do everything while logged in as <TT>root</TT>. It&#146;s only after the system has been damaged that the <TT>root</TT> login&#146;s problems become obvious: There are no safeguards! As a rule, you should only use the <TT>root</TT> login for system maintenance functions. Do not use the superuser account for daily usage!<HR></FONT>
</BLOCKQUOTE>
<P>The <TT>root</TT> login should be kept only for those purposes where you really need it. It&#146;s a good idea to change the login prompt of the <TT>root</TT> account to clearly show that you are logged in as <TT>root</TT>, and hopefully you will think twice about the commands you issue when you use that login. You can change the login prompt with the PS environment variable, discussed in Chapter 14, &#147;Shell Programming.&#148; If you are on a standalone system and you destroy the entire file system, it&#146;s only you that is inconvenienced. If you are on a multiuser system, however, and insist on using <TT>root</TT> for common access, you will have several very angry users when you damage the operating system.</P>
<P>So, after all of these dire warnings, the first thing you should do on a new system is create a login for your normal daily usage. Set the <TT>root</TT> password to something that other users of the system (if there are any) will not easily guess and change the password frequently to prevent snooping.</P>
<P>You can also create special logins for system administration tasks that do not need wide-open access, such as tape backups. You can set a login to have <TT>root</TT> read-only access to the entire file system but without the potential for damage. This lets you back up the system properly, but not erase the kernel by accident. Similar special logins can be set up for email access, gateways to the Internet, and so on. Think carefully about which permissions each task requires and create a special login for that task&#151;your system will be much more secure and have less chance of accidental damage.</P>
<P>To be precise, the superuser account doesn&#146;t have to be called <TT>root</TT>. It can have any name. The superuser account is always defined as the account with a user ID number of zero. User ID numbers are defined in the <TT>/etc/passwd</TT> file.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="../ch34/615-618.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="621-623.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>