Linux is a multiuser system, so it has many user accounts. Even if you’re the only user on your system, many servers require a unique username and group name. For example, the FTP server runs under the username ftp. A whole host of system user accounts aren’t for people but just for running specific programs.
Also, user accounts can belong to one or more groups. Typically, each username has a corresponding private group name. By default, each user belongs to that corresponding private group. However, you can define other groups for the purpose of providing access to specific files and directories based on group membership.
User and group ownerships of files are a way to make sure that only the right people (or the right process) can access the right files and directories. Managing the user and group accounts is a typical system administration job. It’s not hard to do this part of the job, given the tools that come with Linux.
Adding User Accounts
You get the chance to add user accounts when you boot your system for the first time after installing Linux. The root account is the only one that you must set up during installation. If you don’t add other user accounts when you start the system for the first time, you can add new users later on, using a GUI user account manager or the useradd command.
Creating other user accounts besides root is a good idea. Even if you’re the only user of the system, logging in as a less privileged user is good practice because that way you can’t damage any important system files inadvertently. If necessary, you can type su - to log in as root and then perform any system administration tasks.
Managing user accounts by using a GUI user manager
Most Linux distributions come with a GUI tool to manage user accounts. You can use that GUI tool to add new user accounts. The tool displays a list of current user accounts and has an Add button for adding new users, as shown in Figure 2-1.
Figure 2-1: In Ubuntu, you can manage user and group accounts from the Users and Groups interface.
The basic steps, regardless of the specific GUI tool, are as follows:
- Click the Add User button.
A dialog box prompts you for information about the password for the new user account, as shown in Figure 2-2. - Enter the requested information.
The GUI tool takes care of adding the new user account. - (Optional) Click Advanced Settings for the user (refer to Figure 2-1) to configure additional information.
The Advanced tab (shown in Figure 2-3) allows you to override the defaults for the home directory, shell, and ID information.
Figure 2-2: You can assign a password for the new user account in Ubuntu in several ways.
Figure 2-3: Use Advanced Settings to configure settings other than the defined defaults for user accounts.For example, in SUSE, select the Security and Users category from the left side of the YaST Control Center, and then click the User Management icon in the right side of the window. YaST displays the User and Group Administration pane, where you can define new user accounts.
Note that the pane has two types of accounts it can configure: Users and Groups. Selecting Manage Groups displays the names of groups from the / etc/group, as shown in Figure 2-4.
Figure 2-4: Groups can be created and managed in Ubuntu similar to users.Initially, the User and Group Administration tool filters out any system users and groups. However, you can view the system users by choosing Edit➪Preferences and setting the filter to System Users from the drop-down list or check box, depending on your distribution. (System Users refers to user accounts that aren’t assigned to human users; rather, these user accounts are used to run various services.) You need to be the root user to access the features of this utility.
To add a new user account, click the Add button and enter the information requested in the New Local User window.
Fill in the requested information in the window and then click the Accept button. The new user now appears in the list of users in the User and Group Administration pane.
You can add more user accounts, if you like. When you finish, click the Finish button in the User and Group Administration pane to create the new user accounts.
By default, YaST places all local users in a group named users. Sometimes you want a user to be in another group as well so that the user can access the files owned by that group. Adding a user to another group is easy. For example, to add the username kdulaney to the group called wheel, type the following command in a terminal window:
usermod -G wheel kdulaney
To remove a user account, click the username in the list of user accounts and then click the Delete button.
Managing user accounts by using commands
If you’re working from a text console, you can create a new user account by using the useradd command. Follow these steps to add an account for a new user:
- Log in as root.
If you’re not already logged in as root, type su - to become root. - Type the following useradd command with the -c option to create the account:
/usr/sbin/useradd -c “Kristin Dulaney” kdulaney - Set the password by using the passwd command, as follows:
passwd kdulaney
You’re prompted for the password twice. If you type a password that someone can easily guess, the passwd program will scold you and suggest that you use a more difficult password.
The useradd command consults the following configuration files to obtain default information about various parameters for the new user account:
- /etc/default/useradd: Specifies the default shell (/bin/bash) and the default home directory location (/home)
- /etc/login.defs: Provides system-wide defaults for automatic group and user IDs, as well as password-expiration parameters
- /etc/skel: Contains the default files that useradd creates in the user’s home directory
Examine these files with the cat or more commands to see what they contain.
You can delete a user account by using the userdel command. Simply type /usr/sbin/userdel username at the command prompt where username is the name of the user you want to remove. To wipe out that user’s home directory as well, type /usr/sbin/userdel -r username.
To modify any information in a user account, use the usermod command. For example, for user kdulaney to have root as the primary group, type the following:
usermod -g root kdulaney
To find out more about the useradd, userdel, and usermod commands, type man useradd, man userdel, or man usermod, respectively, in a terminal window.
Understanding the /etc/passwd File
The /etc/passwd file is a list of all user accounts. It’s a text file and any user can read it — no special privileges needed. Each line in /etc/passwd has seven fields, separated by colons (:).
Here’s a typical entry from the /etc/passwd file:
kdulaney:x:1000:1000:Kristin Dulaney,,,,:/home/kdulaney:/bin/bash
As the example shows, the format of each line in /etc/passwd looks like this:
username:password:UID:GID:GECOS:homedir:shell
Table 2-1 explains the meaning of the seven fields in each /etc/passwd entry.
| Table 2-1 | Fields in the /etc/passwd File |
| This Field | Contains |
| username | An alphanumeric username, usually 8 characters long and unique. (Linux allows usernames to be longer than 8 characters, but some other operating systems do not.) |
| password | When present, a 13-character encrypted password. (An empty field means that no password is required to access the account. An x means the password is stored in the /etc/shadow file, which is more secure.) |
| UID | A unique number that serves as the user identifier. (root has a UID of 0, and usually UIDs from 1 to 100 are reserved for nonhuman users such as servers; keeping the UID less than 32,767 is best.) |
| GID | The default group ID of the group to which the user belongs (GID 0 is for group root, other groups are defined in /etc/group, and users can be, and usually are, in more than one group at a time). |
| GECOS | Optional personal information about the user. (The finger command uses this field and GECOS stands for General Electric Comprehensive Operating System, a long-forgotten operating system that’s immortalized by the name of this field in /etc/ passwd.) |
| homedir | The name of the user’s home directory. |
| shell | The command interpreter (shell), such as bash(/bin/bash), which executes when this user logs in. |
Managing Groups
A group is something to which users belong. A group has a name and an identification number (ID). After a group is defined, users can belong to one or more of these groups.
You can find all the existing groups listed in /etc/group. For example, here’s the line that defines the group named wheel:
wheel:x:10:root,kdulaney
As this example shows, each line in /etc/group has the following format, with four fields separated by colons:
groupname:password:GID:membership
Table 2-2 explains the meaning of the four fields in a group definition.
| Table 2-2 | Meaning of Fields in /etc/group File |
| Field Name | Meaning |
| groupname | The name of the group (for example, wheel) |
| password | The group password (an x means that the password is stored in the /etc/shadow file) |
| GID | The numerical group ID (for example, 10) |
| membership | A comma-separated list of usernames that belong to this group (for example, root,kdulaney) |
If you want to create a new group, you can simply use the groupadd command. For example, to add a new group called class with an automatically selected group ID, type the following command in a terminal window (you have to be logged in as root):
groupadd class
Then you can add users to this group with the usermod command. For example, to add the user kdulaney to the group named class, type the following commands:
usermod -G class kdulaney
If you want to remove a group, use the groupdel command. For example, to remove a group named class, type
groupdel class
Exploring the User Environment
When you log in as a user, you get a set of environment variables that control many aspects of what you see and do on your Linux system. If you want to see your current environment, type the following command in a terminal window:
env
(By the way, the printenv command also displays the environment, but env is shorter.)
The env command prints a long list of lines. The collection of lines is the current environment, and each line defines an environment variable. For example, the env command displays this typical line:
HOSTNAME=localhost.localdomain
This line defines the environment variable HOSTNAME as localhost. localdomain.
An environment variable is nothing more than a name associated with a string. For example, the environment variable named PATH is typically defined as follows for a normal user:
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/ sbin:/sbin
The string to the right of the equal sign (=) is the value of the PATH environment variable. By convention, the PATH environment variable is a sequence of directory names, each name separated by a colon (:).
Each environment variable has a specific purpose. For example, when the shell has to search for a file, it simply searches the directories listed in the PATH environment variable in the order of their appearance. Therefore, if two programs have the same name, the shell executes the one it finds first.
In a fashion similar to the shell’s use of the PATH environment variable, an editor such as vi uses the value of the TERM environment variable to figure out how to display the file you edit with vi. To see the current setting of TERM, type the following command at the shell prompt:
echo $TERM
If you type this command in a terminal window, the output is as follows:
xterm
To define an environment variable in bash, use the following syntax:
export NAME=Value
Here, NAME denotes the name of the environment variable, and Value is the string representing its value. Therefore, you set TERM to the value xterm by using the following command:
export TERM=xterm
After you define an environment variable, you can change its value by simply specifying the new value with the syntax NAME=new-value. For example, to change the definition of TERM to vt100, type TERM=vt100 at the shell prompt.
With an environment variable, such as PATH, you typically want to append a new directory name to the existing definition rather than define the PATH from scratch. For example, if you download and install the Java 5 Development Kit (available from http://java.sun.com/javase/downloads/index_ jdk5.jsp), you have to add the location of the Java binaries to PATH. Here’s how you accomplish that task:
export PATH=$PATH:/usr/java/jdk1.5.0/bin
This command appends the string :/usr/java/jdk1.5.0/bin to the current definition of the PATH environment variable. The net effect is to add / usr/java/jdk1.5.0/bin to the list of directories in PATH.
Note: You also can write this export command as follows:
export PATH=${PATH}:/usr/java/jdk1.5.0/bin
After you type that command, you can access programs in the /usr/java/ jdk1.5.0/bin directory, such as javac, the Java compiler that converts Java source code into a form that the Java interpreter can execute.
PATH and TERM are only two of a handful of common environment variables. Table 2-3 lists some of the environment variables for a typical Linux user.
| Table 2-3 | Typical Environment Variables in Linux |
| Environment Variable | Contents |
| DISPLAY | The name of the display on which the X Window System displays output (typically set to :0.0) |
| HOME | Your home directory |
| HOSTNAME | The host name of your system |
| LOGNAME | Your login name |
| MAIL | The location of your mail directory |
| PATH | The list of directories in which the shell looks for programs |
| SHELL | Your shell (SHELL=/bin/bash for bash) |
| TERM | The type of terminal |
Changing User and Group Ownership of Files
In Linux, each file or directory has two types of owners: a user and a group. In other words, a user and group own each file and directory. The user and group ownerships can control who can access a file or directory.
To view the owner of a file or directory, use the ls -l command to see the detailed listing of a directory. For example, here’s a typical file’s information:
-rw-rw-r-- 1 kdulaney kdulaney 40909 Aug 16 20:37 composer.txt
In this example, the first set of characters shows the file’s permission setting — who can read, write, or execute the file. The third and fourth fields (in this example, kdulaney kdulaney) indicate the user and group owner of the file. Each user has a private group that has the same name as the username. So most files’ user and group ownership appear to show the username twice.
As a system administrator, you may decide to change the group ownership of a file to a common group. For example, suppose you want to change the group ownership of the composer.txt file to the class group. To do that, log in as root and type the following command:
chgrp class composer.txt
This chgrp command changes the group ownership of composer.txt to class.
You can use the chown command to change the user owner. The command has the following format:
chown username filename
For example, to change the user ownership of a file named sample.jpg to kdulaney, type
chown kdulaney sample.jpg
The chown command can change both the user and group owner at the same time. For example, to change the user owner to kdulaney and the group owner to class, type
chown kdulaney.class composer.txt
In other words, you simply append the group name to the username with a period in between and then use that as the name of the owner.
next Managing File Systems in Linux
0 comments:
Post a Comment