|
|
 |
|
The (almost)
only place on the harddrive that normal users (non-root) can write to is
their home directory, which is /home/user_login_name.
This "home" directory is for all user files: settings, program configuration
files, documents, data, netscape cache, mail, etc. As a user, you
can create subdirectories under your home directory to keep yourself organized.
Other users cannot read your files or write to your home directory unless
you give them permission to do so.
Normal users can also see, read and execute many other files on the system
(besides their home directory), but normally they cannot modify or remove
(delete) them.
The "root" (also called "super user") is a special administrative account
that has the power to modify any file on the system. It is not a good
idea to habitually work on your system as root--if you do so, your mistakes
can cost you dearly. Set up and use a normal user account for everyday work
for yourself, another user account for your son, and yet another for your
wife. The root account is typically the only account that exists on Linux
after the initial installation. Thus you have to explicitly create "user"
accounts for normal work for you Linux system.
A user account can be created by "root" using, for example:
adduser joe
passwd joe
[type the password for the user joe]
[retype the password for the user joe so as to avoid mistakes]
In the example above, first I logged in as root. Then, on the command line,
I issued the command "adduser" with the parameter (argument) "joe". This
created the account "joe" on my Linux computer. Then, I issued the command
"passwd joe" to change the password for the user "joe" to something fairly
secure. Now, I can tell "joe" what her initial password is, and she can
login and change the password to her liking. Please note that the account
name (user login name, "joe") and the password are case-sensitive.
Root can
change any user's password, although s/he cannot read it. [Passwords
are encrypted using a one-way encryption algorithm and only this encrypted
version is stored on the system, in the file /etc/passwd (older
systems) or /etc/shadow (newer systems), and the "open" version
of the password is never stored. When you login, the password you
type is encrypted again using the same one-way algorithm and compared
with the already encrypted version stored in /etc/passwd or /etc/shadow.]
The separation
of the administrator and user makes Linux systems secure and robust--it
even makes viruses under Linux difficult (the programs that a user runs
can write only to his/her own directories, and therefore cannot affect the
vital parts of the operating system).
It is customary that the user changes his/her password immediately after
the first login, for example:
passwd
(current) UNIX password: pass_OLD
New UNIX password: pass_NEW
Retype New UNIX password: pass_NEW
In reality, the password will not appear on the screen as you type it (for
security reasons). Take your time if you are changing the password for the
very first time--it can be difficult to type "blind".
On the Linux
system, the same password is used to:
- login
on the text terminal,
- login
from a graphical (GUI) screen into your desktop (KDE or GNOME),
- unlock
a locked text terminal,
- unlock
a password-protected screen saver on a GUI (for example, KDE or GNOME)
Next > 3.2.2
About password security
|
| 