4.2 Users, passwords, file permissions, and security
4.2.1 Home directories, root, adding users
4.2.2 About password security
4.2.3 I forgot the root password
4.2.4 I forgot my user password
4.2.5 Disabling or removing a user account
4.2.6 I have file permission problems. How do
file ownership and permissions work?
4.2.7 Permissions for directories
4.2.8 My mp3 player chokes. The sound is kind of
interrupted (how to set suid).
4.2.1 Home directories, root, adding users
The (almost) only place on the harddrive that normal users (non-root) can write to is their home directory, which is /home/user_login_name.
This "home" directory is for all user files: settings, program configuration files, documents, data, netscape cache, mail, etc. As a user, you can create subdirectories under your home directory to keep yourself organized. Other users cannot read your files or write to your home directory unless you give them permission to do so.
Normal users can also see, read and execute many other files on the system (besides their home directory), but normally they cannot modify or remove (delete) them.
The "root" (also called "super user") is a special administrative account that has the power to modify any file on the system. It is not a good idea to habitually work on your system as root--if you do so, your mistakes can cost you dearly. Set up and use a normal user account for everyday work for yourself, another user account for your son, and yet another for your wife. The root account is typically the only account that exists on Linux after the initial installation. Thus you have to explicitly create "user" accounts for normal work for you Linux system.
A user account can be created by "root" using, for example:
adduser joe
passwd joe
[type the password for the user joe]
[retype the password for the user joe so as to avoid mistakes]
In the example above, first I logged in as root. Then, on the command line, I issued the command "adduser" with the parameter (argument) "joe". This created the account "joe" on my Linux computer. Then, I issued the command "passwd joe" to change the password for the user "joe" to something fairly secure. Now, I can tell "joe" what her initial password is, and she can login and change the password to her liking. Please note that the account name (user login name, "joe") and the password are case-sensitive.
Root can change any user's password, although s/he cannot read it. [Passwords are encrypted using a one-way encryption algorithm and only this encrypted version is stored on the system, in the file /etc/passwd (older systems) or /etc/shadow (newer systems), and the "open" version of the password is never stored. When you login, the password you type is encrypted again using the same one-way algorithm and compared with the already encrypted version stored in /etc/passwd or /etc/shadow.]
The separation of the administrator and user makes Linux systems secure and robust--it even makes viruses under Linux difficult (the programs that a user runs can write only to his/her own directories, and therefore cannot affect the vital parts of the operating system).
It is customary that the user changes his/her password immediately after the first login, for example:
passwd
(current) UNIX password: pass_OLD
New UNIX password: pass_NEW
Retype New UNIX password: pass_NEW
In reality, the password will not appear on the screen as you type it (for security reasons). Take your time if you are changing the password for the very first time--it can be difficult to type "blind".
On the Linux system, the same password is used to:
login on the text terminal,
login from a graphical (GUI) screen into
* License
