| Previous | Table of Contents | Next |
by Tim Parker
All access to a Linux system is through a user account. Every user must be set up by the system administrator, with the sole exception of the root account (and some system accounts that users seldom, if ever, use). While many Linux systems only have one user, that user should not use the root account for daily access. Most systems allow several users to gain access, either through multiple users on the main console, through a modem or network, or over hard-wired terminals. Knowing how to set up and manage user accounts and their associated directories and files is an important aspect of Linux system administration.
This chapter looks at the the following subjects:
When the Linux software is installed, one master login is created automatically. This login, called root, is known as the superuser because there is nothing the login can’t access or do. While most user accounts on a Linux system are set to prevent the user from accidentally destroying all the system files, for example, the root login can blow away the entire Linux operating system with one simple command. Essentially, the root login has no limitations.
Warning:
The sheer power of the root login can be addictive. When you log in as root you don’t have to worry about file permissions, access rights, or software settings. You can do anything at anytime. This power is very attractive to newcomers to the operating system, who tend to do everything while logged in as root. It’s only after the system has been damaged that the root login’s problems become obvious: There are no safeguards! As a rule, you should only use the root login for system maintenance functions. Do not use the superuser account for daily usage!
The root login should be kept only for those purposes where you really need it. It’s a good idea to change the login prompt of the root account to clearly show that you are logged in as root, and hopefully you will think twice about the commands you issue when you use that login. You can change the login prompt with the PS environment variable, discussed in Chapter 14, “Shell Programming.” If you are on a standalone system and you destroy the entire file system, it’s only you that is inconvenienced. If you are on a multiuser system, however, and insist on using root for common access, you will have several very angry users when you damage the operating system.
So, after all of these dire warnings, the first thing you should do on a new system is create a login for your normal daily usage. Set the root password to something that other users of the system (if there are any) will not easily guess and change the password frequently to prevent snooping.
You can also create special logins for system administration tasks that do not need wide-open access, such as tape backups. You can set a login to have root read-only access to the entire file system but without the potential for damage. This lets you back up the system properly, but not erase the kernel by accident. Similar special logins can be set up for email access, gateways to the Internet, and so on. Think carefully about which permissions each task requires and create a special login for that task—your system will be much more secure and have less chance of accidental damage.
To be precise, the superuser account doesn’t have to be called root. It can have any name. The superuser account is always defined as the account with a user ID number of zero. User ID numbers are defined in the /etc/passwd file.
| Previous | Table of Contents | Next |