by Ed Treijs

IN THIS CHAPTER

• Starting (and Stopping!) Your Linux System

• Passwords

• Creating a New Login

• Logging Out

• Trying Out Your New Login

• Virtual Terminals

• Commands and Programs

Congratulations! Now that you have successfully installed Linux, you can start using it. In this chapter we will look at the steps you need to take to begin working with Linux, including the following:

• Starting and stopping Linux

• Logging in and out

• Creating a new user with adduser

• Changing your password

• Using virtual terminals

• Displaying system users with who

Depending on the setup you chose during Linux installation and configuration, either Linux starts automatically when you power on your computer, or it requires you to type something (such as Linux) to specify that you want to boot Linux.

As your Linux system starts up, you see quite a few Linux initialization messages scroll through your screen. When Linux has completed its startup, you should see the following prompt:

Welcome to Linux 2.0.0.



darkstar login:

Because you know how to start Linux, it's even more important to know how to shut it down properly. Like many UNIX systems, if Linux is not powered down properly, damage to files can result. The easiest way to ensure a proper shutdown is to press the Ctrl, Alt, and Delete keys simultaneously. (This is the famous Ctrl-Alt-Delete "three-finger salute" used in DOS.)

Pressing Ctrl-Alt-Delete causes a number of advisory messages and Linux shutdown messages to be displayed. You must wait until the Linux shutdown procedure has finished, at which point your monitor shows the initial "power-on" screen, before turning your computer off.

Linux waits for a login. A login is simply the name that you supply to Linux to identify yourself to the operating system. Linux keeps track of which names are permitted to log in or access the system, and only allows valid users to have access.

Every login name on the system is unique. Normally, a password is assigned to each login, too. This secret password is like the identification number you use with your bank card to prove that you really are who you say you are. Also, the things you can do with your login--the login's privileges--are controlled by Linux; different logins have different levels of privileges.

At the login prompt, try typing your name, your dog's name, or any other random name that occurs to you. None of these are valid logins (at least not yet). The system asks you for a password; it won't matter what you type, so just press Enter or type a random string of characters. Because the logins are not valid on the system, Linux won't let you in. It displays the message Login incorrect to tell you that either the name or the password you entered is not valid.

The only valid login on your Linux system after installation is the most powerful and dangerous login Linux offers: root. In the section "Creating a New Login," later in this chapter, we will create a safe login for you to use. This login can have your name, your dog's name, or whatever else you choose.

You will have to use the root login from time to time. Some things simply cannot be done on the Linux system without logging in as root. You should not, however, use the root login as your regular login. This is especially true if you are exploring the system, poking around, and trying out new commands that may not do what you thought they would!

Linux, as you already know, is a multiuser, multitasking operating system. Multiuser means that several people can be using Linux at the same time (of course, you have to add some additional terminals to your system, or it will get very crowded around the keyboard). Multitasking means that Linux can do more than one thing at a time. For example, you can spell-check a document while downloading information from some remote system. (Multiuser implies multitasking, because all users must be able to do their own work at the same time.) Linux, therefore, is very good at juggling all these tasks, keeping them from interfering with each other, and providing safeguards so that you cannot damage the system or another user's work.

When you log in as root, you become the system. The root login is also sometimes called the superuser login, and with good reason. To use an analogy, instead of being a passenger on an airplane, you suddenly have all the privileges of the flight crew, the mechanics, and the cabin crew. "Hmm, what does this do?" becomes an extremely dangerous phrase when logged in as root.

One of the oldest stories in UNIX lore tells of new users who log in as root and, in 10 keystrokes, destroy their system completely and irrevocably. But if you're careful to follow the steps given here, and stop and take a moment to think about the commands you are giving, none of the "How many new users does it take to nuke a system?" jokes will apply to you!

After all the cautions about using the root login, we're going to have you log in as root. Because root is the only authorized login on a newly installed Linux system, this is unavoidable. Also, we will be performing a couple of important procedures that require root privileges. However, after this first login, we will create a user ID that can prevent accidental damage to the operating system.

At the login prompt

darkstar login:

type

root

and press the Enter key. After installation, the root login has no password, so you are not prompted for one.

After you have logged in as root, the system starts up a user session for you. At this point, you should see the following on your screen:

darkstar login: root

Last login: Sun Dec 11 17:26:18 on tty1

Linux 2.0.0. 

You have mail.



If it's Tuesday, this must be someone else's fortune.



darkstar:~#

Linux tells you when the login for this user was last recorded (although this information may not appear the very first time you log in), and then provides you with some version information. Linux also tells you that this login has a mail message waiting to be read. Finally, if games were installed on your system, Linux gives you a witty saying or aphorism.

It is always good practice to scan the line that starts with Last login, and check that the time given is correct. This is especially important if your Linux system is accessed by other users or connected to other systems. If the time given does not look right, it could be that someone is using the login to break into your system, or using your username without your permission.

We will read the mail message later, after taking care of some important steps. If you are curious, the same mail message is sent by the install procedure when the operating system is installed. It concerns registration matters for Linux.

Your "fortune" is chosen randomly from a long list, so don't expect to see the same one shown in the previous example. If you didn't install the games package during the Linux installation routine, you won't see a fortune. You can install the games package at any time.

The final line you see on the screen is the system prompt. This tells you that Linux is waiting for you to type in your commands--it's prompting you for input. The system prompt also displays the following useful information:

• darkstar is the system name.

• The ~ character indicates your location in the file system (explained in Chapter 8, "File System").

• The # character usually specifically indicates that you're logged in as root (although the $ sign is used in some operating systems, which makes it difficult to quickly ascertain whether you are logged in as root or a regular user). According to UNIX conventions, regular user prompts are either % or $, depending on the shell; while # is reserved for root. These symbols are called shell prompts because they are used by the shell to prompt you for commands.

In Linux (and just about all other UNIX systems) the superuser login name is root. No matter how humble or huge the system, if you can log in as root, the system is wide open for you to do whatever you want. Obviously, letting just anyone log in as root is unacceptable because it exposes the system to too much potential for serious damage.

To prevent unauthorized access, the root login should always have a password, and that password should be secure. You may have noticed that Linux did not ask for a root password. That is because, on installation, the root password is set to the null string, which is a word with no characters. With root and any other login, Linux does not bother asking for the password if it's the null string.

The null string is the least secure password there is, because anyone who knows a valid user name (such as root) can access the system. It is up to you to change the password. Linux lets you choose what the new password will be, and accepts it without complaint. Unfortunately, this can lead to a false sense of security.

It was noticed a long time ago that users chose passwords that they could easily remember: their dog's name, their birthday, their hometown, their spouse's name, and so on. The problem is that these passwords were also easy to break, either through guessing or by more sophisticated means. This led some system administrators to insist on difficult-to-break, randomly picked passwords (such as S8t6WLk). People could not remember these passwords at all, so they wrote them down on pieces of paper and stuck them on their desks. Others, who were trying to break into the system, would find these pieces of paper and gain use of that login.

The best passwords are ones with a combination of uppercase letters, lowercase letters, and numbers, that are still easy to remember. Fri13th, 22Skidoo, and 2Qt4U are just a few examples. These hard-to-guess passwords are known as strong passwords, while easy-to-guess ones are called weak.

Of course, you should never use these exact passwords, or any other published sample passwords, because they're so easy to guess. There are many mischievous minds out there who, on strolling by a Linux system, might try root and Fri13th for the fun of it. You don't want to be the one with the nightmare of getting your system broken into.

For the best security, passwords should be changed every so often. Many system administrators recommend once every two or three months as reasonable. This guards against dictionary-based guessing attacks, and also minimizes damage in cases in which the password has been broken but nothing has really been done with it yet.

Of course, the amount of system security you require depends on how much access there is to your system, and how sensitive the information found on it is. The root password should always be a good, secure one. If nothing else, it will discourage you from casually logging on as root, especially if you leave your user logins with null passwords.

If you are using Linux at home for experimenting, much of the security worries mentioned previously may seem silly. However, it doesn't hurt to use good security, and the practice can be carried over to larger UNIX systems at work.

We must assign a password for the root login using the Linux command passwd. The spelling of the command has its history in the development of UNIX, when long commands, such as password, were avoided due to the number of characters that had to be typed! To change the root password at the system prompt, type the command passwd, and you see the following:

darkstar:~# passwd

Changing password for root

Enter new password:

At the prompt, type your new, secure password. What you type is not displayed on the screen. This keeps anyone looking over your shoulder (called "shoulder surfing") from reading the password you've entered.

Because it's so important that passwords are entered correctly, the system double-checks the spelling of the password for you by asking you to type it again:

Re-type new password:

Again, what you type is not displayed on the screen. If your two password entries match, you see the following:

Password changed.

darkstar:~#

The password is now changed in the system's configuration files. If the two entries do not match completely (remember, case is important), Linux gives you the message

You misspelled it.  Password not changed.

and changes are not made to the password. You need to start over with the passwd command.

Now that you have assigned a password for the root account, the next thing you should do is create a login with which you can safely explore the Linux system and try out some of the basic commands covered in the following chapters. Linux has a utility called adduser, which simplifies and automates the task of adding a new user to the system. (This isn't how they did it in the good old days. You should be glad. In the past, files had to be manually edited to add users, a tedious and error-prone process.)

To create a user, at the shell prompt type adduser:

darkstar:~# adduser

Adding a new user. The username should be not exceed 8 characters

in length, or you many run into problems later.

Enter login name for new account (^C to quit):

Login names are used by valid system users. You can create a login for yourself that you will use permanently, or you can create a temporary login for exploring the system and remove it later. Login names can be any character or number string you want. Typically, login names bear a resemblance to the user's real name, so Joe Smith's login name may be joe, jsmith, or joes.

At the adduser prompt, enter the login name that you want to create. It is advisable to use all lowercase letters to avoid confusion. Do not exceed the eight-character limit at this point.

For our example in this chapter, we'll create the user fido. (After all, as the old joke goes, "On the Internet, no one knows if you're a dog!") Of course, you will see your choice on the screen in place of fido.

Enter login name for new account (^C to quit): fido

Editing information for new user [fido]

Full Name:

The adduser utility asks a set of questions about the new user and the type of environment to present her with when she logs in. At this prompt, you can type the full name of the user. Uppercase and spaces are fine. This information is not mandatory, but it is used by the system for some other tasks.

Full Name: Fido Dog

GID [100]:

The system is waiting for you to provide a GID or Group ID, which is discussed in more detail in Chapter 39, "Devices." The last part of the prompt, [100], means that it's suggesting a GID of 100. This is the default choice.

The default Group ID of 100 is fine for this new user, so simply press Enter. In most cases you will not want to change the suggested Group ID.

GID [100]:

Group 'users', GID 100

First unused uid is 501

UID [501]:

The adduser utility did not echo your Group ID choice to the screen. This can be a little disconcerting if you're not used to it, especially if you look back and try to figure out what you've done! Most Linux commands don't echo what you have done, though, so this is a good time to get used to it.

The adduser utility now asks for a UID or User ID. Linux suggests a default value of 501. Again, the default is fine in this case, so just press Enter.

The adduser utility then shows two more prompts asking for the user's home directory and the shell:

Home Directory [/home/fido]:

Shell [/bin/bash]:

Choose the default values for Home Directory and Shell. I'll explain more about directories in Chapter 8 and look at different shells in Chapters 10, "bash," 11, "pdksh," and 12, "tcsh." The default values are suitable for most user IDs.

As a last step, the adduser program asks for a password for the new user. At the prompt, enter a suitable password. If you press Enter without typing anything else, the password is set to the same string as the login. This is not recommended, because it is easy to guess. Even a simple password is better.

Password [fido]:



Information for new user [fido]:

Home directory: [/home/fido] Shell: [/bin/bash]

uid: [501] gid: [100]

Is this correct? [y/N]:

The adduser program now verifies that you are happy with all the information you have entered. If you are, type y for yes, and press Enter. The default value (shown by the capital letter) is N for no. If you choose the default, you are telling the script that the information displayed is not correct, and you have to start the whole process over again.

When you answer y to the question Is this correct?, the adduser program creates the new user's directory and adds the user information to the system configuration files. You see the following information appear on the screen as the adduser utility does its work. When the utility has finished, you see the Linux shell prompt again:

Adding login [fido] and making directory [/home/fido]



Adding the files from the /etc/skel directory:

./.less -> /home/fido/./.less

./.lessrc -> /home/fido/./.lessrc

darkstar:~#

We will look at how to remove unwanted users from your /etc/passwd file in Chapter 41, "Users."

Now that you have created a new user, you can use it in the next couple of chapters to explore Linux. To finish with your session as root, log out of the system by typing logout:

darkstar:~# logout

Welcome to Linux 2.0.0.

darkstar login:

You see the login prompt displayed again. At this point, you can log back in as root, or as the new user you have just created.

Some systems enable you to log out with the Ctrl-D sequence. If the shell you are using supports Ctrl-D as a logout command, the login prompt reappears. Otherwise, you may see a message such as this:

Use "logout" to leave the shell.

If you have used other UNIX systems before, you may be used to using Ctrl-D to log out. The default shell used by Linux does not support Ctrl-D unless the keymappings are changed to allow it.

Now we can try out our new login. We can also look at some of the interesting features and capabilities of Linux.

At the login prompt, type the login name you have just created. If you were conscientious and assigned a nonzero-length password to your new login, enter the password when prompted.

You should now see the following:

darkstar login: fido

Password:

Last login: Sun Dec 11 19:14:22 on tty1

Linux 2.0.0.



Quiet!  I hear a hacker....

darkstar:~$

Note that your prompt looks different from the root prompt. The $ prompt indicates that you are a regular user running under the bash shell (which was the default choice presented by the adduser program). Also, there is no You have mail message.

To see an example of the difference between the root login and a regular user login, type adduser at the shell prompt and press Enter.

darkstar:~$ adduser

bash: adduser: command not found

The message you get looks somewhat cryptic. However, it has a typical Linux error message structure, so it's worth taking a little effort to understand it.

First of all, the program that's giving you the message is your shell, bash. It therefore announces itself with bash:, somewhat like the character in a play script. Next is the shell's "monologue." Being the "strong and silent" type of character, bash's monologue is very terse and to the point. It declares the object that is causing it problems (adduser), and the problem with this object: the command (adduser) can't be found.

If the error message were expanded into real English, it would go something like this: "Hi, I'm bash. You know that adduser command you gave me? I looked everywhere for adduser but I couldn't find it, so I couldn't perform whatever actions adduser would have specified." With time, you will get quite good at understanding Linux error message grammar.

Why can root find adduser, but an ordinary user cannot? Linux has many directories, and each directory can hold many files (one of which can be the elusive adduser). In theory, Linux could go search through the file system until it found adduser. But if root accidentally mistyped adduser as aduser, Linux would have to rummage through every nook and cranny before finally giving up. This could take 10 or more seconds, and cause needless wear and tear on your hard drive.

Therefore, Linux has search paths for finding commands (discussed in Chapter 8). Usually, only a small part of the entire Linux file system is on the search path, which literally is the path along which Linux searches. Because root makes use of many system administration programs such as adduser, the directories that hold these programs are in root's search path. Ordinary users do not have system administration directories in their search path.

However, if you explicitly tell Linux where a file is located, it does not need to look through its search path. As it happens, adduser is found in the /sbin directory. Try running /sbin/adduser.

darkstar:~$ /sbin/adduser

bash: /sbin/adduser: Permission denied

This time, bash could find adduser (because you told it exactly where to look), but discovered that an ordinary user does not have permission to run adduser. As you can see, Linux limits the actions of logins to their privilege level.

Linux, as mentioned earlier, is a multiuser, multitasking system. This means that more than one login can access the system at the same time, and that each login can be doing one or more different things all at the same time. A serious multiuser system will have several terminals (consisting of a keyboard and a display screen) wired or networked to the main computer unit.

Although you probably don't have any terminals attached to your system, you still can log in several times under the same or different login names, using your single keyboard and screen! This magic is performed by using virtual terminals.

Press Alt-F2. When you do so, everything on your screen should disappear, to be replaced by the following:

Welcome to Linux 2.0.0.



darkstar login:

Log in as your "regular" login (not root). When the shell prompt is displayed, type who at the prompt and press Enter. You should see the following:

darkstar:~$ who

fido     tty2     Dec 14 01:42

fido     tty1     Dec 14 01:40

When you run the Linux command who, your screen displays the names of all logins currently logged into the system, and where they are logged in from. (Your login name will appear, of course, instead of fido in the preceding example.)

By convention, tty1 is the main console screen. It is the "normal" one that appears after Linux has started up, so you don't have to do anything special to get it. If you have switched to any other virtual consoles, you can return to tty1 by pressing Alt-F1.

How many virtual screens are active on your system? Try going through all the Alt-Fn keys. Alternatively, you can scroll through the virtual screens by using the Alt-right arrow combination to move up through the screens, or Alt-left arrow to move down.

Quite often you find yourself doing something, perhaps in a long and complicated program, and realize that you should have done something else first. Flip to another virtual terminal and do whatever it is.

Another handy use of virtual terminals is when, through experimentation or otherwise, your screen locks up or starts typing in strange symbols. From a different virtual terminal, you can try to fix things, or restart the system if necessary.

Linux also comes with a very powerful multitasking windowing environment called X. Installing and running X Window systems is described in Chapter 21, "Installing XFree86."

"Run the who command" and "Run who" are much more common ways of saying "Type who at the prompt and press Enter." We will use the shorter expressions wherever their meaning is clear. Sometimes people familiar with Linux drop the word "run," so that one user might tell another, "I tried who but didn't see anything unusual." It's understood by the context that when they "tried who," they actually ran it.

Something else you will notice if you are reading carefully is that there seem to be both Linux programs and Linux commands. A command is what you type at the shell prompt. For this reason, the combination of the shell prompt and what you type after it is often called a command line. When you press the Enter key, Linux takes the command you've entered and tries to perform it. The Linux system has built-in responses to some commands; for other commands it finds the appropriately named program on your hard disk and executes that program.

In the strictest sense, then, the command is what you type, and the program is what performs your command. However, very simple programs with straightforward results, such as who, are often referred to as commands, although there is actually a who program on your hard disk. More complicated programs, usually interactive such as adduser, or open-ended such as a text editor, are called programs. So you might hear one experienced user tell another, "The adduser program worked fine. I tried the who command 15 minutes later and the new user had logged in already."

In this chapter, we assigned a password to the root login and created a new user ID to be used in the next few chapters. We tried out Linux multitasking, and we learned some useful Linux terminology tips that will serve us well in the future (we will try to avoid seeing too many error messages, though). At this point, you can either ensure that you have logged out of all virtual terminals, or move on to the following chapters.