User accounts and groups play an important role in Fedora Core, just as they do in most other modern operating systems. You ve seen in this chapter how the notion of a user account can be employed to provide many different users with simultaneous access to a system ”each user having her own identity. Each user can have her own personal home directory, which (by default) is a subdirectory of /home .
From there, you can also devise systems of access rights, explicitly allowing or denying access to a file, directory, or executable, depending on the identity of the user. Indeed, you single out a special user account called root (which has very free administrative rights), and any number of other system accounts; and you are encouraged to create personal accounts for the people who use your system.
With a system that has a number of users, it becomes convenient to create groups of users and assign permissions to the groups. This makes the task of access management much more manageable and flexible. For example, you can set the access rights to a file to be dependent on the identity of the user. You can also assign special privileges to a group of users, and change the members of that group as often as necessary.
The information that describes all the users and groups on a system is contained in the files /etc/passwd , /etc/shadow , and /etc/group . There are a number of tools for managing the users and groups on the system ”in particular, the graphical User Manager interface and the User Information Tool, and an array of flexible command line utilities:
su and id for changing user and checking the user s identity
useradd , passwd , chfn , chsh , usermod , and userdel for managing user accounts
groupadd , groupdel , and gpasswd to managing groups
Having established the basics of users and groups (and having practiced creating and manipulating some users and groups), it s natural to examine how they can be used to implement some access policies. This chapter examined six strategies of file protection and sharing, starting with some simple scenarios and building up to a situation in which different groups of users require different access rights to the same set of files.
We stressed the advantages of working under a normal user account. You saw how easy it is to make errors when performing regular (seemingly harmless) tasks, and how these errors can cause a lot of damage if you re working as root. Working under a normal user account affords you some protection, and so it s worth avoiding the root wherever possible. You saw how to carry out administrative tasks in a normal user environment: mounting disks, executing sporadic root commands, and compiling and installing software locally.
Finally, the chapter noted a number of useful commands designed to check user activity on a Linux machine: who , w , whoami , last , and lastb .
The next chapter further expands the limits of your Fedora Core computer by connecting it to a network and making it fully interoperable with other servers.