Permissions, more importantly the lack of them, mean a lot on a Linux (or Unix) system, especially if you're "just a user." Permissions are all about security keeping the system safe from harm. In this case, harm can come from many directions. When you think about computer security, the vision that comes to your head is mostly likely that of the evil hacker who attempts to steal your passwords, credit card numbers, critical data, or even your identity. Security on the Internet is certainly an important consideration, and protecting your networks and systems against that type of criminal activity is essential. Tip If you spend any time hanging around the Linux community, you will probably get a lecture about the hacker previously described. Don't be put off; Unix and Linux were both forged out of the more noble "hacker culture" devoted to making better technology, not to busting into other people's machines. In Linux and Unix, however, security and permissions also keep you from the more mundane harm and the bad things that can happen to any user at any time, such as the time you accidentally deleted an entire folder of documents relating to your company's latest merger from your machine, and it took the IT staff a week to reconstruct it from backups. As Root, you have inestimable power at your fingertips. You can keep the system humming, or you can bring it down with a few keystrokes. All you have to do to destroy a system is type this command (Don't try this at home!): rm -fr / This command removes (rm) all files and directories recursively from the root of the tree. If you're dual-booting with a mounted Windows partition, that partition will be gone, too. If you happen to be logged in to some remote machine somewhere that is now part of your system, it's best to get on the phone now. The remote files are disappearing, too. Tip This scenario is another reason to not mount your Windows partition(s) automatically at boot time. So don't take chances. Even if you are the all-powerful Root on your machine, always log in as the humble user unless you have system work to do. Even though you can add the Root user to your SUSE Linux graphical Login screen, don't. Save it for emergencies. Now that you're properly terrified, let me tell you that there are essential tasks that must be performed by the Root user. You can do these things safely, too. We will go into detail about many of these things in Parts 3 and 4, but for now here is a small list:
The best way to perform all these tasks is to use the su (SuperUser) command and type the Root password. You can do whatever tasks you need to, then return to the shell prompt, and type Exit to return to your user prompt. Note When you run YaST and some other graphical programs that need Root access, they will offer to remember the Root password for you. If there is any chance that some day you will forget the Root password when you need it the most, don't take them up on this offer. Just keep typing it in. For more tips on passwords, see Chapter 19. As Root, you can allow specific users to perform specific tasks using the sudo command. This is described in detail in Chapter 19. Creating and Deleting UsersA user is not a user until he or she has a password. All user passwords (and occasionally some other information) are stored in the /etc/passwd file. You can create new users in SUSE Linux in two ways through YaST or through the shell. When you first installed SUSE Linux, you created your first user you. If different people use the computer, giving them their own accounts is essential. If you happen to be the only one planning to use Linux, why would you need to create another? Think about the different roles you play when you're at your computer. You might want to create different users to play those roles, without distraction. In YaST, managing users and groups comes under the Security tab. To add a user, go to Manage Users and click Add. You'll be asked to supply a username and an initial password. You'll also be asked if you want to set an expiration date for that password. Changing passwords regularly is a good idea, especially on networked computers, including ones that access the Internet. From the shell, adding users is a two-step process. After logging in with su, use the useradd command to quickly create a user: useradd drone77 You must now create an initial password (remember: no password, no user) by running passwd: passwd drone77 Changing password for user drone77 New password: Retype new password: passed: all authentication tokens updated successfully. Enter the new password twice. If you don't do this, drone77 will not be able to log in. The first time drone77 logs in, she will be given the opportunity to create her own password. Type useradd -D to confirm the new user's default settings. You will see the Group ID, home directory, account and password policy, default shell, and the directory holding the configuration file for that shell. As you might expect, if useradd adds users, userdel will delete users from your system. It is best to delete the user's home directory when you remove the user from the passwd file as well. Do this using the -r (recursive) switch: userdel -r drone77 This also removes the user from the mail queue. Shutting Down and Rebooting the SystemBy default, only Root can shut down the system. This is especially important when the system is a server, but it is also good for any networked device where people may depend on a file being available. Root can allow users to perform this function, which is a good idea when you are using your computer as a desktop or a dual-boot system. This is done in YaST. To shut down the system from the shell, log in as su and run the shutdown command. The fastest way to do this is with the -h (halt) switch: shutdown -h now or shutdown -h 0 If you are on a network, you may want to specify a time for shutdown, and send the other users a message: shutdown -h 18:30 "System is going down for maintenance this evening" The message will go out 15 minutes before shutdown (in this case, at 6:15 p.m.). To reboot a system, you use the same shutdown command, this time with the -r (reboot) switch. Set the time as you did previously. If this system is a server, make sure you don't shut it down while something else is happening (such as a backup). Again, with awesome power comes awesome responsibility. |