Chapter 17 Emacs
Table of Contents
17.1 Starting emacs
17.2 Buffers
17.3 Modes
17.4 Basic Editing
17.5 Saving Files
While vi (with its clones) is without a doubt the most ubiquitous editor on Unix-like systems, Emacs comes in a good second. Instead of using different “modes”, like vi does, it uses Control and Alt key combinations to enter commands, in much the same way that you can use Control and Alt key combinations in a word processor and indeed in many other applications to execute certain functions. (Though it should be noted that the commands rarely correspond; so while many modern applications use Ctrl-C/ X/ V for copying, cutting and pasting, Emacs uses different keys and actually a somewhat different mechanism for this.)
Also unlike vi, which is an (excellent) editor and nothing more, Emacs is a program with near endless capabilities. Emacs is (for the most part) written in Lisp, which is a very powerful programming language that has the peculiar property that every program written in it is automatically a Lisp compiler of its own. This means that the user can extend Emacs, and in fact write completely new programs “in Emacs”.
As a result, Emacs is not just an editor anymore. There are many add-on packages for Emacs available (many come with the program's source) that provide all sorts of functionality. Many of these are related to text editing, which is after all Emacs' basic task, but it doesn't stop there. There are for example several spreadsheet programs for Emacs, there are databases, games, mail and news clients (the top one being Gnus), etc.
There are two main versions of Emacs: GNU Emacs (which is the version that comes with Slackware) and XEmacs. The latter is not a version for Emacs running under X. In fact, both Emacs and XEmacs run on the console as well as under X. XEmacs was once started as a project to tidy up the Emacs code. Currently, both versions are being actively developed, and there is in fact much interaction between the two development teams. For the present chapter, it is immaterial whether you use Emacs or XEmacs, the differences between them are not relevant to the normal user.
17.1 Starting emacs
Emacs can be started from the shell by simply typing emacs. When you are running X, Emacs will (normally) come up with its own X window, usually with a menu bar at the top, where you can find the most important functions. On startup, Emacs will first show a welcome message, and then after a few seconds will drop you in the *scratch* buffer. (See Section 17.2.)
You can also start Emacs on an existing file by typing
% emacs /etc/resolv.conf
This will cause Emacs to load the specified file when it starts up, skipping the welcome message.
17.1.1 Command Keys
As mentioned above, Emacs uses Control and Alt combinations for commands. The usual convention is to write these with C-letter and M-letter, respectively. So C-x means Control+x, and M-x means Alt+x. (The letter M is used instead of A because originally the key was not the Alt key but the Meta key. The Meta key has all but disappeared from computer keyboards, and in Emacs the Alt key has taken over its function.)
Many Emacs commands consist of sequences of keys and key combinations. For example, C-x C-c (that is Control-x followed by Control-c ) quits Emacs, C-x C-s saves the current file. Keep in mind that C-x C-b is not the same as C-x b. The former means Control-x followed by Control-b, while the latter means Control-x followed by just 'b'.
http://www.slackbook.org/html/emacs.html
Slackware Linux Essentials: Tutorial 16
Chapter 16 Vi
Table of Contents
16.1 Starting vi
16.2 Modes
16.3 Opening Files
16.4 Saving Files
16.5 Quitting vi
16.6 vi Configuration
16.7 Vi Keys
vi(1) is the standard Unix text editing program, and while mastering it is not as essential as it once was, is still a very rewarding goal. There are several versions (or clones) of vi available, including vi, elvis, vile, and vim. One of these is available on just about any version of Unix, as well as on Linux. All of these versions include the same basic feature set and commands, so learning one clone should make it easy to learn another. With the variety of text editors included with Linux distributions and Unix variants these days, many people no longer use vi. Still, it remains the most universal text editor across Unix and Unix work-alikes. Mastering vi means you should never be sitting at a Unix machine and not be comfortable with at least one powerful text editor.
vi includes a number of powerful features including syntax highlighting, code formatting, a powerful search-and-replace mechanism, macros, and more. These features make it especially attractive to programmers, web developers, and the like. System administrators will appreciate the automation and integration with the shell that is possible.
On Slackware Linux, the default version of vi available is elvis. Other versions - including vim and gvim - are available if you've installed the proper packages. gvim is an X Window version of vim that includes toolbars, detachable menus, and dialog boxes.
16.1 Starting vi
vi can be started from the command line in a variety of ways. The simplest form is just:
% vi
Figure 16-1. A vi session.
This will start up vi with an empty buffer. At this point, you'll see a mostly blank screen. It is now in “command mode”, waiting for you to do something. For a discussion of the various vi modes, see the Section 16.2. In order to quit out of vi, type the following:
:q
Assuming that there have been no changes to the file, this will cause vi to quit. If there have been changes made, it will warn you that there have been changes and tell you how to disregard them. Disregarding changes usually means appending an exclamation point after the “q” like so:
:q!
The exclamation point usually means to force some action. We'll discuss it and other key combinations in further details later.
You can also start vi with a pre-existing file. For example, the file /etc/resolv.conf would be opened like so:
% vi /etc/resolv.conf
Finally, vi can be started on a particular line of a file. This is especially useful for programmers when an error message includes the line their program bombed on. For example, you could start up vi on line 47 of /usr/src/linux/init/main.c like so:
% vi +47 /usr/src/linux/init/main.c
vi will display the given file and will place the cursor at the specified line. In the case where you specify a line that is after the end of the file, vi will place the cursor on the last line. This is especially helpful for programmers, as they can jump straight to the location in the file that an error occurred, without having to search for it.
http://www.slackbook.org/html/vi.html
Table of Contents
16.1 Starting vi
16.2 Modes
16.3 Opening Files
16.4 Saving Files
16.5 Quitting vi
16.6 vi Configuration
16.7 Vi Keys
vi(1) is the standard Unix text editing program, and while mastering it is not as essential as it once was, is still a very rewarding goal. There are several versions (or clones) of vi available, including vi, elvis, vile, and vim. One of these is available on just about any version of Unix, as well as on Linux. All of these versions include the same basic feature set and commands, so learning one clone should make it easy to learn another. With the variety of text editors included with Linux distributions and Unix variants these days, many people no longer use vi. Still, it remains the most universal text editor across Unix and Unix work-alikes. Mastering vi means you should never be sitting at a Unix machine and not be comfortable with at least one powerful text editor.
vi includes a number of powerful features including syntax highlighting, code formatting, a powerful search-and-replace mechanism, macros, and more. These features make it especially attractive to programmers, web developers, and the like. System administrators will appreciate the automation and integration with the shell that is possible.
On Slackware Linux, the default version of vi available is elvis. Other versions - including vim and gvim - are available if you've installed the proper packages. gvim is an X Window version of vim that includes toolbars, detachable menus, and dialog boxes.
16.1 Starting vi
vi can be started from the command line in a variety of ways. The simplest form is just:
% vi
Figure 16-1. A vi session.
This will start up vi with an empty buffer. At this point, you'll see a mostly blank screen. It is now in “command mode”, waiting for you to do something. For a discussion of the various vi modes, see the Section 16.2. In order to quit out of vi, type the following:
:q
Assuming that there have been no changes to the file, this will cause vi to quit. If there have been changes made, it will warn you that there have been changes and tell you how to disregard them. Disregarding changes usually means appending an exclamation point after the “q” like so:
:q!
The exclamation point usually means to force some action. We'll discuss it and other key combinations in further details later.
You can also start vi with a pre-existing file. For example, the file /etc/resolv.conf would be opened like so:
% vi /etc/resolv.conf
Finally, vi can be started on a particular line of a file. This is especially useful for programmers when an error message includes the line their program bombed on. For example, you could start up vi on line 47 of /usr/src/linux/init/main.c like so:
% vi +47 /usr/src/linux/init/main.c
vi will display the given file and will place the cursor at the specified line. In the case where you specify a line that is after the end of the file, vi will place the cursor on the last line. This is especially helpful for programmers, as they can jump straight to the location in the file that an error occurred, without having to search for it.
http://www.slackbook.org/html/vi.html
Slackware Linux Essentials: Tutorial 15
Chapter 15 Archive Files
Table of Contents
15.1 gzip
15.2 bzip2
15.3 tar
15.4 zip
15.1 gzip
gzip(1) is the GNU compression program. It takes a single file and compresses it. The basic usage is as follows:
% gzip filename
The resulting file will be named filename.gz and will usually be smaller than the input file. Note that filename.gz will replace filename. This means that filename will no longer exist, even though a gzipped copy will. Regular text files will compress nicely, while jpeg images, mp3s, and other such files will not compress too well as they are already compressed. This basic usage is a balance of final file size and compression time. The maximum compression can be achieved like so:
% gzip -9 filename
This will take a longer time to compress the file, but the result will be as small as gzip can make it. Using lower values for the command line option will cause it to compress faster, but the file will not be as compressed.
Decompressing gzipped files can be done using two commands, which are really just the same program. gzip will decompress any file with a recognized file extension. A recognized extension can be any of the following: .gz, -gz, .z, -z, .Z, or -Z. The first method is to call gunzip(1) on a file, like so:
% gunzip filename.gz
This will leave a decompressed version of infile in the current directory, and the .gz extension will be stripped from the filename. gunzip is really part of gzip and is identical to gzip -d. As such, gzip is often pronounced gunzip, as that name just sounds cooler. :^)
http://www.slackbook.org/html/archive-files.html
Table of Contents
15.1 gzip
15.2 bzip2
15.3 tar
15.4 zip
15.1 gzip
gzip(1) is the GNU compression program. It takes a single file and compresses it. The basic usage is as follows:
% gzip filename
The resulting file will be named filename.gz and will usually be smaller than the input file. Note that filename.gz will replace filename. This means that filename will no longer exist, even though a gzipped copy will. Regular text files will compress nicely, while jpeg images, mp3s, and other such files will not compress too well as they are already compressed. This basic usage is a balance of final file size and compression time. The maximum compression can be achieved like so:
% gzip -9 filename
This will take a longer time to compress the file, but the result will be as small as gzip can make it. Using lower values for the command line option will cause it to compress faster, but the file will not be as compressed.
Decompressing gzipped files can be done using two commands, which are really just the same program. gzip will decompress any file with a recognized file extension. A recognized extension can be any of the following: .gz, -gz, .z, -z, .Z, or -Z. The first method is to call gunzip(1) on a file, like so:
% gunzip filename.gz
This will leave a decompressed version of infile in the current directory, and the .gz extension will be stripped from the filename. gunzip is really part of gzip and is identical to gzip -d. As such, gzip is often pronounced gunzip, as that name just sounds cooler. :^)
http://www.slackbook.org/html/archive-files.html
Slackware Linux Essentials: Tutorial 14
Chapter 14 Security
Table of Contents
14.1 Disabling Services
14.2 Host Access Control
14.3 Keeping Current
Security on any system is important; it can prevent people launching attacks from your machine, as well as protect sensitive data. This chapter is all about how to start securing your Slackware box against script kiddies, crackers and rogue hamsters alike. Bear in mind that this is only the start of securing a system; security is a process, not a state.
14.1 Disabling Services
The first step after installing Slackware should be to disable any services you don't need. Any services could potentially pose a security risk, so it is important to run as few services as possible (i.e. only those that are needed). Services are started from two main places - inetd and init scripts.
14.1.1 Services started from inetd
A lot of the daemons that come with Slackware are run from inetd(8). inetd is a daemon that listens on all of the ports used by services configured to be started by it and spawns an instance of the relevant daemon when a connection attempt is made. Daemons started from inetd can be disabled by commenting out the relevant lines in /etc/inetd.conf. To do this, open this file in your favorite editor (e.g. vi) and you should see lines similar to this:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
You can disable this service, and any others you don't need, by commenting them out (i.e. adding a # (hash) symbol to the beginning of the line). The above line would then become:
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
After inetd has been restarted, this service will be disabled. You can restart inetd with the command:
# kill -HUP $(cat /var/run/inetd.pid)
14.1.2 Services started from init scripts
The rest of the services started when the machine starts are started from the init scripts in /etc/rc.d/. These can be disabled in two different ways, the first being to remove the execute permissions on the relevant init script and the second being to comment out the relevant lines in the init scripts.
For example, SSH is started by its own init script at /etc/rc.d/rc.sshd. You can disable this using:
# chmod -x /etc/rc.d/rc.sshd
For services that don't have their own init script, you will need to comment out the relevant lines in the init scripts to disable them. For example, the portmap daemon is started by the following lines in /etc/rc.d/rc.inet2:
# This must be running in order to mount NFS volumes.
# Start the RPC portmapper:
if [ -x /sbin/rpc.portmap ]; then
echo "Starting RPC portmapper: /sbin/rpc.portmap"
/sbin/rpc.portmap
fi
# Done starting the RPC portmapper.
This can be disabled by adding # symbols to the beginnings of the lines that don't already start with them, like so:
# This must be running in order to mount NFS volumes.
# Start the RPC portmapper:
#if [ -x /sbin/rpc.portmap ]; then
# echo "Starting RPC portmapper: /sbin/rpc.portmap"
# /sbin/rpc.portmap
#fi
# Done starting the RPC portmapper.
These changes will only take effect after either a reboot or changing from and back to runlevel 3 or 4. You can do this by typing the following on the console (you will need to log in again after changing to runlevel 1):
# telinit 1
# telinit 3
http://www.slackbook.org/html/security.html
Table of Contents
14.1 Disabling Services
14.2 Host Access Control
14.3 Keeping Current
Security on any system is important; it can prevent people launching attacks from your machine, as well as protect sensitive data. This chapter is all about how to start securing your Slackware box against script kiddies, crackers and rogue hamsters alike. Bear in mind that this is only the start of securing a system; security is a process, not a state.
14.1 Disabling Services
The first step after installing Slackware should be to disable any services you don't need. Any services could potentially pose a security risk, so it is important to run as few services as possible (i.e. only those that are needed). Services are started from two main places - inetd and init scripts.
14.1.1 Services started from inetd
A lot of the daemons that come with Slackware are run from inetd(8). inetd is a daemon that listens on all of the ports used by services configured to be started by it and spawns an instance of the relevant daemon when a connection attempt is made. Daemons started from inetd can be disabled by commenting out the relevant lines in /etc/inetd.conf. To do this, open this file in your favorite editor (e.g. vi) and you should see lines similar to this:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
You can disable this service, and any others you don't need, by commenting them out (i.e. adding a # (hash) symbol to the beginning of the line). The above line would then become:
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
After inetd has been restarted, this service will be disabled. You can restart inetd with the command:
# kill -HUP $(cat /var/run/inetd.pid)
14.1.2 Services started from init scripts
The rest of the services started when the machine starts are started from the init scripts in /etc/rc.d/. These can be disabled in two different ways, the first being to remove the execute permissions on the relevant init script and the second being to comment out the relevant lines in the init scripts.
For example, SSH is started by its own init script at /etc/rc.d/rc.sshd. You can disable this using:
# chmod -x /etc/rc.d/rc.sshd
For services that don't have their own init script, you will need to comment out the relevant lines in the init scripts to disable them. For example, the portmap daemon is started by the following lines in /etc/rc.d/rc.inet2:
# This must be running in order to mount NFS volumes.
# Start the RPC portmapper:
if [ -x /sbin/rpc.portmap ]; then
echo "Starting RPC portmapper: /sbin/rpc.portmap"
/sbin/rpc.portmap
fi
# Done starting the RPC portmapper.
This can be disabled by adding # symbols to the beginnings of the lines that don't already start with them, like so:
# This must be running in order to mount NFS volumes.
# Start the RPC portmapper:
#if [ -x /sbin/rpc.portmap ]; then
# echo "Starting RPC portmapper: /sbin/rpc.portmap"
# /sbin/rpc.portmap
#fi
# Done starting the RPC portmapper.
These changes will only take effect after either a reboot or changing from and back to runlevel 3 or 4. You can do this by typing the following on the console (you will need to log in again after changing to runlevel 1):
# telinit 1
# telinit 3
http://www.slackbook.org/html/security.html
Slackware Linux Essentials: Tutorial 13
Chapter 13 Basic Network Commands
Table of Contents
13.1 ping
13.2 traceroute
13.3 DNS Tools
13.4 finger
13.5 telnet
13.6 The Secure shell
13.7 email
13.8 Browsers
13.9 FTP Clients
13.10 Talking to Other People
A network consists of several computers connected together. The network can be as simple as a few computers connected in your home or office, or as complicated as a large university network or even the entire Internet. When your computer is part of a network, you have access to those systems either directly or through services like mail and the web.
There are a variety of networking programs that you can use. Some are handy for performing diagnostics to see if everything is working properly. Others (like mail readers and web browsers) are useful for getting your work done and staying in contact with other people.
13.1 ping
ping(8) sends an ICMP ECHO_REQUEST packet to the specified host. If the host responds, you get an ICMP packet back. Sound strange? Well, you can “ping” an IP address to see if a machine is alive. If there is no response, you know something is wrong. Here is an example conversation between two Linux users:
User A: Loki's down again.
User B: Are you sure?
User A: Yeah, I tried pinging it, but there's no response.
It's instances like these that make ping a very useful day-to-day command. It provides a very quick way to see if a machine is up and connected to the network. The basic syntax is:
% ping www.slackware.com
There are, of course, several options that can be specified. Check the ping(1) man page for more information.
http://www.slackbook.org/html/basic-network-commands.html
Table of Contents
13.1 ping
13.2 traceroute
13.3 DNS Tools
13.4 finger
13.5 telnet
13.6 The Secure shell
13.7 email
13.8 Browsers
13.9 FTP Clients
13.10 Talking to Other People
A network consists of several computers connected together. The network can be as simple as a few computers connected in your home or office, or as complicated as a large university network or even the entire Internet. When your computer is part of a network, you have access to those systems either directly or through services like mail and the web.
There are a variety of networking programs that you can use. Some are handy for performing diagnostics to see if everything is working properly. Others (like mail readers and web browsers) are useful for getting your work done and staying in contact with other people.
13.1 ping
ping(8) sends an ICMP ECHO_REQUEST packet to the specified host. If the host responds, you get an ICMP packet back. Sound strange? Well, you can “ping” an IP address to see if a machine is alive. If there is no response, you know something is wrong. Here is an example conversation between two Linux users:
User A: Loki's down again.
User B: Are you sure?
User A: Yeah, I tried pinging it, but there's no response.
It's instances like these that make ping a very useful day-to-day command. It provides a very quick way to see if a machine is up and connected to the network. The basic syntax is:
% ping www.slackware.com
There are, of course, several options that can be specified. Check the ping(1) man page for more information.
http://www.slackbook.org/html/basic-network-commands.html
Slackware Linux Essentials: Tutorial 12
Chapter 12 Essential System Administration
Table of Contents
12.1 Users and Groups
12.2 Users and Groups, the Hard Way
12.3 Shutting Down Properly
Whoa whoa whoa whoa whoa.... I know what you're thinking. “I'm not a system administrator! I don't even want to be a system administrator!”
Fact is, you are the administrator of any computers for which you have the root password. This might be your desktop box with one or two users, or it might be a big server with several hundred. Regardless, you'll need to know how to manage users, and how to shut down the system safely. These tasks seem simple, but they have some quirks to keep in mind.
12.1 Users and Groups
As mentioned in Chapter 8, you shouldn't normally use your system logged in as root. Instead, you should create a normal user account for everyday use, and use the root account only for system administration tasks. To create a user, you can either use the tools supplied with Slackware, or you can edit the password files by hand.
12.1.1 Supplied Scripts
The easiest way to manage users and groups is with the supplied scripts and programs. Slackware includes the programs adduser, userdel(8), chfn(1), chsh(1), and passwd(1) for dealing with users. The commands groupadd(8), groupdel(8), and groupmod(8) are for dealing with groups. With the exception of chfn, chsh, and passwd, these programs are generally only run as root, and are therefore located in /usr/sbin. chfn, chsh, and passwd can be run by anyone, and are located in /usr/bin.
Users can be added with the adduser program. We'll start out by going through the whole procedure, showing all the questions that are asked and a brief description of what everything means. The default answer is in the brackets, and can be chosen for almost all the questions, unless you really want to change something.
# adduser
Login name for new user []: jellyd
This is the name that the user will use to login. Traditionally, login names are eight characters or fewer, and all lowercase characters. (You may use more than eight characters, or use digits, but avoid doing so unless you have a fairly important reason.)
You can also provide the login name as an argument on the command line:
# adduser jellyd
In either case, after providing the login name, adduser will prompt for the user ID:
User ID ('UID') [ defaults to next available ]:
The user ID (UID) is how ownerships are really determined in Linux. Each user has a unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you can just let adduser assign the user the next free one.
Initial group [users]:
All users are placed into the users group by default. You might want to place the new user into a different group, but it is not recommended unless you know what you're doing.
Additional groups (comma separated) []:
This question allows you to place the new user into additional groups. It is possible for a user to be in several groups at the same time. This is useful if you have established groups for things like modifying web site files, playing games, and so on. For example, some sites define group wheel as the only group that can use the su command. Or, a default Slackware installation uses the sys group for users authorized to play sounds through the internal sound card.
Home directory [/home/jellyd]
Home directories default to being placed under /home. If you run a very large system, it's possible that you have moved the home directories to a different location (or to many locations). This step allows you to specify where the user's home directory will be.
Shell [ /bin/bash ]
bash is the default shell for Slackware Linux, and will be fine for most people. If your new user comes from a Unix background, they may be familiar with a different shell. You can change their shell now, or they can change it themselves later using the chsh command.
Expiry date (YYYY-MM-DD) []:
Accounts can be set up to expire on a specified date. By default, there is no expiration date. You can change that, if you'd like. This option might be useful for people running an ISP who might want to make an account expire upon a certain date, unless they receive the next year's payment.
New account will be created as follows:
---------------------------------------
Login name: jellyd
UID: [ Next available ]
Initial group: users
Additional groups: [ None ]
Home directory: /home/jellyd
Shell: /bin/bash
Expiry date: [ Never ]
This is it... if you want to bail out, hit Control+C. Otherwise, press ENTER to go ahead and make the account.
You now see all the information that you've entered about the new account and are given the opportunity to abort the account creation. If you entered something incorrectly, you should hit Control+C and start over. Otherwise, you can hit enter and the account will be made.
Creating new account...
Changing the user information for jellyd
Enter the new value, or press return for the default
Full Name []: Jeremy
Room Number []: Smith 130
Work Phone []:
Home Phone []:
Other []:
All of this information is optional. You don't have to enter any of this if you don't want to, and the user can change it at any time using chfn. However, you might find it helpful to enter at least the full name and a phone number, in case you need to get in touch with the person later.
Changing password for jellyd
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
Account setup complete.
You'll have to enter a password for the new user. Generally, if the new user is not physically present at this point, you'll just pick some default password and tell the user to change it to something more secure.
Choosing a Password: Having a secure password is the first line of defense against getting cracked. You do not want to have an easily guessed password, because that makes it easier for someone to break into your system. Ideally, a secure password would be a random string of characters, including upper and lowercase letters, numbers, and random characters. (A tab character might not be a wise choice, depending on what kinds of computers you'll be logging in from.) There are many software packages that can generate random passwords for you; search the Internet for these utilities.
In general, just use common sense: don't pick a password that is someone's birthday, a common phrase, something found on your desk, or anything that is easily associated with you. A password like “secure1” or any other password you see in print or online is also bad.
Removing users is not difficult at all. Just run userdel with the name of the account to remove. You should verify that the user is not logged in, and that no processes are running as that user. Also, remember that once you've deleted the user, all of that user's password information is gone permanently.
# userdel jellyd
This command removes that annoying jellyd user from your system. Good riddance! :) The user is removed from the /etc/passwd, /etc/shadow, and /etc/group files, but doesn't remove the user's home directory.
If you'd wanted to remove the home directory as well, you would instead use this command:
# userdel -r jellyd
Temporarily disabling an account will be covered in the next section on passwords, since a temporary change involves changing the user's password. Changing other account information is covered in Section 12.1.3.
The programs to add and remove groups are very simple. groupadd will just add another entry to the /etc/group file with a unique group ID, while groupdel will remove the specified group. It is up to you to edit /etc/group to add users to a specific group. For example, to add a group called cvs:
# groupadd cvs
And to remove it:
# groupdel cvs
12.1.2 Changing Passwords
The passwd program changes passwords by modifying the /etc/shadow file. This file holds all the passwords for the system in an encrypted format. In order to change your own password, you would type:
% passwd
Changing password for chris
Old password:
Enter the new password (minumum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
As you can see, you are prompted to enter your old password. It won't appear on the screen as you type it, just like when you log in. Then, you are prompted to enter the new password. passwd performs a lot of checks on your new password, and it will complain if your new password doesn't pass its checks. You can ignore its warnings if you want. You will be prompted to enter your new password a second time for confirmation.
If you are root, you can also change another user's password:
# passwd ted
You will then have to go through the same procedure as above, except that you won't have to enter the user's old password. (One of the many benefits of being root...)
If needed, you can also temporarily disable an account, and reenable it at a later time if needed. Both disabling an account and reenabling an account can be done with passwd. To disable an account, do the following as root:
# passwd -l david
This will change david's password to something that can never match any encrypted value. You would reenable the account by using:
# passwd -u david
Now, david's account is back to normal. Disabling an account might be useful if the user doesn't play by the rules you've set up on your system, or if they've exported a very large copy of xeyes(1) to your X desktop.
12.1.3 Changing User Information
There are two pieces of information that users can change at any time: their shell and their finger information. Slackware Linux uses chsh (change shell) and chfn (change finger) to modify these values.
A user can pick any shell that is listed in the /etc/shells file. For most people, /bin/bash will do just fine. Others might be familiar with a shell found on their system at work or school and want to use what they already know. To change your shell, use chsh:
% chsh
Password:
Changing the login shell for chris
Enter the new value, or press return for the default
Login Shell [/bin/bash]:
After entering your password, enter the full path to the new shell. Make sure that it's listed in the /etc/shells(5) file first. The root user can also change any user's shell by running chsh with a username as the argument.
The finger information is the optional information such as your full name, phone numbers, and room number. This can be changed using chfn, and follows the same procedure as it did during account creation. As usual, root can change anyone's finger information.
http://www.slackbook.org/html/essential-sysadmin.html
Table of Contents
12.1 Users and Groups
12.2 Users and Groups, the Hard Way
12.3 Shutting Down Properly
Whoa whoa whoa whoa whoa.... I know what you're thinking. “I'm not a system administrator! I don't even want to be a system administrator!”
Fact is, you are the administrator of any computers for which you have the root password. This might be your desktop box with one or two users, or it might be a big server with several hundred. Regardless, you'll need to know how to manage users, and how to shut down the system safely. These tasks seem simple, but they have some quirks to keep in mind.
12.1 Users and Groups
As mentioned in Chapter 8, you shouldn't normally use your system logged in as root. Instead, you should create a normal user account for everyday use, and use the root account only for system administration tasks. To create a user, you can either use the tools supplied with Slackware, or you can edit the password files by hand.
12.1.1 Supplied Scripts
The easiest way to manage users and groups is with the supplied scripts and programs. Slackware includes the programs adduser, userdel(8), chfn(1), chsh(1), and passwd(1) for dealing with users. The commands groupadd(8), groupdel(8), and groupmod(8) are for dealing with groups. With the exception of chfn, chsh, and passwd, these programs are generally only run as root, and are therefore located in /usr/sbin. chfn, chsh, and passwd can be run by anyone, and are located in /usr/bin.
Users can be added with the adduser program. We'll start out by going through the whole procedure, showing all the questions that are asked and a brief description of what everything means. The default answer is in the brackets, and can be chosen for almost all the questions, unless you really want to change something.
# adduser
Login name for new user []: jellyd
This is the name that the user will use to login. Traditionally, login names are eight characters or fewer, and all lowercase characters. (You may use more than eight characters, or use digits, but avoid doing so unless you have a fairly important reason.)
You can also provide the login name as an argument on the command line:
# adduser jellyd
In either case, after providing the login name, adduser will prompt for the user ID:
User ID ('UID') [ defaults to next available ]:
The user ID (UID) is how ownerships are really determined in Linux. Each user has a unique number, starting at 1000 in Slackware. You can pick a UID for the new user, or you can just let adduser assign the user the next free one.
Initial group [users]:
All users are placed into the users group by default. You might want to place the new user into a different group, but it is not recommended unless you know what you're doing.
Additional groups (comma separated) []:
This question allows you to place the new user into additional groups. It is possible for a user to be in several groups at the same time. This is useful if you have established groups for things like modifying web site files, playing games, and so on. For example, some sites define group wheel as the only group that can use the su command. Or, a default Slackware installation uses the sys group for users authorized to play sounds through the internal sound card.
Home directory [/home/jellyd]
Home directories default to being placed under /home. If you run a very large system, it's possible that you have moved the home directories to a different location (or to many locations). This step allows you to specify where the user's home directory will be.
Shell [ /bin/bash ]
bash is the default shell for Slackware Linux, and will be fine for most people. If your new user comes from a Unix background, they may be familiar with a different shell. You can change their shell now, or they can change it themselves later using the chsh command.
Expiry date (YYYY-MM-DD) []:
Accounts can be set up to expire on a specified date. By default, there is no expiration date. You can change that, if you'd like. This option might be useful for people running an ISP who might want to make an account expire upon a certain date, unless they receive the next year's payment.
New account will be created as follows:
---------------------------------------
Login name: jellyd
UID: [ Next available ]
Initial group: users
Additional groups: [ None ]
Home directory: /home/jellyd
Shell: /bin/bash
Expiry date: [ Never ]
This is it... if you want to bail out, hit Control+C. Otherwise, press ENTER to go ahead and make the account.
You now see all the information that you've entered about the new account and are given the opportunity to abort the account creation. If you entered something incorrectly, you should hit Control+C and start over. Otherwise, you can hit enter and the account will be made.
Creating new account...
Changing the user information for jellyd
Enter the new value, or press return for the default
Full Name []: Jeremy
Room Number []: Smith 130
Work Phone []:
Home Phone []:
Other []:
All of this information is optional. You don't have to enter any of this if you don't want to, and the user can change it at any time using chfn. However, you might find it helpful to enter at least the full name and a phone number, in case you need to get in touch with the person later.
Changing password for jellyd
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Re-enter new password:
Password changed.
Account setup complete.
You'll have to enter a password for the new user. Generally, if the new user is not physically present at this point, you'll just pick some default password and tell the user to change it to something more secure.
Choosing a Password: Having a secure password is the first line of defense against getting cracked. You do not want to have an easily guessed password, because that makes it easier for someone to break into your system. Ideally, a secure password would be a random string of characters, including upper and lowercase letters, numbers, and random characters. (A tab character might not be a wise choice, depending on what kinds of computers you'll be logging in from.) There are many software packages that can generate random passwords for you; search the Internet for these utilities.
In general, just use common sense: don't pick a password that is someone's birthday, a common phrase, something found on your desk, or anything that is easily associated with you. A password like “secure1” or any other password you see in print or online is also bad.
Removing users is not difficult at all. Just run userdel with the name of the account to remove. You should verify that the user is not logged in, and that no processes are running as that user. Also, remember that once you've deleted the user, all of that user's password information is gone permanently.
# userdel jellyd
This command removes that annoying jellyd user from your system. Good riddance! :) The user is removed from the /etc/passwd, /etc/shadow, and /etc/group files, but doesn't remove the user's home directory.
If you'd wanted to remove the home directory as well, you would instead use this command:
# userdel -r jellyd
Temporarily disabling an account will be covered in the next section on passwords, since a temporary change involves changing the user's password. Changing other account information is covered in Section 12.1.3.
The programs to add and remove groups are very simple. groupadd will just add another entry to the /etc/group file with a unique group ID, while groupdel will remove the specified group. It is up to you to edit /etc/group to add users to a specific group. For example, to add a group called cvs:
# groupadd cvs
And to remove it:
# groupdel cvs
12.1.2 Changing Passwords
The passwd program changes passwords by modifying the /etc/shadow file. This file holds all the passwords for the system in an encrypted format. In order to change your own password, you would type:
% passwd
Changing password for chris
Old password:
Enter the new password (minumum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
As you can see, you are prompted to enter your old password. It won't appear on the screen as you type it, just like when you log in. Then, you are prompted to enter the new password. passwd performs a lot of checks on your new password, and it will complain if your new password doesn't pass its checks. You can ignore its warnings if you want. You will be prompted to enter your new password a second time for confirmation.
If you are root, you can also change another user's password:
# passwd ted
You will then have to go through the same procedure as above, except that you won't have to enter the user's old password. (One of the many benefits of being root...)
If needed, you can also temporarily disable an account, and reenable it at a later time if needed. Both disabling an account and reenabling an account can be done with passwd. To disable an account, do the following as root:
# passwd -l david
This will change david's password to something that can never match any encrypted value. You would reenable the account by using:
# passwd -u david
Now, david's account is back to normal. Disabling an account might be useful if the user doesn't play by the rules you've set up on your system, or if they've exported a very large copy of xeyes(1) to your X desktop.
12.1.3 Changing User Information
There are two pieces of information that users can change at any time: their shell and their finger information. Slackware Linux uses chsh (change shell) and chfn (change finger) to modify these values.
A user can pick any shell that is listed in the /etc/shells file. For most people, /bin/bash will do just fine. Others might be familiar with a shell found on their system at work or school and want to use what they already know. To change your shell, use chsh:
% chsh
Password:
Changing the login shell for chris
Enter the new value, or press return for the default
Login Shell [/bin/bash]:
After entering your password, enter the full path to the new shell. Make sure that it's listed in the /etc/shells(5) file first. The root user can also change any user's shell by running chsh with a username as the argument.
The finger information is the optional information such as your full name, phone numbers, and room number. This can be changed using chfn, and follows the same procedure as it did during account creation. As usual, root can change anyone's finger information.
http://www.slackbook.org/html/essential-sysadmin.html
Subscribe to:
Posts (Atom)