After you have just installed a Linux distribution there may well be only one usable account - root. It usually starts off with no password set, so the first task is to set one. You should choose your root password with particular care as it is all that lies between you and anyone else accessing your machine with root privilege.
You should definitely avoid using any word which might appear in a dictionary, as well as your dog's name or any variation on your birthdate or your partner's name.
All these things are easy to guess for anyone who knows you, even slightly. You change the root password with the same command as for changing ordinary user passwords :
# passwd
Even logged in as root, there is no way that you can find out what someone uses for a password. This means that the best you can do for a user who can't remember his or her password is either to remove the password altogether, which allows the user then to choose a new one the next time they login, or you can set up a new password for the user directly. You tell the new password to the user who can use it to login and then change it for something private. The latter approach is best as it doesn't leave a period of time when the user's account is unprotected. In order to change a user's password directly you use the passwd command with a parameter which is the login name of the user whose password you wish to change:
# passwd login_nane
An easy way to find out who else is logged into your machine is to use the who command, as follows:
# who
pc ttyl Jul3 19:25
mot ttyp0 Jul3 20:06 (grexiz.soc.staff)
carey ttypl Jul3 20:08 (gregory.soc.staf)
rvc ttyp2 Jul3 20:12 (rachel.soc.staff)
The information displayed by the who command is split up into several fields. First comes the user's login name, followed by the name of the terminal that the user is using. This is followed by the date and time at which the user logged in and, finally, if the user logged in to the machine over a network, the name of the machine from which the connection was made.
Having put a password on your root account, the next task is to create yourself an ordinary user account. Many Linux distributions supply a special command to help you with creating a new user account. This command is called adduseror useradd depending on which distribution you have installed. Either way, the command will ask you a series of questions about the new user account and when you have supplied all the answers (or accepted the defaults, where applicable) the new user account will be created.
I can see that this simplifies the procedure all round but for novice administrators but, I think it is important to understand what is happening underneath so that you can make more informed choices. Therefore, so you will understand what is going on, we will add your account manually this time and you can look at the special command next time.
In fact, adding a user account manually is quite an easy job, consisting of the following steps (I shall assume that shadow passwords have been implemented on your system, if they have not been you will not have an /etc/shadow file and the second field in each line of /etc/passwd will contain the encrypted password):
Before you can set up the password file entry, you need to decide on the following account details: the login name, the UID, the GID, the path to the home directory and which shell the user will use.
Armed with this information you can now edit the password file /etc/passwd and add the following line to the end of the file, substituting your details into the line as appropriate:
login_name:x:uid:gid:user's_real_name:home_directory:shell
Each field is separated by a colon (:).
Choosing a login name is a matter of personal preference unless your site already has some convention for user names. Remember, however, that the name should be unique and must not be longer than eight characters.
The second field used to contain the encrypted password, or be empty if no password was in use. This led to a problem. Since /etc/passwd must be world readable, any user could read the encrypted password. Programs exist to de-crypt encrypted strings! So it became possible for people to find out the password of any user, even root! To overcome this a second file is used to hold encrypted passwords, this file MUST BE SET UP SO ONLY ROOT CAN READ IT, it also holds certain extra information abut the users account as we shall see. Provided you are using shadow passwords the second field will always contain a single x.The next two fields, the choice of UID and GID are usually fairly arbitrary, except that the UID should be unique, as it is the UID that the system uses to identify a user. If you intend to make proper use of groups then the GID will just be the group number of the group that the new user is to join. The standard GID for the group users in the Slackware distribution is 100. If you don't need a user to belong to a particular group then you could just set the GID to be the same as the UID so that these users just belong to a group of one.
The user's home directory can be anywhere in the directory hierarchy but you should impose some kind of policy on the location rather than dot them about at random. A good choice is to site ordinary user home directories under /home. Ifyou expect lots of users then it would be reasonable to mount a large disk partition over /home so that the user accounts can have as much space as they need, while also being confined to this space so that they can't use up all the space on your root filesystem.
Finally, arguably the best choice for the shell is bash, though there are others available. A typical line to add to the password file might be:
roger:x:1234:100:R.N.Foxcroft:/home/roger:/bin/bash
The use of shadow passwords allows more information to be held regarding user accounts, the format of an entry in /etc/shadow is as follows:
login_name:encrypted_password:date_last_changed:min_days:max_days:warning:inactive:expire:reserved
The first field is the account name, this must be exactly the same as the first field in the corresponding entry in /etc/passwd. Next comes the encrypted password, this field should never be left blank, as that would allow anyone to access the system.
Next comes fields with extra information. The date the password was last changed is recorded.
The super-user (root) can set the fourth field to prevent a user from changing a password too frequently.
The fifth field contains the maximum number of days a password can remain active (most installations require users to change their passwords at least once per month). The next field is intended to give users a number of days warning before their password expires.
The seventh field holds a number corresponding to the number of days an account may be inactive. If it is inactive more than the number of days allowed the users password will be deleted and the user will be unable to login again.
The next field simply contains the number of days the user is to be allowed access to the system, left blank it will give the user unlimited access.
The final field should not be used, since it has been reserved for future use.
The next three steps in the list can be performed with three commands, as follows:
# mkdir /home/roger
# chown roger. /home/roger
# chmod 700 /home/roger
The first line creates the home directory (/home/roger). The chown command in the second line changes the owner of the home directory to roger. The dot after the user name in this command tells chown to change the group of the home directory to the user's GID at the same time (this could also have been done separately with the chgrp command). The last command gives full read, write and search permission to the directory's owner and no access to anyone else. This last is a bit of a paranoid setting but can be changed by the user (roger) later if required.
The fifth and final step in the list of things to do actually requires no effort at all in this case, because the new user was allocated the GID of a group that already existed in /etc/group. The other case, that of the users who have a GID the same as the UID, would also require no effort for this stage either. If a particular GID does not have a corresponding entry in the group file then the system will just use the GID itself in places where otherwise it would have displayed the group name (ls -1 for instance). The only time you want to create or change an entry in the group file is when you add a new group that will actually contain more than one user or when you want to give permission for a user to work in more than one group.