Thursday, October 29, 2009

Lesson03(Part03):Linux Basics Continued

Lesson03:Linux Basics Continued

Creating Passwords

The combination of login name and password controls access to the system. To maintain the security level of the system, passwords need to be both hard to guess and changed regularly.

The rules for creating strong passwords are fairly well understood, and are as follows:

1. Use a minimum of eight characters; more characters are better, as long as you are comfortable remembering and typing them
2. Do not base the password on a dictionary word
3. Use a variety of different types of characters; use at least three of the following:
a. Lowercase letters
b. Uppercase letters (Linux passwords are case sensitive)
c. Numbers
d. Punctuation marks and other special characters
4. Avoid using your real name, login name, or variations thereof; for example, with a login name of sally, a poor password would be s@lly
5. Avoid using easy-to-determine personal information, such as your birthday, anniversary, etc.
6. Avoid using formulas, such as 1+1=2
7. Avoid excessive complexity if it tempts you to perform such unsafe practices as writing the password onto a notepad near your monitor


Changing Passwords


Passwords can be changed from the terminal or the GUI. Through GNOME, navigate to System > Preferences > About Me, and then click Change Password. From the terminal, use the passwd command.

















Before the system will allow you to change your password, it will require you to supply your current password. You will then be required to enter your new password twice to ensure that you did not make a typing mistake. Characters entered when typing a password are never echoed back to the screen.
The system, by default, performs some checks to ensure that a weak password has not been chosen. If you enter a weak password, the system will return an error message and allow you to try again.


The root User

The administrative account, also called the superuser account, is called root. The root user has an almost unlimited capability to manipulate the system, and can do the following:
• Read, modify, or delete any file
• Change into any directory
• Modify system configuration files
• Perform almost any other task on the system
That being said, this also implies you can do virtually unlimited damage to the system, corrupting or deleting all files, either by design or accident. A normal user’s potential to do damage is more limited.
For this reason, it is essential that you do not log in as the root user unless absolutely necessary. Also remember to log out of the root account as soon as possible.







Changing Identities

To change identities, use the su command.















The syntax for the su command is as follows:
su [option] [-] [username [arguments] ]
If no username is provided, su assumes that you want to switch to the root user. If a username is provided (for example, su - joe), the resulting shell will run as that user instead. su always prompts for the user’s password unless you are running it as root. root may access any account without providing a password.
When a hyphen (-) is passed as an argument to su (for example, su -), a login shell is created. Otherwise a non-login shell is created. The distinction between these types of shells will be discussed in detail later. For now, suffice it to say that, especially when becoming root, certain important settings are inherited by login shells, but not by non-login shells. So it is considered best practice to always use the - option when running su.

To elevate your privileges just for the run time of one command, use the sudo command.

You can also use sudo followed by a command to elevate your privileges just for the run time of this command. For example, sudo passwd joe, would run passwd with root privileges, allowing a non-root user to change joe’s password. To use sudo, a system administrator needs to have granted you access ahead of time; the system administrator can control which commands you may run with elevated privileges. Only users listed in the /etc/sudoers configuration file are allowed to use the sudo command. To edit the /etc/sudoers configuration file, as root, run the visudo command. Details of configuring sudo are outside the scope of this course, though some basic configuration will be covered later.

Usually, sudo prompts you for a password. The password being requested is your password, not root’s. This is to prevent someone else sneaking up to your terminal and abusing your sudo privileges.
With all these options for changing your identity, it becomes very useful to be able to check who you are and what groups you are in. You can do this with the id command. This command, as shipped with RHEL 5, is SELinux-aware and can also display the default SELinux context of processes you run when given the -Z switch. You can also view information on other users by running ID username.


Editing Text Files















As you already know, a central feature of Linux is that configuration files typically are plain text files. Plain text is also a common format on Linux, so it is vital that users be familiar with a plain text editor.
Various plain text editors are available in Red Hat Enterprise Linux. The most popular, powerful, and widely used plain text editor in the Linux and UNIX world is vi—its upgraded version is vim. Since many of the features that make vim so powerful also make it difficult for beginners to use, it is helpful for users to know a simple editor before beginning the adventure that is vim.
One of the easiest editors to learn is nano, a plain text editor that runs in a terminal window. It is available on most all Red Hat Enterprise Linux systems. To start nano, simply type the nano command. You may specify a file on the command line by giving the file name as an argument. If the file exists, you will edit it; if it does not exist, nano will create the file when you save it.
Once in nano, you simply type the text you wish to add; use the arrow keys to move the cursor around the file or use the Delete or Backspace keys to forward delete or backspace over text.file when you save it.
Other commands in nano are run using the Ctrl key. The last two lines on the screen display a menu of commands to run. Typically, the menu will look like the one shown here.















The caret (^) in the menu stands for Ctrl. For example, ^X means that you can type Ctrl-X to exit.

0 comments:

 
Home | About | Link | Link
Simple Proff Blogger Template Created By Herro | Inspiring By Busy Bee Woo Themes