Linux Basics

(5 ratings)

Linux Basics

By: linuxhotbox.com

Added: 13 May 2008 Views: 127

Path : Computers

Operating Systems

Linux

Linux Administration

Keywords: computer operating system linux general help compile unix administration basics

Do you like this tutorial? Now you can support our team to add more :

Basics

Filenames

Linux is case-sensitive. For example: myfile, Myfile, and myFILE are three different files. Your password and login name are also case-sensitive. (This follows tradition since both UNIX and the "c" programming language are case-sensitive.) Naming conventions for files and directories are identical. All the files and directories which I create (for myself, as a user) are lower-case, unless there is a very special reason to make it different. Most of Linux commands are also all lower case.
Filenames under Linux can be up to 256 characters long and they normally contain letters, numbers, "." (dots), "_" (underscores) and "-" (dashes). Other characters are possible but not recommended. In particular, it is not recommended to use special metacharacters: "*" (asterisk), "?" (question mark), " " (space), "$" (dollar sign), "&" (ampersand), any brackets, etc. This is because metacharacters have special meaning to the Linux shell (shell is something like COMMAND.COM, the command processor under DOS). It is possible to have a space in the filename, but we don't recommend it either--we use underscore "_" instead.
It is not possible at all to have '/' (slash) as a part of the filename because '/' is used to represent the top of the directory tree, and as a separator in the pathnames (the same as '\' is in DOS).

Like in DOS, I cannot have a file called . or a file called.. (dot or two dots)--they mean "current" and "parent to the current" directory respectively, exactly like in DOS.

Here is the meaning of some metacharacters:
* = Matches any sequence of zero or more characters, except for "." (a dot) at the beginning of a filename.
? = Matches any single character.
[abC1] = Matches a single character in the enumerated set. In this example the set contains: 'a', 'b', 'C', and '1'.
[a-z] = Matches any lower-case letter.
[A-F] = Matches any upper-case letter from A to F.
[0-9] = Matches any single digit.
[a-zA-Z0-9] = Matches any letter (lower or upper case) or any digit.

The character \ (backslash) is also special. It makes the subsequent special character aquire literal meaning (read on).

Examples. This command will list any filename in the current directory, with the exception of filenames starting with "." (dot):

ls *

An equivalent to this command is to type just ls or dir (without the "*"). Files with names starting with "." are not shown because "." as the first character of a filename is not matched by "*". Think of files with names starting with "." as an equivalent of DOS hidden files. Use ls -a (list with the option "all") or ls .* to see these "dot" files. The "dot-files" are common in the user home directories and they typically contain user-level configurations.
This command will list any file (in the current directory) that contains a dot (except files starting with a dot):

ls *.*

This command will list any filename that contains two dots (except those starting with a dot):

ls *.*.*

Please note that Linux does not have "filename extensions" the way DOS does, but you can still use them. For example, I can have a file my_text.txt.zip. Some other DOS-kind file-naming features are completely absent ("Micros~1.doc" comes to mind).
This command will find (on the whole filesystem) any file with the extension "htm" optionally followed by any one more character:

locate *.htm?

This command will show all filenames in the current directory that start with "a" or "b", or any capital letter:

ls [abA-Z]*

This command will list any file starting with "a" and ending with "n"

ls a*n

Command line autocompletion. This is a great command line feature--I use the [Tab] key a lot to save on typing. It makes it brisk to deal with long and complicated filenames. For example using such a filename on the command line is really not a problems, if I use autocompletion:

dir Eurosong\ 2000\ Olson\ Brothers\ -\ Fly\ on\ the\ wings\ of\ love\ $denmark$.mp3

I just type

dir Eu<Tab>

and if there are no other files starting with "Eu", the rest of the filename is automatically typed for me. Otherwise, I would have to look at my choices (which are printed for me) and type one or two more characters to make the filename unambiguous. The backslashes in the name of the example song above show that the spaces are "literal", i.e., they spaces are part of the filename.

Problems with weird filenames. Most of these problems can be solved using autocompletion. Additionally, to manipulate files with names that do contain metacharacters, I may use a pair of ' ' (two apostrophes), so that the metacharacters are quoted and therefore the shell does not interpret their meaning. For example, to rename a file my file* (contains space and asterisk), I would issue:

mv 'my file*' filename_without_weird_characters.txt

Please note that I use a pair of ' (apostrophes) for quoting. Quoting with a pair of " " (quotation marks) is generally weaker than quoting with ' ' . If you use " (quotation marks) some metacharacters may get interpreted by the shell (altering their meaning).

Following UNIX tradition, on Linux, one may create files with names contaning almost any character, including non-printable (control) characters. Those are very infrequent, but if you encounter such a file, it can make you feel really weird. I would rename such a file using a carefully positioned metacharacter. I would use ls first to try if my action indeed targets the desired file, and then rename the file (using the move "mv" command):

ls -l myfile*y.html
mv myfile*y.html myfile.html

(I assume that the non-standard character(s) are between the letters e and y.)

As an example of the perhaps weirdest problems that you might face when using non-recommended characters in a filename, try creating a file with a name starting with a dash and then remove it--there seems to be no way to do it (because a dash normally introduces command options). E.g., the command

dir > -junk

will create such a funny file (like in DOS, the symbol ">" redirects the output from the dir command to a file named "-junk"). Since the regular way of removing the file -junk does not work, I use:

rm ./-junk

The "dot slash" at the beginning means "the current directory" and here serves just the purpose of hiding the leading dash so it is not interpreted as introducing an option to the rm command. The point here is that I would rather stick to traditional naming conventions than face the occasional complications.

Besides using autocompletion, apostrophes and quotes, I can manipulate files with weird names using \ (backslash). Backslash hides the special meaning of the subsequent character. For example, i can create a weird file with the name *?[ using the following command:

touch \*\?\[

(The touch command creates an empty file or, if the file exists, updates its date/time of last modification.)

What are the different directories for?

Linux filesystem tree is large and complicated. It will vastly improve your skills if you familiarize yourself with it.

Briefly, typical Linux contains five filesystems. These filesystems can reside on a single or different physical hard drives and/or hard drive partitions, depending on the size and need of your system. (A single filesystem can also be distributed between different physical devices, if needed.)

The root "/" filesystem contains basic operating system and maintenance tools. The content of this filesystem should be sufficient to start up the system and perform emergency maintenance and repairs if they were necessary.
/usr filesystem contains all commands, libraries, documentation, and other files that do not change during normal operation. This will also contain major applications that come with your Linux distribution, for example Netscape.
/var filesystem contains files that change: spool directories, log files, lock files, temporary files, and formatted (on use) manual pages.
/home filesystem contains user files (users' own settings, customization files, documents, data, mail, caches, etc). The contents of this directory should be preserved on an operating system upgrade.
/proc filesystem contains entirely illusionary files. They don't really exist on the disk and don't take up any space there (although ls -l will show their size). When viewing them, you really access information stored in the memory. It is used to access information about the system.

The parts of the root filesystem are:
/bin--executables (binaries) needed during bootup that might be used by normal users.
/sbin--executables (system binaries) not intended for use by general users (users may still use them, but this directory is not on their PATH).
/etc--system-wide configuration files for your operating system.
/root--the home directory of the system administrator (called super-user or root).
/dev--device files. Devices appear on Linux as files so that hardware is abstracted and it is easy to write to them or read from them.
/mnt--mount points for removable media (floppy, cdrom, zipdrive), partitions of other operating systems (e.g. MS Windows), network shares, and anything else that is mounted on the file system temporarily. It normally contains a separate subdirectory for each mounting share. The contents of these drives/shares appear in these subdirectories--there are no drive letters on Linux.
/lib--shared libraries for programs that reside on the root filesystem and kernel modules.
/boot--files used by the bootstrap loader (LILO or GRUB), the thing that loads first when the computer is booted and perhaps gives you the option of which operating system to boot, if you have more than one OS on your computer). It typically also contains the Linux kernel (compressed, file vmlinuz), but this can be stored somewhere else, if only LILO is configured to know where it is.
/opt--optional large applications, for example kde under RedHat 5.2 (under RedHat 6.0, kde is distributed as any other X-windows distribution, main executables are in the /usr/bin directory).
/tmp--temporary files. This directory may clean up automatically.
/lost+found--files recovered during the filesystem repair.

The most interesting parts of the /usr filesystem are:
/usr/X11R6--X-windows system (version 11, release 6).
/usr/X11--the same as /usr/X11R6 (it is a symbolic link to /usr/X11R6).
/usr/X11R6/bin --lots of small X-windows apps, and perhaps symbolic links to the executables of some larger X-windows applications that reside in their own subdirectories somewhere else).
/usr/doc--Linux documentation (on newer systems, this moved to /usr/share/doc).
/usr/share --Data independent from your computer architecture, e.g., dictionary words.
/usr/bin and /usr/sbin--similar to their equivalents on the root filesystem (/bin and /sbin), but not needed for basic bootup (e.g. during emergency maintenance). Most commands will reside here.
/usr/local--the applications installed by the local administrator (perhaps each application in a separate subdirectory). After the "main" installation, this directory is empty. The contents of this directory should survive normal re-installation or upgrade of the operating system.
/usr/local/bin--perhaps smaller "user"-installed executables, plus symbolic links to the larger executables contained in separate subdirectories under /usr/local .

It is important to understand that all directories appear in a single directory tree, even if the directories are contained on different partitions, physical drives (including floppies, etc), or even if they are distributed over the network. Therefore, there are no DOS-type "drive letters" under Linux. What would be a "drive" under DOS or MS Windows, appears on Linux as a subdirectory in a special "mounting" location.

The directory system is well-established and standard on most Linux distributions (the small differences are being currently addressed by the Linux Standard Base). It is also quite similar to that found on typical commercial UNIX systems.

To summarize:

Users always save their files to the directory /home/user_login_name (and its subdirctories)
The local administrator most likely installs the "additional" software under the directory /usr/local and makes a link to the main executable in /usr/local/bin.
System settings are all in the directory /etc.
It is not a good idea to temper with the content of the root directory ("/") or of the directory /usr, unless I really know what I want. These directories are best left as they came with my Linux distribution.
Most tools and applications installed on my system are in the directories: /bin, /sbin, /usr/bin, /sbin, /usr/X11/bin, /usr/local/bin.
All the files are in single directory tree. There are no drive letters.

More about the /proc filesystem (only for really curious).
The /proc "pseudo" file system is a real-time, memory-resident file system that tracks the state of the operating system kernel and the processes running on your computer. The /proc file system is totally virtual, i.e., it is not written on any particular disk or other persistent media, it exists only in the computer memory, and it is constantly updated to reflect any changes to your system. The size of the /proc directory is always zero and the last modification time is the current date. In some cases, it is possible to change your system settings by manually changing the contents of files in the /proc filesystem. Many Linux utilities use the /proc filesystem as the source of their information, e.g., dmesg, ps, top.

Contents of the /proc filesystem.

Directories with numerical names like "1" "170" "4908" are IDs of the processes running on your computer. Each directory contains several files, e.g.,: cmdline (contains the entire command line that was used to envoke the process), cwd (symbolic link to the cwd of the process), environ (the environment variables defined for this particular process in the form VARIABLE=value), exe (a symbolic link to the executable file that the current process is linked to), fd (a list of the file descriptors opened by the process),maps (a named pipe that can be used to access the process memory), root (a symbolic link to the directory which is the root file system for the particular process), stat (info on the status of the process).

Other files in the /proc filesystem:
/proc/cpuinfo --information about the processor, such as its type, make, model, and performance.
/proc/devices --list of device drivers configured into the currently running kernel.
/proc/dma --DMA channels being used at the moment.
/proc/filesystems --filesystem types configured into the kernel.
/proc/interrupts --interrupts in use, and how many of each there have been.
/proc/ioports --I/O ports in use at the moment.

For example, I can read the cpu info on my system using the following command:
cat /proc/cpuinfo

How do I run a program?

Typing the name of the executable on the command line doesn't help? There are three possibilities.

The first possibility: I did not type the name of the executable correctly. Check the case--Linux is case sensitive! For example, typing "Pico" or "PICO" will not start the pico editor.

The second possibility: maybe the program is not on my PATH? Under Linux (or any UNIX), an executable must be on your PATH to run it, and the current directory is not on my PATH. Type the full path to the executable in front of the executable name, or do:

cd the_program_directory
./program_name

I must put the dot and slash in front of the program name or the program will not execute. (This is a security feature not to put one's current directory on the path. It makes "trojan horses" more difficult. A "trojan horse" is a malicious program that pretends to be something different than it really is.) The dot means "the current directory", and the slash "/" is a separator between the directory name and the filename (exactly as "\" in DOS).
I may check my path using:

echo $PATH

To learn how to change your PATH, or add your current directory to it, see the next answer.
If my executable is lost somewhere in the directory tree, I may want to find it using (for example):

find / -name "netscape"

to find a file named "netscape", starting the search from the root directory "/". You may be able to achieve the same result faster using:

locate netscape

(Locate runs faster because it relies on a pre-built database of files on your system. This database is updated by a background "cron" process that normally runs at night, so don't count on locate to find a file if you regularly switch off your computer for the night, or you are searching for a file that you have just installed.)
Please note that the PATH is normally different for root than for the regular users (root's PATH includes /sbin and /usr/sbin whereas users' don't). Therefore users cannot execute commands located in the "sbin" directories unless they specify the full path to the command. Also, if you become a superuser by executing the su command, you inherit the user's PATH, and to execute the command located in sbin, you need to specify the full path.
Conversely, if I need to learn where an executable which is on my PATH is located on your system (i.e., the executable runs by typing its name anywhere in the system, but I would like to know where it is located), I may use something like this:

which netscape

which will show the full PATH to the executable program called "netscape" (if one exists).

The third possibility: maybe the file is not executable. If it should be, change the permissions to make it executable. E.g. (as root or the user who owns the file):

chmod a+x my_file

will make the file "my_file" executable for all users. Check if it worked using:

ls -l my_file

Read here if you don't understand the output of this command or the whole "third possibility".

Please note that under Linux (or UNIX), the file extension (for example .exe or .com or .bat) does not make the file executable. The file needs an "executable file access mode" which is not unlike a "file attribute" under DOS.

How can I change the PATH?

Typically, you don't have to change your PATH, but it very useful to understand what PATH is.

The PATH is the list of directories which are searched when you request the execution of a program. You can check your PATH using this command:

echo $PATH

which, on my system , shows the PATH for the user "yogin" to be:

/opt/kde/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/yogin/bin

The ":" is a separator, therefore the above PATH represents a list of directories as follows:

/opt/kde/bin
/usr/local/bin
/bin
/usr/bin
/usr/X11R6/bin
/home/yogin/bin

Here is the output from the command "echo $PATH" run on my system on the account "root":

/opt/kde/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin

You can change the PATH for all users on the system by editing the file /etc/profile and adjusting (as root) the line starting with "PATH=". I do it using the pico editor (as root):

pico -w /etc/profile

(The option -w turns off the wrap of long lines.)
Re-login for the change to take effect. To set up the PATH for an individual user only, edit the file /home/user_login_name/.bash_profile (please note the dot in front of the filename--files starting with a dot are normally invisible, you have to use ls -a to see them).
If you really want to have the current directory on your PATH, add "." (dot) to your PATH. When used in the place when directory name is expected, a dot means "the current directory". The specification for the path in /etc/.bash_profile may then look like this:

PATH="$PATH:$HOME/bin:"."
export PATH

This command takes the contents of the environmental variable called PATH (as set for all users in /etc/profile), and appends to it the name of your home directory as set by the variable HOME with an attached "/bin" and then a dot. Finally, the command assigns the resulting string back to the variable called PATH. It is necessary to use the command "export" after modifying PATH or any other user-environment variable, so that the variable is visible outside of the script that sets it.

How can I shutdown my computer?

Close all your programs saving the data as desired. From your GUI main menu (e.g., "K"), select "Logout". Then, from the logon screen, select: "System"-"Shutdown".

Alternatively, from a text terminal, press <Ctrl><Alt><Del> (the "three-finger salute", you press the three keys simultaneously), wait for the shutdown process to complete, and turn off your machine only after it starts rebooting again. If you are in X-windows, first switch to a text terminal by pressing <Ctr><Alt><F1> (three keys simultaneously).

Never turn off your machine without the proper shutdown or else you may have disk error messages next time you boot. (Typically, the errors resulting from improper shutdown will be repaired automatically during the next boot, but occasionally more serious problem may result, and then you may need to repair the files manually or re-install!)

If you prefer your computer to go to a halt after you press <Ctrl><Alt><Del> (instead of the default reboot), you can set this up by editing the file /etc/inittab. This file specifies something like this:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

As root, replace the option "-r" to "-h" so that the same fragment reads:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -h now

The line starting with "#" is just a comment (it is for humans, it does not have any effect on the computer). The option "-t3" tells the shutdown command to wait 3 seconds before it starts killing processes. The options "-r" and "-h" stand for "reboot" and "halt" respectively, so they perform a shutdown to reboot or a shutdown to a system halt.

Root can also use the shutdown command directly. This command can be used for either local or remote shutdown of your computer, but is used mostly for remote shutdown when the local keyboard is not available so you cannot use <Ctrl><Alt><Del>. It can also be very useful if a program hangs so that the keyboard is no longer functional. For example:

telnet name_of_machine_with_no_operable_keyboard
[login as a user]
su
[give password]
Now either execute ps axu |more, find the process id of the offending command in the ps output and do

kill pid_of_offending_process

or reboot your machine with:

/sbin/shutdown -rn now

This command will shutdown really fast, bypassing standard (longer) shutdown procedure--useful when the system becomes really buggy (the option -n will make "shutdown" kill all the processes before rebooting).

Please note that for security reasons, you cannot login to a remote machine as root (e.g., over the telnet). You have to login as a user and then execute su and give a password to become a super user (root).

The shutdown command may also be used to execute a shutdown later. E.g. (as root):

/sbin/shutdown -r 23:59

will reboot the system 1 minute before midnight. I could also use:
/sbin/shutdown -r +1

to shutdown 1 minute from now. I can cancel a scheduled shutdown with:

/sbin/shutdown -c

If the shutdown command is too long for you, you may want to try these two commands, which do exactly what their names suggest (as root):

reboot
halt

A fancy way to shut down your computer is to switch your system to the runlevel 0 (for halt) or runlevel 6 (for reboot). Try it using (as root):

init 0

The meaning of the different runlevels is explained in the file /etc/inittab and .

How do I deal with a hanged program?

Buggy programs do hang under Linux. A crash of an application should not, however, affect the operating system itself so it should not be too often that you have to reboot your computer. Linux servers are known to run for more than a year without a reboot. In our experience, a misbehaving operating system may be a sign of hardware or configuration problems: we repeatedly encountered problems with the Pentium processor overheating (the fan on the Pentium did not turn as fast as it should or it stopped altogether, the heat sink on the Pentium was plugged with dirt), bad memory chips, different timing of different memory chips (you may try re-arranging the order of the chips, it might help), wrong BIOS setup (you should probably turn off all the "advanced" options, Linux takes care of things by itself). The "signal 11" error message is typically (99%) associated with hardware problems and is most likely to manifest itself when you perform computing-intensive tasks: Linux setup, kernel compilation, etc. If your Pentium has the tendency to overheat (very common for early Pentiums), here are some tips to keep it cool, particulary during hot weather: clean the processor heat sink, replace the processor fan, operate the computer with the cover off and aim an extra fan inside, increase the processor "wait-state" in the computer BIOS, don't overclock, decrease useless load, e.g., replace this super-fancy screen saver with a blank screen.
Not really changed. Some programs might give the uninitiated impression of hanging, although in reality they just wait for user input. Typically, this happens if a program expects an input filename as a command line argument and no input filename is given by the user, so the program defaults to the standard input (which is console). For example, this command

cat

may look like it's hanged but it waits for keyboard input. Try pressing <Ctrl>d (which means "end-of-file") to see that this will satisfy the cat command. Another example: I have seen many questions on the newsgroups about the "buggy" tar command that "hangs" when trying to uncompress a downloaded file, for example:

tar -zxv my_tar_file [wrong!]

This waits for user input too, since no option "-f filename" was specified so "my_tar_file" was not recognized as a filename. The correct command is:

tar -zxvf my_tar_filename

Please note that the filename must follow immediately after the option "f" (which stands for "filename). This WILL NOT work (very common mistake):
tar -zxfv my_tar_file [wrong!]

Any program (hanged or not) can be killed.

A text-mode program in the foreground can often be killed by pressing <Ctrl>c. This will not work for larger applications which block the <Ctrl>c, so it is not used on them accidentally. Still you can get back in control either by sending the program to the background by pressing <Ctrl>z (no guarantee this will work) or switching to a different terminal, for example using <Ctrl><Alt><F2> and login as the same user that hanged the program (this should always work). Once you are back in control, find the program you want to terminate, for example:

ps

This command stands for "print status" and shows the list of programs that are currently being run by the current user. In the ps output, I find the process id (PID) of the program that hanged, and now I can kill it. For example:

kill 123

will kill the program with the process id (PID) of "123".
As user, I can only kill the processes I own (this is, the ones which I started). The root can kill any process. To see the complete list of all processes running on the system issue:

ps axu | more

This lists all the processes currently running (option "a"), even those without the controlling terminal (option "x"), and together with the login name of the user that owns each process ("u"). Since the display is likely to be longer than one screen, I used the "more" pipe so that the display stops after each screenful.

The kill command has a shortcut killall to kill programs by name, for example:

killall netscape

will kill any program with "netscape" in its name, while

killall pppd

will surely disconnect any dial-up connection by killing the ppp daemon.

X-windows-based programs have no control terminals and may be easiest to kill using this (typed in an X-terminal):

xkill

to which the cursor changes into something looking like a death sentence; you point onto the window of the program to kill and press the left mouse button; the window disappears for good, and the associated program is terminated.

A shortcut to the last command is to press <Ctrl><Alt><Esc>, to which the cursor changes into something looking like a death sentence--you point at the window of the offending program, click your mouse, and the window closes and the program is gone.

If your X-windows system crashes so that it cannot recover, or you just get stuck, it may be the easiest to kill the X-server by pressing <Ctrl><Alt><BkSpace>. After that, it might be a good idea to run ps axu, find any possible X-programs that might still be running, and kill them. If you don't do this, and there really is a misbehaving program that caused your X-windows to crash, it might cause trouble again.
If you have programs in the background, the operating systems will object your logging out, and issue a message like "There are stopped jobs". To override and logout anyway, just repeat the logout (or exit) command --the background program(s) will be automatically terminated and you will be logged out.
Core files. When a program crashes, it often dumps a "core" into your home directory. This is accompanied by an appropriate message. A core is a memory image (plus debugging info) and is meant to be a debugging tool. If you are a user who does not intend to debug the program, you may simply delete the core:

rm core

or do nothing (the core will be overwritten when another core is ever dumped). You can also disable dumping the core using the command:

ulimit -c 0

Checked if it worked using:

ulimit -a

(This shows "user limits", the option "-a" stands for "all".) To make the option of disabling core dumps permanent for all users, edit the file /etc/profile (as root), where ulimit is set, and adjust the setting. Re-login for the changes to /etc/profile to take effect.
If you would like to see how a core file can be used, try (in the directory where you have a core file):

gdb -c core

This launches GNU debugger (gdb) on the core file "core" and displays the name of the program that created the core, signal on which the program was terminated, etc. Type "quit" to exit the debugger. To learn the meaning of different signals, try:

cat /usr/include/bits/signum.h |more

Command options

Most commands accept numerous "options". An option can be introduced with an "-" (dash). For example:

dir -l

shows me the listing of the current directory but in a long format (the default format is "short"). Multiple options can be introduced in two, equivalent ways:

dir -l -a

dir -la

Either of the above commands will show me the listing of the current directory in the long file format (option -l), and include all files in the listing, i.e., also the hidden files (option -a).

Most popular options are marked with one letter. This follows the traditional UNIX way of invoking options. There is also a new style, which looks like this:

dir --help

Here, a single option is more than one character long, and it must be introduced with two dashes. The above command displays a brief help for the dir command, including the listing of all options. Because there are so many of those (more than a screenful), I would probably do:

dir --help | more

Users, passwords, file permissions, and security

Home directories, root, adding users

The (almost) only place on the harddrive that normal users (non-root) can write to is their home directory, which is /home/user_login_name.

This "home" directory is for all user files: settings, program configuration files, documents, data, netscape cache, mail, etc. As a user, you can create subdirectories under your home directory to keep yourself organized. Other users cannot read your files or write to your home directory unless you give them permission to do so.
Normal users can also see, read and execute many other files on the system (besides their home directory), but normally they cannot modify or remove (delete) them.

The "root" (also called "super user") is a special administrative account that has the power to modify any file on the system. It is not a good idea to habitually work on your system as root--if you do so, your mistakes can cost you dearly. Set up and use a normal user account for everyday work for yourself, another user account for your son, and yet another for your wife. The root account is typically the only account that exists on Linux after the initial installation. Thus you have to explicitly create "user" accounts for normal work for you Linux system.

A user account can be created by "root" using, for example:

adduser joe
passwd joe
[type the password for the user joe]
[retype the password for the user joe so as to avoid mistakes]

In the example above, first I logged in as root. Then, on the command line, I issued the command "adduser" with the parameter (argument) "joe". This created the account "joe" on my Linux computer. Then, I issued the command "passwd joe" to change the password for the user "joe" to something fairly secure. Now, I can tell "joe" what her initial password is, and she can login and change the password to her liking. Please note that the account name (user login name, "joe") and the password are case-sensitive.

Root can change any user's password, although s/he cannot read it. [Passwords are encrypted using a one-way encryption algorithm and only this encrypted version is stored on the system, in the file /etc/passwd (older systems) or /etc/shadow (newer systems), and the "open" version of the password is never stored. When you login, the password you type is encrypted again using the same one-way algorithm and compared with the already encrypted version stored in /etc/passwd or /etc/shadow.]

The separation of the administrator and user makes Linux systems secure and robust--it even makes viruses under Linux difficult (the programs that a user runs can write only to his/her own directories, and therefore cannot affect the vital parts of the operating system).
It is customary that the user changes his/her password immediately after the first login, for example:

passwd
(current) UNIX password: pass_OLD
New UNIX password: pass_NEW
Retype New UNIX password: pass_NEW

In reality, the password will not appear on the screen as you type it (for security reasons). Take your time if you are changing the password for the very first time--it can be difficult to type "blind".

On the Linux system, the same password is used to:

login on the text terminal,
login from a graphical (GUI) screen into your desktop (KDE or GNOME),
unlock a locked text terminal,
unlock a password-protected screen saver on a GUI (for example, KDE or GNOME).

About password security

Weak passwords are probably the most common source of security problems. Even at home, you may expose yourself to serious trouble because somebody may be able to hack your computer when you browse the Internet and read/delete your files, or use your computer to do something really nasty to the local police computer network. Therefore, keep all your login names/passwords secure, even at home. Once somebody logs into your computer (even as an ordinary user), he may find it quite easy to gain root access (depending on how well-maintained/up-to-date your system is vs. how good a hacker s/he is).

Here are some examples of hazardous passwords:
- No password (possible!).
- The word "password" (wow, this one is really weak!).
- Your login name (The login and the password the same? Hmm.).
- Your first name or the first name of your daughter, son, husband, wife, girlfriend, or any other first name. The number of first names in use is quite limited--just check the paperback book "what to name your baby". Don't assume that a first name you think of is secure because you are from India--Canada is really a multinational society and the typical namelist seems to cover all kinds of first names.
- Your last name or any other last name. The number of last names is surprisingly limited! Just check the US census data to see that your "rare" last name from the abamamahaba island is very well represented in the US 89,000 of the most frequent last names (e.g., http://www.census.gov/genealogy/www/freqnames.html). Or just check the Toronto telephone book. Another proof that we are all one family :))
- The nickname of your dog, wife, canary or computer. (Very few nick names humans use, much fewer than last names!)
- Name of your favourite sports team, celebrity, toothpaste, or detergent. Avoid names of popular soccer teams like fire. Same with rock bands (music).
- Date of your birth, social security number, etc; Sequences of digits can be easily probed.
- Name of your company, department, workgroup, etc.
- Password written in the calendar on your desk or on the side of your computer.
- A password which you also use in an insecure public place, for example an Internet store or a mailing list. In general, you should use different passwords for places controlled by different organizations.
- Any word which is in the English dictionary. The English dictionary does not contain as many words as it might seem. A not-so-skillful hacker can easily set a program to encrypt all dictionary words (100,000? that's under 1 MB!) and then compare all the encrypted strings to your encrypted password. As a matter of fact, tools for the "dictionary attack" are readily available on the Internet. Try the program crack yourself to find how easy it is. Swear words or "cool" (colloquial) expressions make the password particularly vulnerable for cracking.
- Any other word, last name, first name, pet or swear word, no matter in what language. For a cracker, to cover most languages is only a small overhead if he already covered one. How many significant languages are out there? 40? The cracker just grabs a few more files and appends it to his cracking list. The point here is that the subset of words that humans normally use if far far below the theoretical limit of the random combination of characters.
- Any of the above with an addition of a number/letter at the beginning or the end. "yuoping1" is really a very weak password.

A good password is relatively long (minimum 6 characters, some experts even recommend minimum 10 characters), contains a mixture of letters (upper and lower case, if possible), numbers and special characters, and is changed quite regularly (8-16 weeks?).

Unfortunately, the better the password, the harder it is to remember. I solved this problem for myself by taking 10 minutes to invent my personal password "scheme". Say, I always start and end with the monkey (@) sign, and use two words connected with an exclamation mark, the last letter of each word is capitalized, e.g., "@whitE!housE@". Seems like an adequate password, and it is easy to remember once I know what my password rule is. If you are a memory genius, you may consider truly excellent passwords generated with mkpasswd :))

The system administrator can set the password policy (minimum length, requirement of special characters, password expiry) through the utility included in this configuration program (run as root):

linuxconf

under the menu "user account"-"policies"-"password & account policies". Normal users won't be able to set a password which is too short, is a dictionary word, or does not contain the prescribed number of non-alphanumeric characters (but root can change any password to anything s/he likes, s/he will only be given a warning).
Also make sure that any file that contains any password of yours (e.g., /root/.kde/share/config/kppprc) has proper, secure permissions so that it cannot be read by anybody. For example, most likely you want:

chmod 600 kppprc

If you use an "over the phone" Internet connection for just a couple of hours a week, you may be fine even with a relatively weak password on your system. But please really reconsider your system security if you use a cable modem, or are otherwise connected to the Internet for a significant amount of time.

Most computer semi-literate use amazingly weak passwords. "Around 50 percent of computer users base passwords on the name of a family member, partner or a pet. Thirty percent look to a pop idol or sporting hero," reports CNN (http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.htmll). Please note the underlined base. Appending a digit to an obvious word hardly makes the password more secure.

I forgot the root password

Even if I never forget any passwords, I would still study this issue in detail because it can give me a hint on how my mother might be reading my ICQ chats history :-)
First method. The easiest way to solve your "forgotten root password" problem is to boot your Linux in the single-user mode, namely at the "lilo"prompt (during bootup) type:

linux single

This will make you "root" without asking for a password. Now, being root, you may change the root password using this command (no knowledge of the old password required):

passwd

If it strikes you as insecure, that's because no computer system is secure if other people have physical access to your hardware. Nevertheless, I did not like the "linux single" hole on my home computer and plugged it by adding the following lines to my /etc/lilo.conf file (at the end of the "image=" section):

password="my_password"
restricted

[This "lilo" password is required when, at the LILO prompt during bootup, somebody enters the word "linux" with any parameter (normal bootup without any parameters will still be possible without a password).] For the changes to /etc/lilo.conf to take effect, I must re-run the command lilo . Since my lilo password is not encrypted, I must make /etc/lilo.conf readable only for root:

chmod 600 /etc/lilo.conf

Second Method. Another way to solve the "lost-root-password" problem is to boot your computer from the Linux boot diskette or the CD. Then find your Linux root partition on the hard drive, mount it, and edit the file /etc/shadow. (I can do it because after booting from the floppy, I become root without being asked for a password.) In the password file, I erase the encrypted password for root (for example, using the pico editor), so it is empty.

Information about a user account is kept in plain-text files: /etc/passwd and /etc/shadow.

The file /etc/passwd contains the "world-readable" information about all accounts on my computer Each line in this file contains information about one account. Each line has 7 colon-delimited fields (this means 8 entries separated by colons): login name, the letter "x", the numerical user ID, the numerical primary group ID for the user, a comment field (for example, the full name of the user), the user's $HOME directory, the name of the shell (meaning the program that is run at login).

The balance of information about accounts on my computer is stored in the file /etc/shadow. This file is more secure because normally only root can read it. In this file, each line describes "shadow" information about one account, and has 9 colon-delimited fields: login name, encrypted password, days since Jan 1 1970 that password was last changed, days before password may be changed, number of days after which the password must be changed, number of days before password expiration to warn the user, number of days after password expiry that account is disabled, number of days since Jan 1 1970 that account is disabled, and a reserved field.

Some (older) UNIX or Linux systems do not contain the file /etc/shadow and store the encrypted user password in the second field of each line of the file /etc/passwd (the field which on newer systems contains just the letter x).

For example, my /etc/shadow entry for "root" account may look like this:

root:$1$BuPbmLAz$1G7.evIChyqaEI0TlZp0F.:11071:0:99999:7:-1:-1:134540356

and after the password is erased, it looks like this:

root::11071:0:99999:7:-1:-1:134540356

Now, the root account has no password, so I can reboot the computer and, at the login prompt, type "root" and for password just press ENTER (empty, no password). After a successful login, I immediately set the password for root using the command:

passwd

Apparently, despite deleting the password from /etc/shadow , the Debian distribution will not let you log in "passwordless" (enhanced security?). In such a case, what needs to be done is to replace the password in /etc/shadow with an encrypted password from another account, where you know the password. After that, you can login since you know the password.

E-mailing an encrypted password may be also a secure way to set up an account for somebody remote: "I am setting up an ftp account for you on my server. Email me your encrypted password." After you receive the encrypted password, you insert it into the appropriate field in /etc/shadow. Now, the user can log in, since she knows the password, but nobody else can.

To make the "floppy access" to my system a little bit more difficult, I considered running a computer without a floppy drive :-) Unfortunately, Linux CDs are bootable these days. I set up my boot sequence (in the BIOS setup) so that the system boots from the hard drive before floppy and CDROM are tried, and added an "administrative" password on changes to the BIOS settings. Still, I worry that these BIOS passwords are very easily crackable, or that one could remove the small battery that sustains the BIOS setting. One could also remove my harddrive and connect it to another computer for reading :-) . I am thinking about installing an "encrypted file system" which is now available on Linux, but considering all the trouble associated with it, perhaps I will settle on locking my room :-) . If all this sounds paranoid to you, it probably is--it just illustrates the point there is little computer security, even under Linux, if the potential cracker has a physical access to your hardware.

I forgot my user password

If a regular (non-root) user forgets his/her password, this is not a problem since root can change any password. For example (as root):

passwd barbara

will prompt for a new password for the user "barbara" (no knowledge of the old password required by root). If a regular user (non-root) wants to change his/her password, s/he will be asked for the old password first. (This is a security feature so nobody changes your password if you have left your terminal unattended.)