Back when I was just another user….
While reviewing the video that goes along with this article, my mind drifted back to my first real paying job in radio. It was a big station with a big news department and what makes it pertinent to this discussion is the fact that they had a mini computer running Unix. This machine kept up with stories coming in off the UPI and AP news wires and the reporters used it to write local stories. There was a terminal in each on-air studio and more back in the newsroom. I can still remember the meeting I had with the sysadmin to get my very own user account on the system. Believe it or not, I can also still remember the password I chose after nearly 30 years. And no, I’m not telling.
Up to that point, my experience with computers mainly consisted of playing games on a Commodore 64 and typing term papers into my brother’s Tandy 1000. At the time, I remember thinking that it was cool to have access to a “real computer.” This was before the Internet. It had no GUI and the printers were tractor-fed dot matrix that could only print plain text. It was basically a giant word processor. What I found fascinating about it was the way I could sit down at any terminal in the building and login to find all my stuff just the way I left it. I could write a story, save it to a file, and send it to a printer all while the guy in the next studio was doing something else with the same system.
HD video is available by clicking on the gear, bottom right once it’s playing.
I remember Mike, the sysadmin at WTAR, telling me all about file permissions and what groups I was in but to be honest, I didn’t pay much attention. I just wanted to know how to get the ball scores. I didn’t know it then, but there was a guy named Linus Torvalds in Finland using a very similar system in his computer science class who wanted to have one just like it at home. He was so fascinated with it that he went on to write the kernel that is still the center of the GNU/Linux operating system. If I had any clue what a big role Linux would play in my life today, I would have paid more attention to what Mike was saying and maybe poked around in that Unix system a bit more.
You’ve got the power – Use it!
Linux includes all the same tools those Unix systems used to manage user accounts. Unlike it was with those big Unix systems, these days we are our own sysadmins if we run Linux at home. We have to manage the accounts on our Linux machines, especially when we have friends and family using our computers. Fortunately, all those tools make it really quite easy and we now have GUI tools that make it super simple. Still, there are some rules that we need to keep in mind to keep our systems secure:
1. Every user should have their own account.
There is an old saying that goes, “Good fences make good neighbors.” It certainly applies to multi-user computer systems. Each user can have a configuration that works best for them, they can be assured that no one will have access to their files and they won’t have easy access to other users files. Each user having their own account is also good for the sysadmin who wants to keep tabs on what others are doing with the computer. Each user has their own browser history so you can check on Internet activities, especially if that user is a kid and you want to know what they are looking at. You can also lock a user’s account if you don’t want them to have access temporarily or delete them entirely.
2. The sysadmin is the only person who should know all the passwords.
Users should be strongly discouraged from sharing passwords and, if you’re working in an enterprise environment, those passwords should be changed often. Now, most who are reading this will be using Linux at home but if you have a lot of people using your system or you’re suspect of anyone’s intentions, you may want to change passwords yourself and assign them to each user. Users can change their own passwords, but the sysadmin can always gain access without knowing the password the user has chosen. (Nice, huh? Being a Super User can really stroke your ego.) The quickest way to deny access to a user is to just change the password on the account to something they don’t know.
3. Users should log out when they are done using the computer.
Leaving a computer logged in and walking away is a security risk and it makes life hard for the next person who wants to use the machine. If the machine is set to suspend or lock the screen, the next user may be forced to switch users to get to their account. Having multiple accounts logged in will suck up system resources and bog things down for those who are actually trying to use the machine.
4. Make users log in.
I am not a fan of setting a computer to automatically login at startup, even if I am the only person who has an account. If you have multiple users automatically logged in it defeats the purpose of having separate accounts completely. Some Linux distros offer this option when you’re setting up the admin account at install and others actually select this option automatically when you create additional user accounts. Yeah, it’s convenient but what happens if someone breaks into your house or steals the machine? You’ve just removed the first line of defense! While it is true that passwords and encrypted files won’t keep someone who really wants to get at your data from getting it, don’t make it any easier for them.
Going beyond the GUI
I used a combination of GUI tools and Technical commands to demonstrate some of the basic things you might want to do with accounts on your machine. It goes way beyond that, though. Remember, these tools were designed to work with hundreds of users on mainframe computers. Additionally, here is a short list of commands you may want to get to know better:
adduser – Creates a new user account.
deluser – Removes a user account.
passwd – Used to set passwords and to lock user accounts
change – Sets a minimum and maximum age for a user’s password.
su – Switches user accounts in a terminal.
groupadd – Adds a user to a group.
groups – Shows what groups a user belongs to.
usermod – Removes a user from a group.