Managing User Accounts in Lindows
Lindows, a distribution of Linux, does not require you to set up user accounts; by default you log in as the Administrator. This article explains why you should have user accounts anyway and how to manage them. Experienced Linux users can safely skip ahead to the Setting Up Accounts section.
Before you can use a Linux system, you need to log in using a user account. A user account is a record that the system keeps for each user to record system data about that user, such as the user's password. The account is linked to a user name that is unique on a Linux system. The system checks the user account data to decide whether to grant or deny each user access to files and devices on the system.
A special account called root can be found in any Linux or other UNIX-based system. The Lindows login manager calls this account Administrator. Sometimes the root account is called the Super-User account. This account has full permission over the system--it can do almost anything.
In most situation, when you are logged in using the root account you have too much power. You can delete or overwrite any file on the system and possibly make the system stop working correctly. If someone can trick you into running a program or if a virus somehow runs while you are logged in, that program then has the ability to do anything at all; it could actually take over your system. In short, running as root is dangerous.
The alternative to running as root is to run as a user. Technically, root is a user too, but usually we refer to root and users as separate entities. When you are running as a user, you greatly reduce your ability to harm your system.
Every user account has a unique user ID, a number that identifies each specific user. The root user always has a user ID of zero; other user numbers vary. When you are logged in as a user, any program you use runs under your user ID, and the system checks that user ID to decide whether the program is allowed to do certain tasks.
Each user account also has a unique user name, sometimes called the login name. For the root account this name is always root. The user name can be anything, however. I use steveha on my home system, but I could be coolguy or some other nickname. User names should be short (no more than 8 or 10 letters) and contain numbers and lower-case letters; I do not recommend the use of upper-case letters or punctuation in user names.
Each user has a directory assigned to it, the home directory, over which the user has full permissions. The user's settings are stored in configuration files, which are kept in the home directory. By convention, the home directory is in /home and has the same name as the user name. So a user named coolguy would have /home/coolguy for a home directory.
Occasionally, you may discover that something doesn't work because you don't have permission to use it. For example, if your user account doesn't have permission to use the sound card in your Linux system, you aren't able to play music. But most Linux systems, including Lindows, do a good job of setting up user accounts with the permissions they need.
Because it's dangerous to run as root all the time, there are ways to access the power of the root account while logged in as a user. For example, you can run a command shell and switch only that command shell to run as root. A command called su switches user identities for a particular command-shell session. By default, it switches to the root user, but you can also use it to switch to another user identity. For security, you need to type the account password when switching with su. su actually opens a new shell inside your original command shell, so when you exit from the su shell you find yourself back in your original command shell.
If you want to run only one command as root, you can use sudo to run a single command as another user. If your usual command shell is Bash, then this command would do exactly the same thing as the su command:
# sudo bash
Graphical versions of sudo are available, too. Most of them don't have sudo in their name, only su. KDE has kdesu, GNOME has gnomesu and there are others.
Groups add another level of security to a Linux system. A group is a set of users who collectively can be given permissions. For example, access to the sound card is controlled by a group called audio, and any user who wants to be able to use the sound card needs to be in the audio group. Each group has a unique group ID, analogous to the user ID number, and a unique name, analogous to the user name.
A Linux system can assign permissions based on user ID or group ID. Anytime more than one user might want to access a file or device, it makes sense to use group permissions. For example, at a company where many people share a Linux server, the Project X team might have a group called projectx. All members of the Project X team then are added to the projectx group. All the secret files belonging to Project X would be made accessible only to the members of the projectx group.
You can use the Lindows File Manager, which actually is a KDE program called Konqueror, to make a file accessible to the members of only one particular group. Right-click on the file in the File Manager, and choose Properties from the right-click menu. Click on the Permissions tab, and then in the Ownership box, edit the Group field to specify the desired group. Then use the Access Permissions checkboxes to make sure only members of the specified group can access the file: make sure the Group permission bits for read and write are the only ones checked.
You can make a directory accessible to members of only a single group using the same technique. For a directory, the execute permission bit controls permission to access that directory; the read bit controls permission to view the contents of the directory; and the write bit controls permission to create new files in the directory.
You can find many tutorials on the Web that outline how to manage a Linux system by using user accounts, group accounts and permission bits. Almost all of them explain how to use command-line tools to change the settings. In Lindows, however, you actually can do most management tasks from the Lindows desktop, using the User Manager and the File Manager.
A program called the User Manager, which is a KDE program called KUser, is used to manage user accounts. At the end of Lindows setup, you have a chance to create user accounts. After the initial setup, you are prompted to remove the Lindows install CD and reboot. Then, for your first login, you can login as the root user. (No other users exist yet at this point in the Lindows setup process, only root.) Once you have logged in to the Lindows desktop, a window called First Time Setup opens and offers a license agreement. At the bottom of that window are three buttons: Set Time, Advanced and Finished. To create user accounts, click on the Advanced button, which opens the Advanced Settings menu. From there, click on Add Users to access the User Manager. Note: if you didn't set a password for the root user account yet, you can do it from the Advanced Settings menu as well; click on Set Administrator Password.
At anytime while running Lindows, you can run the User Manager by clicking on the Lindows menu button in the lower-left corner of the desktop and choosing Settings, User Manager. The User Manager has menus, a toolbar and two tabs. The toolbar provides convenient access to the most common operations. The two tabs are Users and Groups.
The Users tab shows a list of all users. UID is the User ID number, and User login shows the user account name. Full name is used optionally to specify the full name of the user for the account.
If you double-click on a user, or click on the Edit button from the toolbar, you get the User Properties dialog. This has three tabs. The User Info tab lets you change various information associated with the account. I suggest you edit the User login and Full name fields and leave all the other fields alone. The last fields, Office #1, Office #2 and Address all are comments. Linux ignores these fields; they simply are there for the system administrator's use. Notice that the User Info tab has a button, Set Password, that brings up a dialog to set a new password.
The second tab is the Password Management tab. I suggest you leave all of its settings alone. Oddly, it is not possible to change the password from the Password Management tab; you must use the Set Password button on the User Info tab.
The last tab, Groups, lists the groups to which the account belongs. A checkbox next to each group controls whether the account is a member of that group. By default, Lindows does a good job of setting up all the groups a user might need, so you probably will not need to make many changes here.
Adding or removing groups from the system is possible, as is changing group ID numbers, from the User Manager's Groups tab. By default Lindows does a good job of setting up your system here too; it is unlikely that you will need to use these features for a desktop Lindows system.
The User Manager actually can be a little bit dangerous. If you delete the root user, for example, bad things can happen: for one, you will no longer be able to reboot the system. It is possible to recover from this problem without completely re-installing your Linux system, but it's a job for an expert. In short, use the User Manager to manage non-root users, and leave the root account alone.
Using the User Manager, create at least one user account for each person who will be using your Lindows system. I recommend you add each user account to the following groups: audio, dialout, dip, cdrom, video, and user. In addition, if your users are connecting to the Internet using a modem, make sure they are members of the dialout and dip groups.
When a user logs in to a user account, the Click-N-Run Installer automatically opens and runs. Every time it runs, it pops up a dialog box that asks for the root password. The official solution for this, from the Lindows support Web site FAQ 325, is to remove the Click-N-Run Installer from the autostart programs by moving the file /usr/share/autostart/clicknrun.desktop somewhere else.
Security always involves more fuss and bother than does no security--until someone takes over your system or a virus wreaks havoc or you accidentally clobber a file and your system stops working. The extra initial work it takes to set up user accounts and use them is worthwhile.
Lindows does not run as smoothly with user accounts as it does when you run as root all the time; be warned that you need to do a bit of extra work to set up things correctly. As a first step, I hope this article helps you get user accounts working well on your system.
Controlling access to files using user and group permissions
Lindows is based on the Debian GNU/Linux distribution. Debian GNU/Linux System Administrator's Manual
Steve R. Hastings first used UNIX on actual paper teletypes. He enjoys bicycling with his wife, listening to music, petting his cat and making his Linux computers do new things.
email: steve@hastings.org