Linux is case-sensitive. For example: myfile, Myfile, and myFILE are three different files. Your password and login name are also case-sensitive. (This follows tradition since both UNIX and the "c" programming language are case-sensitive.)  Naming conventions for files and directories are identical. All the files and directories which I create (for myself, as a user) are lower-case, unless there is a very special reason to make it different. Most of Linux commands are also all lower case.

Filenames under Linux can be up to 256 characters long and they normally contain letters, numbers, "." (dots), "_" (underscores) and  "-" (dashes).  Other characters are possible but not recommended.  In particular, it is not recommended to use special metacharacters: "*" (asterisk), "?" (question mark), " " (space),  "$" (dollar sign),  "&" (ampersand), any brackets, etc. This is because metacharacters have special meaning to the Linux shell (shell is something like COMMAND.COM, the command processor under DOS).  It is possible to have a space in the filename, but we don't recommend it either--we use underscore "_" instead.

It is not possible at all to have '/' (slash) as a part of the filename because  '/' is used to represent the top of the directory tree, and as a separator in the pathnames (the same as '' is in DOS).

Like in DOS, I cannot have a file called . or a file called.. (dot or two dots)--they mean current and parent directory respectively, exactly like in DOS.

Here is the meaning of some metacharacters:
*  = Matches any sequence of zero or more characters, except for  "." (a dot) at the beginning of a filename.
?  = Matches any single character.
[abC1]  = Matches a single character in the enumerated set. In this example the set contains: 'a',  'b',  'C', and '1'.
[a-z] = Matches any lower-case letter.
[A-F] = Matches any upper-case letter from A to F.
[0-9] = Matches any single digit.
[a-zA-Z0-9] = Matches any letter (lower or upper case) or any digit.

Examples. This command will list any filename in the current directory, with the exception of filenames starting with "." (dot):

ls *

An equivalent to this command is to type just ls  or  dir (without the "*").  Files with names starting with "." are not shown because "."  as the first character of a filename is not matched by "*". Think of files with names starting with "." as an equivalent of DOS hidden files.  Use ls -a (list with the option "all") or ls .* to see these  "dot" files.  The dot-files are common in the user home directories and are typically used to contain user-level configurations.

This command will list any file (current directory) that contains a dot:

ls *.*

This command will list any filename that contains two dots:

ls *.*.*

Please note that Linux does not have "filename extensions" the way DOS does, but you can still use them. For example, I can have a file my_text.txt.zip. Some other DOS-kind file-naming features are completely absent ("Micros~1.doc" comes to mind).

This command will find (on the whole filesystem) any file with the extension "htm" optionally followed by any one more character:

locate *.htm?

This command will show all filenames in the current directory that start with "a" or "b", or any capital letter:

ls [abA-Z]*

This command will list any file starting with "a" and ending with "n"

ls a*n

Command line autocompletion.  This is a great command line feature--I use the [Tab] key a lot to save on typing. It makes it brisk to deal with long and complicated filenames. For example using such a filename on the command line is really not a problems, if I use autocompletion:

dir Eurosong 2000 Olson Brothers - Fly on the wings of love (denmark).mp3

I just type

dir Eu[Tab]

and if there are no other files starting with "Eu", the rest of the filename is automatically typed for me. Otherwise, I would have to look at my choices (which are printed for me) and type one or two more characters to make the filename unambiguous.

Problems with weird filenames.  Most of these problems can be solved using autocompletion. Additionally, to manipulate files with names that contain metacharacters, I may use a pair of ' ' (two apostrophes), so that the metacharacters are quoted and therefore the shell does not interpret their meaning. For example, to rename a file my file* (contains space and asterisk), I would issue:

mv 'my file*' filename_without_weird_characters.txt

Please note that I use a pair of ' (apostrophes) for quoting. Quoting with a pair of "  " (quotation marks) is generally weaker than quoting with '  ' . If you use " (quotation marks)  some metacharacters may get interpreted.

Following UNIX tradition, on Linux, one may create files with names contaning almost any character, including non-printable (control) characters. Those are very infrequent, but if you encounter such a file, it can make you feel really weird. I would rename such a file using a carefully positioned metacharacter. I would use ls first to try if my action indeed targets the desired file, and then rename the file:

ls -l myfile*y.html
mv myfile*y.html myfile.html

As an example of the perhaps weirdest problems that you might face when using non-recommended characters in a filename, try creating a file with a name starting with a dash and then remove it--there seems to be no way to do it (because a dash normally introduces command options).  E.g., the command
dir > -junk

will create such a funny file (like in DOS, the symbol ">" redirects the output from the dir command to a file named -junk).  Since the regular way of removing the file -junk does not work, I use:

rm ./-junk

The dot slash at the beginning  means "the current directory" and here just serves the purpose of hiding the leading dash so it is not interpreted as introducing an option to the rm command.  The point here is that I would rather stick to traditional naming conventions than face the occasional complications.

This is explained very nicely in the Linux System Administrator Guide (SAG), which should be available on your system. Try:

cd /usr/doc/LDP/sag
lynx sag.html

This will start a text-mode browser "lynx" to view this html book. You can also use any other browser, e.g. Netscape for Linux or Windows, to view this book. This book and other LDP books are actually quite easy to read.

Briefly, Linux contains five filesystems. These filesystems can reside on a single or different physical hard drives and/or hard drive partitions, depending on the size and need of your system. (A single filesystem can also be distributed between different physical devices, if needed.)

The root "/" filesystem contains basic operating system and maintenance tools. The content of this filesystem should be sufficient to start  up the system and perform emergency maintenance and repairs if they were necessary.
/usr filesystem contains all commands, libraries, documentation, and other files that do not change during normal operation. This will also contain major applications that come with your distribution, for example Netscape.
/var filesystem contains files that change:  spool directories, log files, lock files, temporary files, and formatted manual pages.
/home filesystem contains user files (users' own settings, customization files, documents, data, mail, caches, etc). The contents of this directory should be preserved on an operating system upgrade.
/proc filesystem contains entirely illusionary files. They don't really exist on the disk and don't take up any space there (although ls -l will show their size). When viewing them, you really access information stored in the memory. It is used to access information about the system.

The parts of the root filesystem are:
/bin--executables (binaries) needed during bootup that might be used by normal users.
/sbin--executables (system binaries) not intended for use by general users (users may still use them, but this directory is not on their PATH).
/etc--system-wide configuration files for your operating system.
/root--the home directory of the system administrator (called super-user or root).
/dev--device files. Devices appear on Linux as files so it is easy to write to them or read from them.
/mnt--mount points for removable media (floppy, cdrom, zipdrive), partitions of other operating systems (e.g. MS Windows), network shares, and anything else that is mounted on the file system temporarily. It normally contains a separate subdirectory for each mounting share. The contents of these drives/shares appear in these subdirectories--there are no drive letters on Linux.
/lib--shared libraries for programs that reside on the root filesystem and kernel modules.
/boot--files used by the bootstrap loader (LILO or GRUB), the thing that loads first when the computer is booted and perhaps gives you the option of which operating system to boot, if you have more than one OS on your computer). It typically also contains the Linux kernel (compressed, file vmlinuz), but this can be stored somewhere else, if only LILO is configured to know where it is.
/opt--optional large applications, for example kde under RedHat 5.2 (under RedHat 6.0, kde is distributed as any other X-windows distribution, main executables are in the /usr/bin directory).
/tmp--temporary files.  This directory may clean up automatically.
/lost+found--files recovered during the filesystem repair.

The most interesting parts of the /usr filesystem are:
/usr/X11R6--X-windows system (version 11, release 6).
/usr/X11--the same as /usr/X11R6 (it is a symbolic link to /usr/X11R6).
/usr/X11R6/bin --lots of small X-windows apps, and perhaps symbolic links to the executables of some larger X-windows applications that reside in their own subdirectories somewhere else).
/usr/doc--Linux documentation (on newer systems, this moved to /usr/share/doc).
/usr/share --Data independent from your computer architecture, e.g., dictonary words.
/usr/bin and /usr/sbin--similar to their equivalents on the root filesystem (/bin and /sbin), but not needed for basic bootup (e.g. during emergency maintenance). Most commands will reside here.
/usr/local--the applications installed by the local administrator (perhaps each application in a separate subdirectory). After the "main" installation, this directory is empty. The contents of this directory should survive normal re-installation or upgrade of the operating system.
/usr/local/bin--perhaps smaller "user"-installed executables, plus symbolic links to the larger executables contained in separate subdirectories under /usr/local .

It is important to understand that all directories appear in a single directory tree, even if the directories are contained on different partitions, physical drives (including floppies, etc), or even if they are distributed over the network. Therefore, there are no DOS-type "drive letters" under Linux. What would be a "drive" under DOS or MS Windows, appears on Linux as a subdirectory in a special "mounting" location.

The directory system is well-established and standard on most Linux distributions (the small differences are being currently addressed by the Linux Standard Base). It is also quite similar to that found on many commercial UNIX systems.

More about the /proc filesystem (only for really curious).
The /proc "pseudo" file system is a real-time, memory-resident file system that tracks the state of the operating system kernel and the processes running on your computer.  The /proc file system is totally virtual, i.e., it is not written on any particular disk or other persistent media, it exists only in the computer memory, and it is constantly updated to reflect any changes to your system. The size of the /proc directory is always zero and the last modification time is the current date. In some cases, it is possible to change your system settings by manually changing the contents of files in the /proc filesystem. Many Linux utilities use the /proc filesystem as the source of their information, e.g., dmesg, ps, top.

Contents of the /proc filesystem.

Directories with numerical names like "1" "170" "4908" are IDs of the processes running on your computer. Each directory contains several files, e.g.,: cmdline (contains the entire command line that was used to envoke the process), cwd (symbolic link to the cwd of the process), environ (the environment variables defined for this particular process in the form VARIABLE=value), exe  (a symbolic link to the executable file that the current process is linked to), fd  (a list of the file descriptors opened by the process),maps (a named pipe that can be used to access the process memory), root (a symbolic link to the directory which is the root file system for the particular process), stat (info on the status of the process).

Other files in the /proc filesystem:
/proc/cpuinfo --information about the processor, such as its type, make, model, and performance.
/proc/devices --list of device drivers configured into the currently running kernel.
/proc/dma --DMA channels being used at the moment.
/proc/filesystems --filesystem types configured into the kernel.
/proc/interrupts --interrupts in use, and how many of each there have been.
/proc/ioports --I/O ports in use at the moment.

For example, I can read the cpu info on my system using the following command:
cat /proc/cpuinfo

How do I run a program?

Typing the name of the executable on the command line doesn't help? There are three possibilities.

The first possibility: you did not type the name of the executable correctly. Check the case--Linux is case sensitive!  For example, typing "Pico" or "PICO" will not start the pico editor.

The second possibility: maybe the program is not on your PATH.  Under Linux (or UNIX), an executable must be on your PATH to run it, and the current directory is NOT on your PATH. Type the full path to the executable before the executable name, or execute:

cd the_program_directory
./program_name

You must put the dot and slash in front of the program name or the program will NOT execute.  (This is a security feature not to put one's current directory on the path.  It makes "trojan horses" more difficult. A "trojan horse" is a malicious program that pretends to be something different than it really is.)  The dot means "the current directory", and the slash "/" is a separator between the directory name and the filename (exactly as "" in DOS).

You may check your path using:

echo $PATH

To learn how to change your PATH, or add your current directory to it, see the next answer.

If your executable is lost somewhere in your directory tree,  you may want to find it using (for example):

find / -name "netscape"

to find a file named "netscape" searching from the root directory "/". You may be able to achieve the same result faster using:

locate netscape

(Locate runs faster because it relies on a pre-built database of files on your system.  This database is updated by a background cron process that normally runs at night, so don't count on locate to find a file if you regularly switch off your computer for the night, or you are searching for a file that you just installed.)

Please note that the PATH is normally different for root than regular users (root's PATH includes /sbin and /usr/sbin whereas users' don't). Therefore users cannot execute commands located in the  "sbin" directories unless they specify the full path to the command. Also, if you become a superuser by executing the su command, you inherit the user's PATH, and to execute the command located in sbin, you need to specify the full path.

Conversely, if you need to learn where an executable which is on your PATH is located on your system (i.e., the executable runs by typing its name anywhere in the system, but you would like to know where it is), you may use something like this:

which netscape

which will show the full PATH to the executable program called "netscape".

The third possibility:  maybe the file is not executable.  If it should be, change the permissions to make it executable. E.g. (as root or the user who owns the file):

chmod a+x my_file

will make the file "my_file" executable for all users. Check if it worked using:

ls -l  my_file

Read here if you don't understand the output of this command or the whole "third possibility".

Please note that under Linux (or UNIX), it is not the file extension (for example .exe or .com or .bat) that makes a file executable.  The file needs an "executable file access mode" which is not unlike a "file attribute" under DOS.

How can I change the PATH?

Typically, you don't have to change your PATH, but it very useful to understand what PATH is.

The PATH is the list of directories which are searched when you request the execution of a program. You can check your PATH using this command:

echo $PATH

which, on my system , shows the PATH for the user "yogin" to be:

/opt/kde/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/yogin/bin

The ":" is a separator, therefore the above PATH represents a list of directories as follows:

/opt/kde/bin
/usr/local/bin
/bin
/usr/bin
/usr/X11R6/bin
/home/yogin/bin

Here is the output from the command "echo $PATH" run on my system on the account "root":

/opt/kde/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin

You can change the PATH for all users on the system by editing the file /etc/profile and adjusting (as root) the line starting with "PATH=".  I do it using the pico editor (as root):

pico -w /etc/profile

(The option -w turns off the wrap of long lines.)

Re-login for the change to take effect.  To set up the PATH for an individual user only, edit the file /home/user_login_name/.bash_profile (please note the dot in front of the filename--files starting with a dot are normally invisible, you have to use ls -a  to see them).

If you really want to have the current directory on your PATH, add "." (dot) to your PATH.  When used in the place when directory name is expected, a dot means "the current directory". The specification for the path in /etc/.bash_profile may then look like this:

PATH="$PATH:$HOME/bin:"."
export PATH

This command takes the contents of the environmental variable called PATH (as set for all users in /etc/profile), and appends to it the name of your home directory as set by the variable HOME with an attached "/bin"  and then a dot. Finally, the command assigns the resulting string back to the variable called PATH.  It is necessary to use the command "export" after modifying PATH or any other user-environment variable, so that the variable is visible outside of the script that sets it.

How can I shutdown my computer?

In a text terminal, press <Ctrl><Alt><Del> (the "three-finger salute", you press the three keys simultaneously), wait for the shutdown process to complete, and turn off your machine only after it starts rebooting again.  If you are in X-windows, first switch to a text terminal by pressing <Ctr><Alt><F1>  (three keys simultaneously). Do not turn off your machine without the proper shutdown or else you may have disk error messages next time you boot. (Typically, the errors resulting from improper shutdown will be repaired automatically during the next boot, but occasionally more serious problem may result, and then you may need to repair the files manually or re-install!)

If you prefer your computer to go to a halt after you press <Ctrl><Alt><Del> (instead of the default reboot), you can set this up by editing the file /etc/inittab. This file specifies something like this:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

As root, replace the option "-r" to "-h" so that the same fragment reads:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -h now

The line starting with "#" is just a comment (it is for humans, it does not have any effect on the computer). The option "-t3" tells the shutdown command to wait 3 seconds before it starts killing processes. The options "-r" and "-h" stand for "reboot" and "halt" respectively, so they perform a shutdown to reboot or a shutdown to a system halt.

Root can also use the shutdown command directly. This command can be used for either local or remote shutdown of your computer, but is used mostly for remote shutdown when the local keyboard is not available so you cannot use <Ctrl><Alt><Del>. It can also be very useful if a program hangs so that the keyboard is no longer functional.  For example:

telnet name_of_machine_with_no_operable_keyboard
[login as a user]
su
[give password]

Now either execute ps axu |more, find the process id of the offending command in the ps output and do

kill pid_of_offending_process

or reboot your machine with:

/sbin/shutdown -rn now

This command will shutdown really fast, bypassing standard (longer) shutdown procedure--useful when the system becomes really buggy (the option -n will make "shutdown" kill all the processes before rebooting).

Please note that for security reasons, you cannot login to a remote machine as root (e.g., over the telnet).  You have to login as a user and then execute su and give a password to become a super user (root).

The shutdown command may also be used to execute a shutdown later. E.g. (as root):
/sbin/shutdown -r 23:59

will reboot the system 1 minute before midnight. I could also use:
/sbin/shutdown -r +1

to shutdown 1 minute from now. I can cancel a scheduled shutdown with:
/sbin/shutdown -c

If the shutdown command is too long for you, you may want to try these two commands, which do exactly what their names suggest (as root):
reboot
halt

A fancy way to shut down your computer is to switch your system to the runlevel 0 (for halt) or runlevel 6 (for reboot). Try it using (as root):

init 0

The meaning of the different runlevels is explained in the file /etc/inittab and  here.

How do I deal with a hanged program?

Buggy programs do hang under Linux. A crash of an application should not, however, affect the operating system itself so it should not be too often that you have to reboot your computer.  Linux servers are known to run for more than a year without a reboot. In our experience, a misbehaving operating system may be a sign of hardware or configuration problems:  we repeatedly encountered problems with the Pentium processor overheating (the fan on the Pentium did not turn as fast as it should or it stopped altogether, the heat sink on the Pentium was plugged with dirt), bad memory chips, different timing of different memory chips (you may try re-arranging the order of the chips, it might help), wrong BIOS setup (you should probably turn off all the "advanced" options, Linux takes care of things by itself).  The "signal 11" error message is typically (99%) associated with hardware problems and is most likely to manifest itself when you perform computing-intensive tasks: Linux setup, kernel compilation, etc.  If your Pentium has the tendency to overheat (very common for early Pentiums), here are some tips to keep it cool, particulary during hot weather: clean the processor heat sink, replace the processor fan, operate the computer with the cover off and aim an extra fan inside, increase the processor "wait-state" in the computer BIOS, don't overclock, decrease useless load, e.g., replace this super-fancy screen saver with a blank screen.

Not really hanged. Some programs might give the uninitiated impression of hanging, although in reality they just wait for user input. Typically, this happens if a program expects an input filename as a command line argument and no input filename is given by the user, so the program defaults to the standard input (which is console). For example, this command

cat

may look like it's hanged but it waits for keyboard input.  Try pressing <Ctrl>d  (which means  "end-of-file") to see that this will satisfy the cat command.  Another example:  I have seen many questions on the newsgroups about the "buggy" tar command that "hangs" when trying to uncompress a downloaded file, for example:

tar -zxv my_tar_file [wrong!]

This waits for user input too, since no option "-f filename" was specified so "my_tar_file" was not recognized as a filename. The correct command is:

tar -zxvf my_tar_filename

Please note that the filename must follow immediately after the option "f" (which stands for "filename). This WILL NOT work (very common mistake):

tar -zxfv my_tar_file  [wrong!]

Any program (hanged or not) can be killed.

A text-mode program in the foreground can often be killed by pressing <Ctrl>c. This will not work for larger applications which block the <Ctrl>c, so it is not used on them accidentally.  Still you can get back in control either by sending the program to the background by pressing <Ctrl>z  (no guarantee this will work)  or switching to a different terminal, for example using <Ctrl><Alt><F2> and login as the same user that hanged the program (this should always work).  Once you are back in control, find the program you want to terminate, for example:

ps

This command stands for "print status" and shows the list of programs that are currently being run by the current user. In the ps output, I find the process id (PID) of the program that hanged, and now I can kill it. For example:

kill 123

will kill the program with the process id (PID) of "123".

As user, I can only kill the processes I own (this is, the ones which I started).  The root can kill any process. To see the complete list of all processes running on the system issue:

ps axu | more

This lists all the processes currently running (option "a"), even those without the controlling terminal (option "x"), and together with the login name of the user that owns each process ("u"). Since the display is likely to be longer than one screen, I used the "more" pipe so that the display stops after each screenful.

The kill command has a shortcut killall to kill programs by name, for example:

killall netscape

will kill any program with "netscape" in its name, while

killall pppd

will surely disconnect any dial-up connection by killing the ppp daemon.

X-windows-based programs have no control terminals and may be easiest to kill using this (typed in an X-terminal):

xkill

to which the cursor changes into something looking like a death sentence; you point onto the window of the program to kill and press the left mouse button; the window disappears for good, and the associated program is terminated.

A shortcut to the last command is to press <Ctrl><Alt><Esc>, to which the cursor changes into something looking like a death sentence--you point at the window of the offending program, click your mouse, and the window closes and the program is gone.

If your X-windows system crashes so that it cannot recover, or you just get stuck, it may be the easiest to kill the X-server by pressing <Ctrl><Alt><BkSpace>. After that, it might be a good idea to run ps axu, find any possible X-programs that might still be running, and kill them. If you don't do this, and there really is a misbehaving program that caused your X-windows to crash, it might cause trouble again.

If you have programs in the background, the operating systems will object your logging out, and issue a message like "There are stopped jobs".  To override and logout anyway, just repeat the logout (or exit) command --the background program(s) will be automatically terminated and you will be logged out.

Core files. When a program crashes, it often dumps a "core" into your home directory. This is accompanied by an appropriate message. A core is a memory image (plus debugging info) and is meant to be a debugging tool.  If you are a user who does not intend to debug the program,  you may simply delete the core:

rm core

or do nothing (the core will be overwritten when another core is ever dumped). You can also disable dumping the core using the command:

ulimit -c 0

Checked if it worked using:

ulimit -a

(This shows "user limits", the option "-a" stands for "all".) To make the option of disabling core dumps permanent for all users, edit the file /etc/profile (as root), where ulimit is set, and adjust the setting. Re-login for the changes to /etc/profile to take effect.

If you would like to see how a core file can be used, try (in the directory where you have a core file):

gdb -c core

This launches GNU debugger (gdb) on the core file "core" and displays the name of the program that created the core, signal on which the program was terminated, etc. Type "quit" to exit the debugger.  To learn the meaning of different signals, try:

cat /usr/include/bits/signum.h |more

Users, passwords, file permissions, and security

Home directories, root, adding users

The (almost) only place on the harddrive that normal users (non-root) can write to is their home directory, which is /home/user_login_name.

This "home" directory is for all user files: settings, program configuration files, documents, data, netscape cache, mail, etc.  As a user, you can create subdirectories under your home directory to keep yourself organized.  Other users cannot read your files or write to your home directory unless you give them permission to do so.

Normal users can also see, read and execute many other files on the system (besides their home directory), but normally they cannot modify or remove (delete) them.

The "root" (also called "super user") is a special administrative account that has the power to modify any file on the system.  It is not a good idea to habitually work on your system as root--if you do so, your mistakes can cost you dearly. Set up and use a normal user account for everyday work for yourself, another user account for your son, and yet another for your wife. The root account is typically the only account that exists on Linux after the initial installation. Thus you have to explicitly create "user" accounts for normal work for you Linux system.

A user account can be created by "root" using, for example:

adduser joe
passwd joe
[type the password for the user joe]
[retype the password for the user joe so as to avoid mistakes]

So first, I logged in as root. Then, on the command line, I issued the command "adduser" with the parameter (argument) "joe". This created the account "joe" on my Linux computer. Then, I issued the command "passwd joe" to change the password for the user "joe" to something fairly secure. Now, I can tell "joe" what her initial password is, and she can login and change the password to her liking. Please note that the account name (user login name, "joe") and the password are case-sensitive.

Root can change any user's password, although s/he cannot read it.  [Passwords are encrypted using a one-way encryption algorithm and only this encrypted version is stored on the system, in the file /etc/passwd (older systems) or /etc/shadow (newer systems), and the "open" version of the password is never stored.  When you login, the password you type is encrypted again using the same one-way algorithm and compared with the already encrypted version stored in /etc/passwd or /etc/shadow.]

The separation of the administrator and user makes Linux systems secure and robust--it even makes viruses under Linux difficult (the programs that a user runs can write only to his/her own directories, and therefore cannot affect the vital parts of the operating system).

It is customary that the user changes his/her password immediately after the first login, for example:

passwd
(current) UNIX password:  pass_OLD
New UNIX password:  pass_NEW
Retype New UNIX password:  pass_NEW

In reality, the password will not appear on the screen as you type it (for security reasons). Take your time if you are changing the password for the very first time--it can be difficult to type "blind".

On the Linux system, the same password is used to:
- login on the text terminal,
- login onto a graphical (GUI) screen,
- unlock a locked text terminal,
- unlock a password-protected screen saver on a GUI (for example, KDE or GNOME).

About password security

Weak passwords are probably the most common source of security problems. Even at home, you may expose yourself to serious trouble because somebody may be able to hack your computer when you browse the Internet and read/delete your files, or use your computer to do something really nasty to the local police computer network. Therefore, keep all your login names/passwords secure, even at home. Once somebody logs into your computer (even as an ordinary user), he may find it quite easy to gain root access (depending on how well-maintained/up-to-date your system is vs. how good a hacker s/he is).

Here are some examples of hazardous passwords:
- No password (possible!).
- The word "password" (wow, this one is really weak!).
- Your login name (The login and the password the same? Hmm.).
- Your first name or the first name of your daughter, son, husband, wife, girlfriend, or any other first name. The number of first names in use is quite limited--just check the paperback book "what to name your baby". Don't assume that a first name you think of is secure because you are from India--Canada is really a multinational society and the typical namelist seems to cover all kinds of first names.
- Your last name or any other last name. The number of last names is surprisingly limited! Just check the US census data to see that your "rare" last name from the abamamahaba island is very well represented in the US 30,000 or so most frequent last names. Or just check the Toronto telephone book. Another proof that we are all one family :))
- The nickname of your dog, wife, canary or computer (very few nick names humans use).
- Name of your favourite sports team, celebrity, toothpaste, or detergent.
- Date of your birth, social security number, etc; Sequences of digits can be easily probed.
- Name of your company, department, workgroup, etc.
- Password written in the calendar on your desk or on the side of your computer.
- A password which you also use in an insecure public place, for example an Internet store or a mailing list. In general, you should use different passwords for places controlled by different organizations.
- Any word which is in the English dictionary. The English dictionary does not contain as many words as it might seem. A not-so-skillful hacker can easily set a program to encrypt all dictionary words (100,000? that's under 1 MB!) and then compare all the encrypted strings to your encrypted password. Try the program crack yourself to find how easy it is.
- Any other word, last name, first name, pet or swear word, no matter in what language. For a cracker, to cover most languages is only a small overhead if he already covered one. How many significant languages are out there? 40?  Just grab a few more files and append it to your cracking list. The point here is that the subset of words that humans normally use if far far below the theoretical limit of the random combination of characters.
- Any of the above with an addition of a number/letter at the beginning or the end. "yuoping1" is really a very weak password.

A good password is relatively long (minimum 6 characters),  contains a mixture of letters (upper and lower case, if possible), numbers and special characters, and is changed quite regularly (8-16 weeks?).

Unfortunately, the better the password, the harder it is to remember. I solved this problem for myself by taking 10 minutes to invent my personal password "scheme". Say, I always use two words connected with an exclamaition mark, last letter of each word is capitalized, e.g., "whitE!housE".  Seems like a good password, and it is easy to remember once I know what my rule is.

The system administrator can set the password policy (minimum length, requirement of special characters, password expiry) through the utility included in this configuration program (run as root):

linuxconf

under the menu "user account"-"policies"-"password & account policies".  Normal users won't be able to set a password which is too short,  is a dictionary word, or does not contain the prescribed number of non-alphanumeric characters (but root can change any password to anything s/he likes, s/he will only be given a warning).

Also make sure that any file that contains any password of yours (e.g., /root/.kde/share/config/kppprc) has proper, secure permissions so that it cannot be read by anybody. For example, most likely you want:

chmod 600 kppprc

If you use an "over the phone" Internet connection for just a couple of hours a week, you may be fine even with a relatively weak password on your system. But please really reconsider your system security if you use a cable modem, or are otherwise connected to the Internet for a significant amount of time.

I forgot the root password

Even if I never forget any passwords, I would still study this issue in detail because it can give me a hint on how my mother might be reading my ICQ chats history :-)

First method. The easiest way to solve your "forgotten root password" problem is to boot your Linux in the single-user mode, namely at the "lilo"prompt (during bootup) type:

linux single

This will make you "root" without asking for a password. Now, being root, you may change the root password  using this command (no knowledge of the old password required):

passwd

If it strikes you as insecure, that's because no computer system is secure if other people have physical access to your hardware.  Nevertheless, I did not like the "linux single" hole on my home computer and plugged it by adding the following lines to my /etc/lilo.conf file (at the end of the "image=" section):

password="my_password"
restricted

[This "lilo" password is required when, at the LILO prompt during bootup, somebody enters the word "linux" with any parameter (normal bootup without any parameters will still be possible without a password).]  For the changes to /etc/lilo.conf to take effect, I must re-run the command lilo .  Since my lilo password is not encrypted, I must make /etc/lilo.conf readable only for root:

chmod 600 /etc/lilo.conf

Second Method.  Another way to solve the "lost-root-password" problem is to boot your computer from the Linux boot diskette, find your Linux root partition on the hard drive, mount it, and edit the file /etc/shadow.  (I can do it because after booting from the floppy, I become root without being asked for a password.)  In the password file, I erase the encrypted password for root (for example, using the pico editor), so it is empty.

Information about a user account is kept in plain-text files: /etc/passwd and /etc/shadow.

The file /etc/passwd contains "world-readable" information about all accounts on my computer  Each line in this file contains information about one account. Each line has 7 colon-delimited fields (this means 8 entries separated by colons): login name, the letter "x", the numerical user ID, the numerical primary group ID for the user, a comment field (for example, the full name of the user), the user's $HOME directory, the name of the shell (meaning the program that is run at login).

The balance of information about accounts on my computer is stored in the file /etc/shadow. This file is more secure because normally only root can read it. In this file, each line describes "shadow" information about one account, and has 9 colon-delimited fields: login name, encrypted password, days since Jan 1 1970 that password was last changed, days before password may be changed, number of days after which the password must be changed, number of days before  password expiration to warn the user, number of days after password expiry that account is disabled, number of days since Jan 1 1970 that account is disabled, and a reserved field.

Some (older) UNIX or Linux systems do not contain the file /etc/shadow and store the encrypted user password in the second field of each line of the file /etc/passwd (the field which on newer systems contains just the letter x).

For example, my /etc/shadow entry for "root" account may look like this:

root:$1$BuPbmLAz$1G7.evIChyqaEI0TlZp0F.:11071:0:99999:7:-1:-1:134540356

and after the password is erased, it looks like this:

root::11071:0:99999:7:-1:-1:134540356

Now, the root account has no password, so I can reboot the computer and, at the login prompt, type "root" and for password just press ENTER (empty, no password). After a successful login, I immediately set the password for root using the command:

passwd

To make the "floppy access" to my system a little bit more difficult, I considered running a computer without a floppy drive :-) Unfortunately, Linux CDs are bootable these days. I set up my boot sequence (in the BIOS setup) so that the system boots from the hard drive before floppy and CDROM are tried, and added an "administrative" password on changes to the BIOS settings. Still, I worry that these BIOS passwords are very easily crackable, or that one could remove the small battery that sustains the BIOS setting. One could also remove my harddrive and connect it to another computer for reading :-) . I am thinking about installing an "encrypted file system" which is now available on Linux, but considering all the trouble associated with it, perhaps I will settle on locking my room :-) .  If all this sounds paranoid to you, it probably is--it just illustrates the point there is little computer security, even under Linux, if the potential cracker has physical access to your hardware.

I forgot my user password

If a regular (non-root) user forgets his/her password, this is not a problem since root can change any password. For example (as root):

passwd barbara

will prompt for a new password for the user "barbara" (no knowledge of old password required). If a user (non-root) wants to change his/her password, s/he will be asked for the old password first. (This is a security feature so nobody changes your password if you left your terminal unattended. )

Disabling or removing a user account

A user account can be temporarly disabled or permanently removed.

To temporarily disable (lock) a user account, there is no need to change his/her password. Just put an asterisk "*" at the beginning of the second field (before the encrypted password) in the file /etc/shadow .  The "*" means that no login is permitted for this account. When you want to restore the account, you just erase the star and the user account is back in operation, with its old password.

Here is an example entry from the file /etc/shadow with the password disabled for user "peter":

peter:*$1$narMEFm6$fhA1puOU422HiSL5aggLI/:11193:0:99999:7:-1:-1:134539228

I could also lock a user account with the following command:
passwd peter -l

and unlock it with
passwd peter -u

To irreversibly remove a user account on my home computer, I do the following:
- login as root
- change my identity to the user to be removed, to check if there is any new important mail:

su doomed_user_login_name
mail
logout

- delete the user account

userdel doomed_user_login_name

- force-delete the user home directory with all its contents including any subdirectories:

rm -fr /home/doomed_user_login_name

I have file permission problems. How do file ownership and permissions work?

Linux (the same as any UNIX) is a secure, multiuser operating system, and this creates a level a complexity with "files permissions".  Trouble with file permissions can lead to unexpected and nasty problems.  Understanding file permissions is of uttermost importance to be able to administer any multiuser operating system (be it UNIX, WinNT, or Linux). My advice would be: learn the system of Linux (or any UNIX) file permission conventions; you will not regret it.

File owners.  Each file (or directory) belongs to an owner (normally a login name) and to a group. The owner is typically the person who created (or copied) the file.  The group often consists of one person--the owner, and has a name identical to that of the owner, but it does not need to be so.  A file can be removed (erased) only by the owner of the file, or a member of the group that owns the file, or the root. Other users, however, may be able to modify or erase the contents of the file if they are given permission to do so--read on. The owner and group that owns the file will be shown in the output from the ls -l command (="list in the long format"). For example, the command:

ls -l junk

produced this output on my screen:

-rwx------   1 yogin    inca           27 Apr 24 14:12 junk

This shows the file "junk", belonging to the owner "yogin" and to the group "inca".

The ownership of a file can be changed using the commands chown (change owner) and chgrp (change group), which are normally executed by root:

chown peter junk
chgrp peter junk
ls -l junk

After executing the above 3 lines, the command ls-l junk produces this output on my screen:

-rwx------   1 peter    peter           27 Apr 25 20:27 junk

Changing file ownership comes handy if you move/copy files around as root for use by other users. At the end of your housekeeping you typically want to hand the file ownership over to the proper user.

File permissions.  Now, an owner of a file can make the file accessible in three modes: read (r), write (w) and execute (x) to three classes of users: owner (u), members of a group (g), others on the system (o). You can check the current access permissions using:

ls -l filename

If the file is accessible to all users (owner, group, others) in all three modes (read, write, execute) it will show:

-rwxrwxrwx

Skip the first "-" (it shows "d" for directories, "-" for normal files, "l" for links,  "c" for character devices, "b" for block devices, "p" for named pipes like FIFO files). After this initial character, the first triplet shows the file permission for the owner of the file, the second triplet shows the permissions for the group that owns the file, the third triplet shows the permissions for other users. A "no" permission is shown as "-".  Here is an output from the ls -l command on a file that is owned by root, for which the owner (root) has all permissions, but the group and others can only read and execute:

drwxr-xr-x   2 root     root        21504 Apr 24 19:27 dev

The first letter "d" shows that the file is actually a directory.

You can change the permissions on a file which you own using the command chmod (="change mode"). For example, this command will add the permission to read the file "junk" to all (=user+group+others):

chmod a+r junk

In the command above, instead of "a" (="all"), I could have used "u", "g" or "o" (="user", "group" or "others").  Instead of "+" (="add the permission"), I could have used "-" or "=" ("remove the permission" or "set the permission").  Instead of "r" (="read permission"), I could have used "w" or "x" ("write permission" or "execute permission").

Second example. This command will remove the permission to execute the file "junk" from others:

chmod o-x junk

Instead of letters, one can also use numbers to specify the permissions. To understand how it works, look at this:

execute=1
write=2
read=4

The total permission for a class of users is the sum of the three. Thus:

0 = no permissions at all(neither to write, nor to read nor to execute)(common)
1 = execute only (seems unusual)
2 = write only  (seems unusual)
3 = write and execute (seems unusual)
4 = read only (common)
5 = read and execute (common)
6 = read and write (common)
7 = read, write and execute (common).

The permission for all three classes of users (owner, group, others) is obtained by gluing the three digits together one by one. For example, the command

chmod 770 junk

will give the owner and the group the completto of permissions, but no permissions to others. The command:

chmod 666 junk

gives all three classes of users (owner, group, others) the permissions to read and write (but not execute) the example file named "junk".  Please note the "666". It is quite often used and, for at least one person I know, it is proof that Linux (any UNIX for that matter) is the work of the devil >:-0.

This command:

chmod 411 junk

would give the owner the permission to read only, and the group and others to execute only.  This one does not seem useful, but might be funny, at least for those North American Linux users who dial 411 (telephone number) for directory assistance.  Mail me if you can think of any other funny permissions (perhaps 007?).

The numerical way of representing file permissions is called "octal" because the numbers have the base 8 (the decimal system's base is 10).  The highest digit in the octal system is 7 (the octal system has eight digits: 0 to 7, analogous to the decimal system having ten digits: 0 to 9).  The octal representation is really a convenient notation for the binary representation of file permissions, where each permission is flagged as "set" or  "denied" with a one or zero and the total is represented as a string of zeroes and ones, as in this diagram:

user class:                                    owner  group others
example permissions:                            rwx    rw-    r--
absent permissions:                             ---    --x    -wx
binary representation of the permissions:       111    110    100
octal representation  of the binary:             7      6      4

 
Permissions for directories.
The meaning of the permissions is different for directories than it is for "normal" files. For normal files: r=permission to read the contents of the  file, w=permission to modify the contents of the file, and x=permission to execute the file.
For directories: r=permission to list the filenames in the directory, w=permission to create or delete files in the directory, and x=permission to access the directory.  Otherwise, the permissions are set the same way for directories as they are for normal files.

Default file permissions with umask.  When a new file is created, it is given d