LINUX
Click the Edit and create groups item and, depending on how you got here, the Launch button. On the next screen you will see any existing groups. Note that there are a number of system groups that were created when you installed your system. If you'd like to see them, click on the Also view system groups checkbox near the bottom of the screen.
Figure 16. Adding a user - part 1
Figure 19. Users and Groups from the taskbar
You may also access System Settings, and then Users and Groups from the Start Here icon on your desktop.
Figure 22. Adding a user in Red Hat Linux
After you click OK you will be returned to the Red Hat User Manager. Click on Add Group to add the mqbrkrs group. Once you have the group defined you will need to add root to the mqbrkrs and mqm groups. You can either select a group and use its properties to add users or select a user and use the properties to add groups. We'll click on the Users tab above the list and then click on the root user and then click on the Properties button to open the user properties. When the properties window is open, click on the Groups tab and scroll down to the mqm and mqbrkrs entries. Click to place a check mark in each of these indicating that root is now a member of these groups. When you are done, click on OK to return.
Figure 23. Adding groups to a user
Repeat this procedure to make the mqm user a member of the mqbrkrs group. If you prefer you can switch to the group list view and try adding mqm to the group rather than adding mqbrkrs to the user. You may close the Red Hat User Manager when you are done.
Accessing a console
If your system boots into text mode (a common configuration for servers to conserve overhead for services), then you are already at a console when you execute a text login. On a typical Linux system, you can get to additional consoles by pressing Ctrl + Alt + (F1 - F6). Each console is a completely different session on the system and can be accessed as different users at the same time.
If your system boots into text mode (a common configuration for servers to conserve overhead for services), then you are already at a console when you execute a text login. On a typical Linux system, you can get to additional consoles by pressing Ctrl + Alt + (F1 - F6). Each console is a completely different session on the system and can be accessed as different users at the same time.
This multi-console behavior is different from the multiple-desktop in Windows. In Linux, each console can be controlled by a completely different user. For example, you can be logged as root on console 1, and logged in as joeuser on console 2. Both consoles run different programs in their own user space. In the same vein, different users can be logged into a Windows system remotely. In this instance, Linux provides capabilities more like a mainframe than a simple server or workstation.
If you are in a graphical mode, then you can open a terminal to get access to a console screen. The terminal will usually have a button on your desktop's task bar, or you can find it under System Tools in the Program menu. You can also open a terminal from the context menu (right click on the desktop).
Commands
There are many potential commands available from the console. Some of these tools are only truly useful when writing scripts. Here are some of the first ones that you'll probably need. Remember that all commands and options are case sensitive. -R is different from -r, and will probably do different things. Console commands are almost always lowercase.
There are many potential commands available from the console. Some of these tools are only truly useful when writing scripts. Here are some of the first ones that you'll probably need. Remember that all commands and options are case sensitive. -R is different from -r, and will probably do different things. Console commands are almost always lowercase.
cd
Moving around in directories uses the familiar cd command. The main trick is to remember that in Linux the forward-slash (/) is used where you are accustomed to using the back-slash (\). The back-slash is still used, but it specifies that a command should be continued on the next line. This is sometimes done for readability when typing in a particularly long command.
Moving around in directories uses the familiar cd command. The main trick is to remember that in Linux the forward-slash (/) is used where you are accustomed to using the back-slash (\). The back-slash is still used, but it specifies that a command should be continued on the next line. This is sometimes done for readability when typing in a particularly long command.
ls
Listing files in a directory can be done with the ls command. There are several switches you can use to alter the look of the listing:
Listing files in a directory can be done with the ls command. There are several switches you can use to alter the look of the listing:
| ls -l | Shows a long listing, including files size, date and time, and attributes |
| ls -t | Sorts files by time |
| ls -S | Sorts files by size |
| ls -r | Combined with one of the sorting switches, reverses the order. ls -lt shows the files with the newest one at the top of the list. ls -lrt shows the files with the newest ones at the bottom. |
| ls -h | Human readable. Uses friendly k, M, and G indicators to show file size rather than listing them in bytes. |
| ls -a | Shows all the files in a directory, even the hidden ones |
cp
Copy files with the cp command. The command works essentially the same as the DOS copy command. Essential switches:
Copy files with the cp command. The command works essentially the same as the DOS copy command. Essential switches:
Copying files
| cp -R | Copies files recursively; required if you are copying an entire directory |
| cp -f | Forces the copy and overwrites existing files without asking |
| cp -l | Links files instead of copying; see below |
mv
Move files and rename files with the mv command. It works essentially the same as the DOS move command, except that it will move entire directory structures as well as files.
Move files and rename files with the mv command. It works essentially the same as the DOS move command, except that it will move entire directory structures as well as files.
cat
View files with the cat command. This is the equivalent of the DOS type command. It will dump the contents of a file to another file, to the screen, or to another command. cat is short for concatenate, and can be used to sequence several files together into a larger file.
View files with the cat command. This is the equivalent of the DOS type command. It will dump the contents of a file to another file, to the screen, or to another command. cat is short for concatenate, and can be used to sequence several files together into a larger file.
more
View information one page at a time with the more command. It works essentially the same as the DOS more command.
View information one page at a time with the more command. It works essentially the same as the DOS more command.
less
Use less to view a text file with the ability to scroll up and down through the document and search for text patterns.
Use less to view a text file with the ability to scroll up and down through the document and search for text patterns.
vi
Some might say that vi stands for "virtually impossible." It is a text editor that has a long tradition in the Unix world. vi is not really intuitive, but it is available in almost any Unix-like environment. There is a built-in tutorial for the version installed in Linux, and once you get used to it, you can do some truly incredible things in a few keystrokes. Truly, no editor has managed to replace vi for editing password and configuration files.
Some might say that vi stands for "virtually impossible." It is a text editor that has a long tradition in the Unix world. vi is not really intuitive, but it is available in almost any Unix-like environment. There is a built-in tutorial for the version installed in Linux, and once you get used to it, you can do some truly incredible things in a few keystrokes. Truly, no editor has managed to replace vi for editing password and configuration files.
man
View documentation for a command with the man command. Man is short for manual. Documentation tends to be thorough. To learn more about man, type:
View documentation for a command with the man command. Man is short for manual. Documentation tends to be thorough. To learn more about man, type:
man man
info
info is like man except it provides hyperlinked text to make browsing documentation easier.
info is like man except it provides hyperlinked text to make browsing documentation easier.
Which shell?
One critical difference between DOS/Windows and Linux is that the command shell is a layer separated from the operating system. The shell environment affects the features you have, such as editable command lines and scrolling histories. The shell also determines the syntax required to do functions in scripts. In DOS/Windows, there was only one option for scripting, the lowly .BAT file. It did a lot, but required a good deal of creativity on the part of the script writer to do more than basic tasks. In Linux, scripts can contain loops and do more than basic conditional statements, including many things that you expect from a programming language. If you were good at writing .BAT files, shell scripts are going to let you shine.
One critical difference between DOS/Windows and Linux is that the command shell is a layer separated from the operating system. The shell environment affects the features you have, such as editable command lines and scrolling histories. The shell also determines the syntax required to do functions in scripts. In DOS/Windows, there was only one option for scripting, the lowly .BAT file. It did a lot, but required a good deal of creativity on the part of the script writer to do more than basic tasks. In Linux, scripts can contain loops and do more than basic conditional statements, including many things that you expect from a programming language. If you were good at writing .BAT files, shell scripts are going to let you shine.
The default shell is a parameter in each user account. The typical default shell in Linux is /bin/bash, though others are available. The man documentation for each shell is actually very good and goes into detail about shells and how they work. Rather than try to paraphrase that information here, select a shell from the list below and look at its man page.
bash
The bash shell is a free version of the Bourne shell, the first Unix shell, and includes many additional features. Bash has editable command lines, a scrollable command history, and tab completion to help avoid typing long file names.
The bash shell is a free version of the Bourne shell, the first Unix shell, and includes many additional features. Bash has editable command lines, a scrollable command history, and tab completion to help avoid typing long file names.
csh
The C shell uses a "C-like" syntax and has borrowed many features from the Bourne shell, but uses a different set of internal shell commands.
The C shell uses a "C-like" syntax and has borrowed many features from the Bourne shell, but uses a different set of internal shell commands.
ksh
The Korn shell uses the same syntax as the Bourne shell and has included the user-friendly features of the C shell. ksh is used in many installation scripts and should probably be installed on the system even if it's not your primary shell.
The Korn shell uses the same syntax as the Bourne shell and has included the user-friendly features of the C shell. ksh is used in many installation scripts and should probably be installed on the system even if it's not your primary shell.
tcsh
The TC shell is an enhanced version of the C shell and is 100% compatible with it.
The TC shell is an enhanced version of the C shell and is 100% compatible with it.
zsh
The Z shell is an enhanced version of the Korn shell with many features found in the bash shell.
The Z shell is an enhanced version of the Korn shell with many features found in the bash shell.
Logging in as root
For many of the tasks in this article, you will use the special login name of root. The root user, sometimes called the superuser, is the user that is normally used for administrative tasks like configuring the system or installing software. Use root only when you need to do administrative tasks; avoid using root for your normal work. The root user can do anything, including accidentally destroying your system, which is usually not a good thing. Normal users have fewer privileges, and the system is protected from being inadvertently damaged by normal users.
For many of the tasks in this article, you will use the special login name of root. The root user, sometimes called the superuser, is the user that is normally used for administrative tasks like configuring the system or installing software. Use root only when you need to do administrative tasks; avoid using root for your normal work. The root user can do anything, including accidentally destroying your system, which is usually not a good thing. Normal users have fewer privileges, and the system is protected from being inadvertently damaged by normal users.
You should type your login name (or root if you are so instructed) in the login field and then press Enter. You will see a password prompt, or you will need to move the cursor to the password entry field, according to which type of login prompt you had. Type in your password and press Enter again, and you should be logged in and see your desktop. Figure 1 is an example of what you might see as the root user with SuSE Linux 7.3 and a KDE desktop. Figure 2 is an example of what you might see with Red Hat Linux 7.2 and a GNOME desktop.
To explore the desktop, move your mouse over the icons (but try to avoid starting applications until you log in as a non-root user).
The GNOME desktop has similar capabilities. We'll illustrate accessing them via the main menu in Figure 5, but you can also access your preferences from the Start Here view (see Figure 2). As shown in Figure 5, click the Main Menu, then Settings, Peripherals, and finally Mouse.
Opening a terminal or shell window
Frequently you will need to open a terminal or shell window. This window is similar to a DOS command prompt under Windows. On a KDE desktop, you will have a KDE panel at the bottom of the screen, similar to Figure 7. Click the shell icon as shown. On a GNOME desktop, you will have something like Figure 8.
Frequently you will need to open a terminal or shell window. This window is similar to a DOS command prompt under Windows. On a KDE desktop, you will have a KDE panel at the bottom of the screen, similar to Figure 7. Click the shell icon as shown. On a GNOME desktop, you will have something like Figure 8.
The appearance of your shell window will depend on your distribution and your choice of desktop. To resize it, you can use the left mouse button to drag the corners or sides of the window. To scroll back through the most recent history, you can use the scroll bar. The command prompt ends with a # character indicating that the user of this shell is user root. For users other than root, the command prompt ends with a $ character. You can use the up arrow to recall previous commands and modify them if necessary. A typical KDE Konsole shell window is shown in Figure 9. You can use the Settings menu to change things like window colors and fonts.
In Figure 9, we've shown a few commands and their output:
whoami
Shows who is using this terminal window, root in this case.
pwd
Prints the full name of the current working directory, which is /root in this case. Note that the tilde (~) before the # in the command prompt shows that the user is currently in his or her home directory.
cd
Changes the current or working directory. We illustrate changing to the / (or root) directory and then to the /tmp directory, which is usually used for storing temporary files. Note that / is the root of the whole file system and /root is the home directory of the root user. Using cd without any directory name returns the user to the home directory. Users other than root will normally have a home directory under /home. For example, /home/ian would be my home directory on a system where my id was ian. Remember that tilde (~)? The home directory for user ian can also be referenced as ~ian.
uname
Without parameters, shows the name of the operating system: Linux. With the -a parameter, additional information is displayed about your system.
which
Scans the directories in your PATH environment variable, and shows the full path to an executable program that would be executed if you typed the command at the shell prompt. In this case we see that the xclock program would be run from /usr/X11R6/bin/xclock.
xclock
Launches a new window on your desktop with a clock. Note the trailing & on the command, which indicates that the command processor should return control to the terminal window rather than waiting for the command to finish. Note also that this is the first such process spawned by this terminal window, and it has a process id (PID) of 4313.
ps
With the -T option, displays all processes started by this terminal. In this example, the bash shell program is waiting for input (status S for sleeping) as is the xclock process. The ps command is running (status R for runnable).
Some other commands that you might find useful include:
info cmd_name
Displays information about the command named cmd_name. Try info info to find out about the info documentation system.
man cmd_name
Is an interface to the online manual (man) pages about the command named cmd_name. Some information is in info format, while some is only available in man page format. Try man man to find out more about manual pages.
Mounting the CD-ROM
On Linux and UNIX systems all files are accessed as part of a single large tree that is rooted at /. To access the files on a CD-ROM, you need to mount the CD-ROM device at some mount point in the file tree. If your distribution installed the automount package, this step might be automated for you. In any event, your installation process is likely to have done some work for you to make mounting a CD-ROM device easy.
On Linux and UNIX systems all files are accessed as part of a single large tree that is rooted at /. To access the files on a CD-ROM, you need to mount the CD-ROM device at some mount point in the file tree. If your distribution installed the automount package, this step might be automated for you. In any event, your installation process is likely to have done some work for you to make mounting a CD-ROM device easy.
The examples in these steps refer to a SuSE Linux SLES8 system with KDE desktop and a CD-RW drive mounted as /media/cdrecorder. A CD-ROM would be mounted as /media/cdrom. On earlier SuSE systems your CD drive may be mounted as /cdrom. On a Red Hat Linux 7.3+ system, your CD is likely to be at /mnt/cdrom instead of /cdrom. Use the command cat /etc/fstab from a terminal window to see where the installation process thinks it should be mounted. You will see lines similar to the following:
| /dev/hdc3 / ext3 defaults 1 1 /dev/hda8 swap swap pri=42 0 0 devpts /dev/pts devpts mode=0620,gid=5 0 0 proc /proc proc defaults 0 0 usbdevfs /proc/bus/usb usbdevfs noauto 0 0 /dev/cdrecorder /media/cdrecorder auto ro,noauto,user,exec 0 0 /dev/fd0 /media/floppy auto noauto,user,sync 0 0 |
For this example we'll use a SuSE Linux 7.3 system, and we'll point out the differences for Red Hat Linux afterwards. Let's see how this is all glued together by examining the three commands and their output:
| echidna:~ # cat /etc/fstab /dev/hda9 / reiserfs defaults 1 1 /dev/cdrecorder /media/cdrecorder auto ro,noauto,user,exec 0 0 /dev/cdrom /media/cdrom auto ro,noauto,user,exec 0 0 devpts /dev/pts devpts defaults 0 0 /dev/hda7 /download ext2 defaults 1 2 /dev/fd0 /media/floppy auto noauto,user,sync 0 0 proc /proc proc defaults 0 0 usbdevfs /proc/bus/usb usbdevfs defaults,noauto 0 0 /dev/hda6 /rh72 ext2 defaults 1 2 /dev/hda1 /windows/C ntfs ro,noauto,user,umask=022 0 2 /dev/hda5 /windows/D vfat noauto,user 0 2 /dev/hda8 swap swap pri=42 0 0 echidna:~ # ls / . boot dev floppy media proc sbin var .. cdrecorder download home mnt rh72 tmp windows bin cdrom etc lib opt root usr echidna:~ # ls -l /cdrom lrwxrwxrwx 1 root root 12 Apr 19 09:21 /cdrom -> /media/cdrom echidna:~ # |
The cat command copies and writes files. If no output files are given, the output is directed to standard output, which is usually your terminal window. Many of the settings for your Linux system are stored in the /etc directory. Among these settings is a file containing a table of descriptive information about your file systems. The third line of output in Listing 1 shows that the CD-ROM device (/dev/cdrom) will be mounted at /media/cdrom unless the mount command specifies otherwise.
Linux also has the concept of shortcuts to directories and files, and these are called symbolic links. SuSE Linux has created one for us to make accessing the CD-ROM easier. Let's use the ls command to display the contents of the / directory. Remember that / is the root of our file system, which should not be confused with /root, which is the home directory of the root user. We see from the output in Listing 1 that the / directory contains an entry called cdrom.
Now we use the ls command again, but with the -l (for long output) flag and the name /cdrom to display more information about this entry. We see from the -> after the date and timestamp in the output that it is a symbolic link to the /media/cdrom directory. This means that we can use /cdrom anywhere we would have used /media/cdrom.
Before mounting the CD-ROM you might want to try displaying the contents of the /cdrom directory. Try entering the ls /cdrom command. If no CD-ROM has been mounted, you should see an entry for . (the /media/cdrom directory itself) and .. (the /media directory, which is the parent directory of /media/cdrom). Normally you will mount devices over an empty directory such as /media/cdrom. If you happen to mount a device over a directory that contains files, you will not be able to see those files until you unmount the mounted file system. Your data will still be there, but you won't be able to access it.
At last we are ready to mount the CD-ROM. Insert the disk in the drive, close the tray, and enter the mount command:
echidna:~ # mount /cdrom
echidna:~ # mount /cdrom
If all is well, the CD-ROM drive will spin for a moment and then your command prompt will return. That's it! Note that you could have entered this command instead to achieve the same result:
mount /media/cdrom
mount /media/cdrom
Once the CD is mounted, you can use the files on the disk as they are now part of your file system. Using the ls command, you can display the contents of disk 1 of the Software Evaluation Kit:
| echidna:~ # ls /cdrom . contents.disc g2458531 sg245850 sg246228 template.css .. db72pf5u g2458611 sg245968 sg246261 wasi401u autopp.ini devcon g2458621 sg245994 sg246264 autorun.exe eclipswp g2458631 sg246049 sg246277 autorun.inf g245141b index.html sg246134 sg246299 echidna:~ # |
Mount differences for Red Hat Linux
Remember that file that we mentioned earlier called /etc/fstab? Well, here is what it might look like on Red Hat Linux 7.2:
Remember that file that we mentioned earlier called /etc/fstab? Well, here is what it might look like on Red Hat Linux 7.2:
| LABEL=/ / ext3 defaults 1 1 none /dev/pts devpts gid=5,mode=620 0 0 /dev/hda7 /download ext2 defaults 1 2 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda8 swap swap defaults 0 0 /dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0 |
Red Hat chose to mount the CD-ROM device at /mnt/cdrom rather than /media/cdrom. If you enter a ls / command on the root directory, you will not see an entry for cdrom. The Red Hat installation does not create a symbolic link the way that the SuSE installation did. To create a symbolic link called /cdrom pointing to /mnt/cdrom, enter this command:
ln -s /mnt/cdrom /cdrom
ln -s /mnt/cdrom /cdrom
To remove such a link, enter the rm command:
rm /cdrom
rm /cdrom
If Red Hat automount does not automatically mount a CD-ROM for you, you can use the mount command:
mount /mnt/cdrom
mount /mnt/cdrom
Or you can substitute a symbolic link such as /cdrom if you created one.
Unmounting and ejecting the CD-ROM
While a CD-ROM is mounted, Linux will lock the CD so that it cannot be ejected with the Eject button. Instead, when you no longer need the disk, use the umount /cdrom to unmount it if you have /cdrom as a symbolic link. (Note that umount is spelled without an n after the u!) This command will only succeed if no user is using the disk, which includes having a terminal window with the current working directory as a directory on the disk.
While a CD-ROM is mounted, Linux will lock the CD so that it cannot be ejected with the Eject button. Instead, when you no longer need the disk, use the umount /cdrom to unmount it if you have /cdrom as a symbolic link. (Note that umount is spelled without an n after the u!) This command will only succeed if no user is using the disk, which includes having a terminal window with the current working directory as a directory on the disk.
You can also use eject /cdrom to both unmount the file system and eject the disk.
If you don't have /cdrom as a symbolic link, then you can use umount /media/cdrom (SuSE) or umount /mnt/cdrom (Red Hat) instead.
Logging out
To log out from SuSE Linux 7.3, click Start Application and then logout, or simply click the logout icon on the panel shown in Figure 10.
To log out from SuSE Linux 7.3, click Start Application and then logout, or simply click the logout icon on the panel shown in Figure 10.
Figure 10. KDE logout icon
To log out from Red Hat Linux 7.2, click the Main Menu and then Logout. If you'd like a logout icon on the panel, it's easy to add one. Right-click somewhere on the panel, and select Panel -> Add to panel -> Log out button as shown in Figure 11.
To log out from Red Hat Linux 7.2, click the Main Menu and then Logout. If you'd like a logout icon on the panel, it's easy to add one. Right-click somewhere on the panel, and select Panel -> Add to panel -> Log out button as shown in Figure 11.
A logout icon will be added to your panel as shown in Figure 12.
To secure your terminal without logging out, click the padlock icon to lock the screen. You will need your login password to unlock the screen.
Note: On some SuSE systems running KDE, you may lock the screen and not be able to unlock it with your password. The first time this happens, you will probably have to turn off the machine and restart. To prevent it in the future, make the kscreensaver in /etc/pam.d the same as the xscreensaver. For example, if you want to save the existing kscreensaver as kscreensaver.original and make sure that the new kscreensaver has the same timestamp as the xscreensaver from which it is copied, log in as root and use the following commands:
cd /etc/pam.d
mv kscreensaver kscreensaver.original
cp -p xscreensaver kscreensaver
mv kscreensaver kscreensaver.original
cp -p xscreensaver kscreensaver
Switching to another userid
You can always switch to another userid by logging out of the current userid and logging in as the new userid. But what to do if you only need to run a couple of quick commands as another user? Linux has a solution for you in the form of the su (substitute user) command, which allows you to temporarily run commands as another user. This is often used for tasks that require root access. Indeed, if you connect in remotely to a system using a terminal program such as telnet, then many Linux distributions will prevent you from signing in as root. This is a good security practice, and we encourage you not to try to circumvent it. Rather, you should sign in as a non-privileged user and then use the su command to become root.
You can always switch to another userid by logging out of the current userid and logging in as the new userid. But what to do if you only need to run a couple of quick commands as another user? Linux has a solution for you in the form of the su (substitute user) command, which allows you to temporarily run commands as another user. This is often used for tasks that require root access. Indeed, if you connect in remotely to a system using a terminal program such as telnet, then many Linux distributions will prevent you from signing in as root. This is a good security practice, and we encourage you not to try to circumvent it. Rather, you should sign in as a non-privileged user and then use the su command to become root.
So let's suppose you are logged in and looking at a terminal window and you are not the root user but need to run a command as root. The two most common forms of su for doing this are:
su
su -
su -
The first form (without the - sign) simply switches you to become root, but does not change your environment variables, including your path. The second form uses the - sign, which may also be typed as -l or -login if you really like typing extra letters. This allows the login startup files for the substitute user to be read, thus setting things such as the path, environment, and prompt. Listing 4 shows examples of these two forms on a SuSE 7.3 system. We've used the pwd (print working directory) command to show the current working directory in each case. Note how the prompts differ. If you'd like to understand more about how to customize your own prompts or what makes these prompts appear as they do, check out the "Prompt magic" tip (developerWorks, September 2000).
| ian3@echidna:~> su Password: echidna:/home/ian3 #pwd /home/ian3 ian3@echidna:~> su - Password: echidna:~ # pwd /root |
You will notice, not surprisingly, that you had to provide a password to switch to root. You can also use the sucommand to switch to another non-root user. For example:
su - db2inst1
If you are already the root user, you will not need to provide a password, but if you are not root, then you will need to provide the correct password.
To return to the previous id, simply press Ctrl-d or type exit and press Enter if you are using the bash shell, which is the default on most Linux systems.
Using a GUI application as another user
You may have noticed when we discussed the su command in the previous section that we only ran commands that displayed output in the terminal window. Depending on the Linux distribution, you may have to take some additional steps to be able to run GUI applications. GUI applications on Linux use the X Window System, which was designed to allow multiple users to access a computer across a network using windowed applications. For a Linux system with a single user, the following steps are appropriate, but keep in mind the network heritage of the X Window System so that you do not accidentally open up your system and allow arbitrary network users to open windows on your system.
You may have noticed when we discussed the su command in the previous section that we only ran commands that displayed output in the terminal window. Depending on the Linux distribution, you may have to take some additional steps to be able to run GUI applications. GUI applications on Linux use the X Window System, which was designed to allow multiple users to access a computer across a network using windowed applications. For a Linux system with a single user, the following steps are appropriate, but keep in mind the network heritage of the X Window System so that you do not accidentally open up your system and allow arbitrary network users to open windows on your system.
An X display is known by a name of the form hostname:displaynumber.screennumber. For Linux running on a workstation such as a PC, there is typically only one display with a single screen. In this case, the displayname may be, and usually is, omitted so the display is known as :0.0. We assume you are using a graphical login if you are reading this, so your startup will have already set the DISPLAY environment variable for you. However, when you use su to switch to a different user, this will not be set. Listing 5 shows how to use the echo command to display the DISPLAY environment variable, followed by a switch to another user and an attempt to start the xclock application, first with an empty DISPLAY environment variable and then with the value set to :0.0.
| ian3@echidna:~> whoami ian3 ian3@echidna:~> echo $DISPLAY :0.0 ian3@echidna:~> su - db2inst1 Password: db2inst1@echidna:~> echo $DISPLAY db2inst1@echidna:~> xclock Error: Can't open display: db2inst1@echidna:~> DISPLAY=:0.0 db2inst1@echidna:~> export DISPLAY db2inst1@echidna:~> echo $DISPLAY :0.0 db2inst1@echidna:~> xclock Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server Error: Can't open display: :0.0 db2inst1@echidna:~> |
Let's take a look at what is going on here. In this case, the user ian3 logged in to the system and his DISPLAY environment was set to :0.0 as we expect. When ian3 switched to user db2inst1, the DISPLAY environment variable was not set and an attempt to start xclock failed because the application could not open the display.
So the substituted user db2inst1, set the DISPLAY environment variable, and exported it so that it would be available to other shells that might be started from this terminal window. Note that setting and exporting an environment variable does not use the leading $ sign, while displaying or otherwise using the value does. Nevertheless, even with the environment variable set, xclock still failed.
The reason for the second failure lies in the client/server nature of X. Although db2inst1 is running in a window on the one and only display on this system, the display is actually owned by the user who logged in originally, ian3 in this case. The simplest solution to this problem is for ian3 to use the xhost command to allow other users on the system to use the display. Open another terminal window on your desktop and enter this command:
xhost +local:
Note the trailing colon (:). This will allow other users on the same system to connect to the X server and open windows. In the present example, the window running db2inst1 can now launch xclock or other X applications.
For more details on using xhost, you can use the command info xhost or man xhost to view the online manual pages. If you are interested in security for X connections, start with the manual pages for Xsecure.
Adding users and groups to your system
Sometimes you will need to define new users of your system and new groups for those users. You may need to define a user called mqm and a group also called mqm (as well as another group called mqbrkrs when installing the embedded messaging component in WebSphere Application Server. Usually you will define the group first and then define the users who will use the group, so that's what we will do here. You can either use the graphical tools for user administration or enter commands in a terminal window. We'll give an overview of the graphical process here using SuSE's YaST2 tools to create a user called mqm and a group also called mqm. Then we'll tell you where to find the corresponding tools on a Red Hat Linux system. Finally we'll give you the commands if you really want to do it from the command line.
Sometimes you will need to define new users of your system and new groups for those users. You may need to define a user called mqm and a group also called mqm (as well as another group called mqbrkrs when installing the embedded messaging component in WebSphere Application Server. Usually you will define the group first and then define the users who will use the group, so that's what we will do here. You can either use the graphical tools for user administration or enter commands in a terminal window. We'll give an overview of the graphical process here using SuSE's YaST2 tools to create a user called mqm and a group also called mqm. Then we'll tell you where to find the corresponding tools on a Red Hat Linux system. Finally we'll give you the commands if you really want to do it from the command line.
Adding users and groups to your system with YaST2
Depending on the packages you installed, you may be able to launch YaST2 from the KDE Control Center. If not, you should open a terminal window and use the yast2 command. Using this latter method you will see a window similar to that shown in Figure 13. If you are using the control center click on YaST2 modules, then Security and Users.
Depending on the packages you installed, you may be able to launch YaST2 from the KDE Control Center. If not, you should open a terminal window and use the yast2 command. Using this latter method you will see a window similar to that shown in Figure 13. If you are using the control center click on YaST2 modules, then Security and Users.
Click the Edit and create groups item and, depending on how you got here, the Launch button. On the next screen you will see any existing groups. Note that there are a number of system groups that were created when you installed your system. If you'd like to see them, click on the Also view system groups checkbox near the bottom of the screen.Figure 14. YaST2 User and group administration
Click on the Add button to add a new group. For this example we will enter the group name mqm and leave all other fields unchanged. Then click on Create to create the group. You will return to the screen shown in Figure 14 and it will now show your new group.. In the same way, add a group called mqbrkrs.
This time, when you return to the screen of Figure 14 you will see your two new entries. You are now ready to add the mqm user. Click on the radio button for User administration near the top of the screen and you will switch from group administration to user administration. Note again that there is a checkbox to allow you to view system users. Click on the Add button to add the mqm user. You may specify a first and last name for the user. specify mqm as the User login> and specify a password. Then repeat the password to make sure you did not make a typing error. Check your entries and click the Details button as we have some more to do for this user.
Figure 16. Adding a user - part 1By default, new users have a home directory created for them in /home, so the default for mqm would be /home/mqm. However, the MQ Series software usually uses /var/mqm as the home directory for the mqm user, so we will change the home directory to /var/mqm. We will also use the dropdown list to make mqm the default group for our new user. finally, we will scroll down the list of additional groups and make mqm a member of the mqbrkrs group. Click Next to return to the screen of Figure 16, then click on Create to create the new user.
We will now add the mqm and mqbrkrs group to the root userid. In order to do this we first need to click on Also view system users, then click on the line for the root user, then click on the Edit button. As you did for the mqm user above, click on Details and scroll down the Additional groups list and click the check boxes for both the mqm and mqbrkrs groups to add root to these groups.
Figure 18. Adding groups to a user
Click on Next to return to the first edit screen, then Next to return to the user administration screen. Finally, click on finish to commit all your changes.
Click on Next to return to the first edit screen, then Next to return to the user administration screen. Finally, click on finish to commit all your changes.Adding users and groups to your Red Hat Linux system
For the purposes of this exercise we will assume a Red Hat Linux 8.1 system running the GNOME desktop. If you are using the KDE desktop or a different version of Red Hat Linux, you will find some differences. A review of this section and the previous section should give you a good idea of what to expect and enough information to accomplish the tasks.
For the purposes of this exercise we will assume a Red Hat Linux 8.1 system running the GNOME desktop. If you are using the KDE desktop or a different version of Red Hat Linux, you will find some differences. A review of this section and the previous section should give you a good idea of what to expect and enough information to accomplish the tasks.
First you need to start the Red Hat User Manager. Click on the GNOME Menu icon (with the red hat logo) at the left of the taskbar, then System Settings, and then Users and Groups.
Figure 19. Users and Groups from the taskbarYou may also access System Settings, and then Users and Groups from the Start Here icon on your desktop.
If you are not logged in as root you will need to provide the root password when prompted. You will then see the Red Hat User Manager screen. To view system users and groups click on the filter setting under the preferences menu as shown in Figure 21.
Figure 21. Red Hat User Manager
We could do as we did above for the SuSE system and define our groups first. However, the Red Hat User Manager has a feature that will be convenient for us which is to create a private group for a user with the group name being the same as the user name. So we will click on the Add User button and fill in the details for the mqm user. Remember to set the home directory to /var/mqm.
Figure 22. Adding a user in Red Hat LinuxAfter you click OK you will be returned to the Red Hat User Manager. Click on Add Group to add the mqbrkrs group. Once you have the group defined you will need to add root to the mqbrkrs and mqm groups. You can either select a group and use its properties to add users or select a user and use the properties to add groups. We'll click on the Users tab above the list and then click on the root user and then click on the Properties button to open the user properties. When the properties window is open, click on the Groups tab and scroll down to the mqm and mqbrkrs entries. Click to place a check mark in each of these indicating that root is now a member of these groups. When you are done, click on OK to return.
Figure 23. Adding groups to a userRepeat this procedure to make the mqm user a member of the mqbrkrs group. If you prefer you can switch to the group list view and try adding mqm to the group rather than adding mqbrkrs to the user. You may close the Red Hat User Manager when you are done.
Adding users and groups using the command line
Information on groups is stored as a flat file in /etc/group. You may use the groupadd command to add a new group. This is fairly simple. Adding a new user is a little more complex as there are more parameters and you will need the numerical number of the mqm group when you add the mqm user. Let's use the groupadd command to add our two groups, mqm and mqbrkrs, and then use the grep command to search /etc/group and tell us what group numbers were assigned.
Information on groups is stored as a flat file in /etc/group. You may use the groupadd command to add a new group. This is fairly simple. Adding a new user is a little more complex as there are more parameters and you will need the numerical number of the mqm group when you add the mqm user. Let's use the groupadd command to add our two groups, mqm and mqbrkrs, and then use the grep command to search /etc/group and tell us what group numbers were assigned.
| [root@echidna root]# groupadd mqm [root@echidna root]# groupadd mqbrkrs [root@echidna root]# grep mq /etc/group mqm:x:501: mqbrkrs:x:502: |
In this case, the mqm group is group number 501 and the mqbrkrs group is 502. Now let's use the useradd command to add the mqm user. The -c option allows us to specify a comment which is usually a user's real name. The -d option allows us to specify the home directory for the user. The -g option specifies the user's primary group. Here we use 501, which is the mqm group as we just learned above. This number may be different on your system. The last option we use the -G option to specify additional groups for this user. Here we can use the group name. Once you have added the user you can use the grep command again and you will see that user mqm has been added to the mqbrkrs group. At this point you have created a new user, but the user does not have a password and cannot log on to the system. Some users do not need to log on, so that would be alright for those users. The root user has the authority to set (or reset) passwords for other users. To do this, you use the passwd command and give the username as a parameter. You will be prompted for the new password and then you will be prompted to retype it for verification.
| [root@echidna root]# useradd -c"MQ Messaging" -d/var/mqm -g 501 -G mqbrkrs mqm [root@echidna root]# grep mq /etc/group mqm:x:501: mqbrkrs:x:502:mqm [root@echidna root]# passwd mqm Changing password for user mqm. New password: Retype new password: passwd: all authentication tokens updated successfully. |
Finally, you may need to add users to an existing group.You can use the usermod command to do this but you require the list of existing groups for the user as you will replace the list of additional groups. It is therefore easier to simply edit /etc/group. Make a backup copy first, just in case you make a mistake. To add the root user to both the mqm and mqbrkrs groups that we have just created, edit /etc/group and update the lines for mqm and mqbrkrs so they look as follows.
No comments:
Post a Comment