Simply put a “user account” is a username that a
computer knows a user by. All the programs you run on the Unix systems will
run “as your user”. Your user account is linked to your identity and
actions taken by it are presumed to be directed by you. Logging onto the Unix
systems and thus using your user account is covered in another document:
http://www.lancs.ac.uk/iss/docs/documents/unixlogon.pdf
The short version is you’ll need a copy of PuTTY which should be
found in the Start menu of your lab machine, or a machine with a native SSH (Secure SHell) client, such as
another Unix machine. Simply tell your SSH client to connect to “unix.lancs.ac.uk”
If you are connecting from a Windows machine off-campus then you
can get a copy of PuTTY from:
http://www.chiark.greenend.org.uk/ sgtatham/putty/download.html
This will allow you to securely connect to unix.lancs.ac.uk from anywhere in
the world pretty much.
If you are sat at a Unix machine either on or off campus then you
should be able to connect by typing:
ssh username@unix.lancs.ac.uk
Where “username” is your username. If your machine doesn’t have
ssh then contact your Sysadmin, Vendor or visit:
http://www.openssh.org
Anyway to get back to the discussion about user accounts, what this means is that for the purposes of this documentation you are your account. If directed to do something then you will type the commands, and they will be executed as your username, you will be held responsible for actions taken by your account.
Now that’s out of the way we move onto the point about why the system has many different usernames. A Unix system is not designed to be like a Windows system, they are designed from the ground up to deal with having many different users, all running programs at once, thousands of people could be logged into the central Unix server at Lancaster at any one time. As such each user must have a unique name, otherwise sharing out the resources and securing the system becomes a much harder challenge. With your username you have a certain amount of quota in terms of CPU time and disk space on various machines around campus. The programs you run will run as you, and your files will be owned by your username.
If you want to know which username you are logged in as to a Unix machine the following command typed at the prompt should tell you:
% who am i
This command will print out your username, followed by the following information (separated by spaces) the “terminal” you are connected to (see section 6), the date and time you logged on, and the domain name of the machine you logged in from.
If you want to find out more about the technical information behind your user account the following command will give you your username’s UID (User Identification Number) and your GID (Group Identification Number).
% id
It will print your UID, followed by your username (in brackets), then your GID and your group (again in brackets). All you really need to know about these numbers is that they’re the way the system actually tracks you, and it simply maps the UID to your username.
Each user has what’s called a “home directory”, this is the directory that you can store all your files in, the directory is owned by you and in it you can do whatever you want.
The home directory is also known by the character ~. So if
you see a path (think location) of a file listed as “~/documents/foo”
you can tell it’s in your home directory, in a subdirectory called “documents” and the file is called “foo”.
Similarly other user’s home directories can always be found by
using “~username” as part of the path to something. So
“~frank/documents/a-file” will access the file called “a-file” in the
subdirectory “documents” of the home directory of the user called “frank” (assuming you have permission to). This makes life easier as you don’t need to remember where another users home directory is, just their username.
Your username is more than just a short name, your user account contains a few details which are publicly viewable by any other user on the system.
To view the details of a username you need to use the “finger” program. So to view the details of your own account you type:
% finger -l username
Where “username” is your username. finger gets you the
information, and using the “-l” option (long output) before the
username you want to know about will get you more information. This should
get you output on the username, the real name of that user, their home
directory, when they last logged onto cent1 and the machine they last logged
in from, if they have mail in their inbox and finally the users “Plan”.
This is some text that is read from the file called “~/.plan” meaning
the file called “.plan” in that users home directory. This is designed so the
user can add information about what they’re currently working on and how to
contact them and make it easily available to the other users of the system.
Of course in any organisation which would be using many usernames listing all the users who can access any one file could get very silly, imagine listing all the usernames of everyone on your course who could get to a certain file? Such a thing is wasteful as massive lists would need to be maintained for every file on the system.
To get around this problem each username is also associated with a group. Groups of users can be given permission to do something on the system, thus meaning all the users in that group can do it automatically too. Usernames may have more than one group, but always have a “primary” group that is considered their main group.
To tell what groups a username is linked to use:
% groups username
Where username is the username of the user you’re interested in. This will give you a series of short code names for each group that user is in. The first one on the Lancaster systems will usually be either ug (undergrad), pg (postgrad) or st (staff) denoting the type of user account. Then a group for their department e.g. “cs” for the computer science group.
The central Unix server at Lancaster is accessible over the Internet from anywhere for remote logins. What this means is that anyone, anywhere in the world can log in as you, read your email and files, store illegal files in your accounts home directory, run your programs, send vast amounts of spam or even attack other machines in a way that will make it look like it was you. The only thing that really stands between your account and them is your password, and for this reason its vital that you pick a good strong password that’s hard to guess and change it regularly in case it has been discovered.
Remember, even if you don’t have anything in your account you think is worth someone breaking into it to look at (e.g. your files or email) think of the other people out there who do, and remember that hijacked accounts are one of the safest ways for crackers to launch attacks at places that really matter, or to break into more accounts, and eventually they’ll find something worth stealing.
It’s also worth always logging into the central Unix servers using a program like “PuTTY” as this uses a secure protocol. If you use something like “telnet” then other machines on the network can sniff your password as it travels past them, and hijack your account, so remember, always if possible use a program like “PuTTY”.
Now that I’ve hopefully told you the absolute worst that can happen to your
account you’ll probably want to know about how to change your password and how
to pick a good one. There are plenty of good guides for picking strong
passwords out there, but ISS offer:
http://www.lancs.ac.uk/iss/security/passwords/
as a solution. Every time you load the page you will be offered a selection of fairly good passwords, simply pick one you think you’ll remember and use it.
To change the password of your Unix account you need to use the passwd command (note the missing o and r):
% passwd
This will prompt you for your current password (to stop people from just changing your password if you leave your desk unattended) then will ask for the new password twice to make sure it’s correct. You can do this any time you like, and generally it’s advised you change your password at least once every few months.
For more information on local issues for password changing see section 13.3.
On the Lancaster central Unix servers there is a program for finding out others usernames based on their surnames. To do this you use:
% whois surname
Where surname is the surname of the person you want to find. The
program will then print the full names of everyone, followed by their
username. For common surnames this can be a long list, but can prove a helpful program.
There are two commands that can accomplish this, if you want to see all the other users that are currently connected to cent1 simply use the following command:
% who
This will simply print out a list of all the users connected (just their usernames however, not their real names), the terminal they’re connected to, when they connected and where they connected from, much like the “who am i” example (see section 2.1).
However to quickly see roughly what the other users of the system are up to use the following command:
% w
This will show a top line which contains the date, how long the systems been running, how many users are on and whats called the “load average” which is how many processes are contending for the CPU. This is shown as three numbers: the first is for 1 minute ago, the second 5 minutes ago, the third 15. All you really need to know is that small numbers are good here.
After this w will show a header that says what the columns are for, username, tty, when that user logged in, how long they’ve been idle, the JCPU and the PCPU and finally what the process is. JCPU is the total CPU time used by all the processes attached to that terminal, the PCPU time is just for the current process running in the foreground. Quite often these two numbers will be the same. Knowing exactly what these numbers mean or how to use them isn’t really essential knowledge, but can prove useful or interesting.
Section 7 and specifically section 7.4 will cover other ways of finding out information about other users on the system, with more flexibility.
The last command that I’ll be covering in this brief section on users and accounts is the command used to print out a list of the logins and logouts that are stored in the system. So to find this type the following:
% last
That prints the following columns: login name, terminal, where they logged in from and how long they were logged on for. However this list can be exceptionally long so its often best to use the -n option for it, which limits how many it prints out, for example:
% last -n 20
Will print out as above, but only the last 20 logins.